Tens of millions of dollars in losses each year. That’s how much a hidden form of cyberattack could be costing your social media company – yet you may not even be aware of this escalating threat until it’s too late.
Businesses that rely on SMS messages for user verification are vulnerable to SMS toll fraud, also known as SMS pumping or International Revenue Share Fraud (IRSF), and it’s causing a severe financial burden worldwide. SMS toll fraud is so devastating that it can even mean the difference between profitability and non-profitability in some regions around the world.
One social media company removed high volumes of malicious bot traffic and immediately saved $3 million per month in fraudulent SMS toll fraud charges. Similarly, Snapchat was inundated with automated SMS fraud attacks before they implemented a proven bot detection and prevention system from Arkose Labs.
These are only two examples of an under-the-radar problem that social media platforms face today. But the good news is that you can foil attack attempts by implementing technology-driven solutions and adopting an innovative approach to SMS toll fraud prevention.
Snapchat Identifies Critical Risk & Shows Direct Savings with AWS & Arkose Labs
How SMS toll fraud penetrates your defenses
In SMS toll fraud, attackers use bots to scale up fake account creation, filling up online forms connected to SMS systems or using web apps to request OTP. These bots then automatically enter premium rate phone numbers for SMS verification purposes and abandon the activity as soon as the SMS verification is triggered.
Because there is virtually no method for the business to recall the messages once they have been sent, this bulk outflow of SMS messages to expensive rate numbers disproportionately inflates the telecom bills for the affected business.
Premium rate numbers charge higher prices to contact, which means mobile network operators (MNOs) that control these premium numbers can earn significantly more money. Attackers either exploit the networks or collude with some of the MNOs to share the revenues generated. They also use automated scripts to break into business networks and exploit them to initiate calls and SMSes to premium-rate numbers. Using intelligent bots with human-like capabilities, they can evade detection until the damage is done.
Millions in lost social media revenue
SMS remains one of the most popular methods for social media platforms for two-factor authentication (2FA), and attackers are exploiting this communication channel for illegitimate financial gain that often runs into millions of dollars every month.
Social media platforms must appreciate that a large portion of SMS messages triggered by user verification systems are illegitimate. A “new user registration” could well be an automated bot attack trying to game the system by routing the outgoing SMS texts to premium numbers. And when done at scale, social media platforms stand to suffer huge financial losses. Bot-driven traffic has the potential to inflict further revenue damage by preventing legitimate consumers from registering or logging in.
The worst part of the SMS toll fraud? Businesses typically realize they have been gamed only after they have been presented with highly inflated telecom bills. Unfortunately, by then it is too late.
Having said that, not everything is lost. Businesses can deploy strong fraud detection mechanisms for quick identification and fraud mitigation. For instance, they can strengthen their user verification mechanisms by fortifying the security of registration and log in touchpoints with efficient bot management solutions such as Arkose Bot Manager. This powerhouse of a solution lessens the dependence on SMS-based user verification and saves businesses from losing millions of dollars to SMS toll fraud.
Keeping SMS toll fraud at bay
To mitigate the risk of SMS toll fraud, it is essential to identify the common telltales of an attempted attack. These often include a spike in SMS notification requests over a short period of time, origination of requests from geographical locations that the business isn’t present in, use of sequential phone numbers, partially filled out web forms, and the use of international or premium-rate phone numbers for registration.
Businesses can consider implementing the following fraud prevention methods:
- Bot detection. Implement bot management solutions such as Arkose Labs that can quickly tell bots from humans, prevent the attack from achieving scale, and slow down the attackers to erode the returns from the attack, making it financially not worthwhile.
- Rate limiting. Limit the number of SMS messages to be sent over a period of time, say in an hour or a day, and define the limits for call duration.
- Geographical restrictions. Disallow sending SMS texts to geographical locations that the business isn’t present in.
- Verification delays. Introduce delay in verification retries by preventing additional messages being sent within seconds.
- Premium-rate number detection. Ensure the phone number that a user enters is a regular number and not a premium rate mobile number.
- Additional information. Request consumers to provide additional information than just the phone numbers in an online form.
- Trusted use cases. Restrict the use of 2FA SMS to trusted use cases only.
How Snapchat reduced fake online registrations
SMS toll fraud continues to plague social media platforms due to the ease of executing the attacks and minimal risk of detection. However, organizations like Snapchat are using smart security solutions such as Arkose Bot Manager to detect more risky log-in attempts and reduce fake account creation on the web. With Arkose Labs, Snapchat is able to drive down SMS fraud charges while maximizing its return on investment.
The company uses Arkose MatchKey challenges to authenticate consumers, which has reduced the volume of SMS messages being sent out for account registration and verification. This reduced dependence on SMS verification has resulted in significant cost savings and protection from SMS fraud attempts.
Further, the company is able to identify bad actors, coming from countries with high SMS costs, and stop them from creating accounts, thus saving on the expensive charges on verification SMS messages.
Buoyed by the results on its web platform, the company is now considering deployment of the Arkose Labs solution on mobile devices to evaluate customer authenticity, further saving substantive SMS costs by reducing the need for SMS-based verification.
Tackle SMS toll fraud head-on
For social media platforms, agility in responding to consumer requests is key. Equipping yourself with robust solutions that can keep pace with complex attacks and evolving threats is essential for success. Arkose Labs partners with leading global brands in their success journey by providing future-proof protection from evolving threats and attack tactics.
With a consumer-centric fraud prevention approach, Arkose Labs helps social media platforms thwart SMS toll fraud attempts right from the start, paving the way for social platforms to effectively protect their consumers, revenues, and brand equity.
To learn how you can use Arkose Labs solutions to fortify your defenses against SMS toll fraud, book a demo now.
3 Reasons Arkose Bot Manager Outperforms reCAPTCHA in Detecting Bots