SMS toll fraud is spiking. I learned all about the nuances of deploying – and defending – these insidious attacks in a recent visit with Arkose Labs CEO, Kevin Gosschalk, who explained how the perpetrators victimize businesses that use text messages to validate phone users signing up for a new account.
The fraudsters set themselves up as “affiliates” of phone companies in Indonesia, Thailand and Vietnam and then use bots to apply for online accounts, en masse, at a targeted business. The con: each text message the business then sends in return — to validate the applicant — generates a fee for the phone company which it shares with the affiliate.
This fraudulent activity usually remains undetected until the business receives a bill for an unusually high number of text messages sent to seemingly legitimate users.
As a solution, Arkose Labs aims to increase the cost of attacks, making them less profitable for the fraudsters.
Their technology detects malicious actions and offers differing levels of challenges, based on a risk threshold. They also provide their customers with threat intelligence that can be used to prevent attackers from profiting. For a full drill down on our discussion, please give the accompanying podcast a listen.
This is one more example of cybercriminals cleverly exploiting the flaws in a convenient business process. It surely won’t be the last. I’ll keep watch and keep reporting.
Read original article here.