Getty Images/iStockphoto
Not all cyber attacks infiltrate IT environments to steal information. Some attacks, still fueled by money, focus on fraud instead. One such fraud-based attack is SMS pumping.
In an SMS pumping attack, malicious actors take advantage of SMS systems connected to online forms or web apps — for example, where users request a download link or one-time passcode (OTP). Attackers use bots to automatically input premium rate phone numbers into online forms connected to SMS systems. These numbers charge higher prices to contact, thereby providing more money to the mobile network operators (MNOs) that control those specific numbers. Attackers make their money by either exploiting unwitting MNOs or working with unscrupulous MNOs to receive a portion of the revenue generated from the premium rate phone numbers.
SMS pumping attacks are also known as SMS artificially inflated traffic, SMS OTP fraud or artificially generated traffic.
Approximately 6% of all SMS traffic between December 2021 and December 2022 was flagged as SMS pumping by Lanck Telecom. In February 2023, Elon Musk claimed SMS pumping attacks cost Twitter $60 million per year. Twitter removed two-factor authentication (2FA) via text — except to verified Twitter Blue users — due to these attacks. The move aimed to save money by limiting 2FA SMS use to only subscription customers.
SMS pumping attacks are often initially detected when an unusual number of SMS notifications are requested or when a spike in certain types of phone numbers — such as premium rate numbers — requesting SMS notifications is detected.
To detect SMS pumping attacks, Andras Cser, analyst at Forrester Research, recommended organizations pay attention to the phone numbers being used on password reset, registration and similar webpage forms. “This includes understanding the device ID and reputation of the site that plugs in these unusual numbers,” he said.
After detecting spikes in SMS notification requests, ask the following questions to uncover whether it’s an SMS pumping attack:
If the answer to any of these questions is yes, it may be an SMS attack.
Preventing SMS pumping attacks from occurring in the first place is key. Attacks can also be mitigated to lessen their effects. Use the following prevention and mitigation methods:
The new MCN Foundation can find and connect to public clouds and provide visibility. The company’s full-stack product powers the …
SamKnows data in ThousandEyes will let enterprises monitor the broadband connections of employees working from home. The …
Edge computing isn’t new, but it has grown in popularity due to 5G and the influx of IoT devices. This quiz covers edge computing…
Enterprise Strategy Group’s Doug Cahill discusses survey results that show using integrated technologies from multiple vendors …
You don’t have to build your blockchain project from the ground up. These cloud-based service providers can provide the necessary…
This in-depth guide explains what digital transformation is, why it is important and how enterprises can successfully transition …
AppleCare is a useful limited warranty that comes with all Apple devices, but some organizations should consider the benefits of …
Organizations looking to deploy Microsoft Configuration Manager console must make sure to set up this platform correctly and …
There isn’t a perfect PC lifecycle plan for all organizations, so IT teams and management should ask themselves these four …
HPE is entering the AI public cloud provider market — but is it ready? Read more about its AI offerings for HPE GreenLake and …
HPE’s Bryan Thompson talks about how HPE GreenLake has become synonymous with the brand, and looks to its future and how the …
AWS offers its customers several options to minimize application latency. Let’s look at the role AWS Local Zones can play in …
The EU Court of Justice has issued a significant judgment against Meta, ruling that national anti-trust bodies can investigate …
A House of Lords report about digital exclusion across the UK has blamed slow and undedicated government intervention for the …
UK’s largest independent network provider wins £318m in new contracts as part of £5bn UK national gigabit broadband scheme
All Rights Reserved, Copyright 2000 – 2023, TechTarget
Privacy Policy
Cookie Preferences
Do Not Sell or Share My Personal Information