There Are Two Types Of SMS Pumping Fraud
One type involves forcing websites to send SMS messages to a provider that they profit from, the other is to send SMS messages to individuals to get them to reply to very high-cost phone numbers.
The SMS Pumping Scam Targetting Individuals
SMS pumping fraud refers to a type of fraudulent activity where individuals or organizations manipulate mobile phone users into sending premium-rate SMS messages without their knowledge or consent.
SMS pumping fraud, also known as text message pumping fraud or SMS cramming, is a type of fraudulent scheme that targets mobile phone users. It involves manipulating individuals into unknowingly or unintentionally sending premium-rate SMS messages, resulting in unauthorized charges on their mobile phone bills.
This scam typically involves sending unsolicited text messages to potential victims, enticing them with fake offers or prizes, and tricking them into replying or interacting with the message in a way that triggers premium-rate charges. The fraudsters then profit from the inflated charges incurred by the victims. It is important to be cautious and skeptical of unsolicited messages and to avoid engaging with suspicious or unknown senders to protect yourself from SMS pumping fraud.
For example, those “hi” messages that entice a user to reply asking who that was, can often result in very high SMS reply fees.
Here’s How SMS Pumping Fraud Typically Works:
- Unsolicited Text Messages: Fraudsters send unsolicited text messages to a large number of mobile phone users. These messages often appear to be from a legitimate source, such as a well-known company, service provider, or contest organizer.
- Tempting Offers or Prizes: The messages entice recipients with attractive offers, prizes, discounts, or exclusive content, aiming to capture their attention and interest. These offers may promise free downloads, ringtones, games, or access to premium services.
- Interaction Prompt: The fraudulent messages instruct recipients to reply or interact in some way to claim the offer or prize. This interaction could involve sending a specific keyword, providing personal information, clicking on a link, or downloading a file.
- Premium-Rate Charges: By responding or interacting with the message, victims unknowingly trigger premium-rate SMS services. These services charge significantly higher rates than regular text messages, with the fees often added to the victims’ mobile phone bills.
- Revenue Generation: The fraudsters profit from the inflated charges incurred by the victims. They typically receive a portion of the revenue generated by the premium-rate services, while the legitimate service providers or content providers involved in the fraud may also benefit financially.
To Avoid Falling Victim To SMS Pumping Fraud Or Prohibit It Effectively, Consider The Following Measures:
- Be Skeptical of Unsolicited Messages: Exercise caution when receiving unsolicited text messages, especially from unknown or unfamiliar senders. Be wary of offers that seem too good to be true or request personal information.
- Review Your Phone Bill Regularly: Thoroughly review your mobile phone bills on a monthly basis to identify any unexpected or unauthorized charges. If you notice unfamiliar charges, contact your mobile service provider immediately to dispute them.
- Don’t Respond or Engage: Avoid responding to or interacting with suspicious messages, particularly those that prompt you to send a reply or provide personal information. Delete such messages to minimize the risk of inadvertently initiating premium-rate services.
- Enable SMS Filters or Blockers: Many mobile devices and service providers offer SMS filtering or blocking options. Take advantage of these features to block messages from unknown or suspicious sources, reducing the likelihood of receiving fraudulent messages.
- Report Suspicious Messages: If you receive a suspicious message, report it to your mobile service provider. They may have mechanisms in place to investigate and take action against fraudulent senders.
- Educate Yourself and Others: Stay informed about the latest scams, fraud techniques, and best practices for online safety. Share this knowledge with friends, family, and colleagues to raise awareness and help others avoid falling victim to SMS pumping fraud.
By adopting these preventive measures and staying vigilant, you can minimize the risk of becoming a victim of SMS pumping fraud and protect yourself from unauthorized charges and financial losses.
SMS Pumping Fraud on Websites & Apps
This is a relatively new menace for website owners and operators.
It works by allowing fraudsters to ambush website forms that generate SMS one-time passwords that you send for account access or making purchases. Though it can also attack password reset features that send an SMS message.
They target web forms or apps that have relatively low levels of security, allowing them to generate thousands of bogus SMS messages to phone numbers that they control and where they make a percentage of the telecom charges.
They make money by entering into a revenue-sharing agreement with a mobile network. Each OTP text (one-time password text) delivered gives them a small commission but if they do this on an industrial scale, then with little effort, huge revenues can be generated.
Some estimates suggest that SMS pumping fraud accounts for about 6% of all business SMS traffic as of 2022.
Twitter Suffers Massive SMS OTP Fraud
Elon Musk claims that Twitter lost $60 million dollars last year because 390 different telecom companies used bots to inflate A2P SMS.
“I discovered this, basically, about 10 days ago, that Twitter was being scammed to the tune of $60 million dollars a year for SMS texts, not counting North America.”
There have also been reports of some web owners losing tens of thousands of dollars in these toll-fraud attacks.
Avoiding SMS Pumping Fraud on Websites
If you are a website publisher that has such forms, features, or apps that generate SMS passwords there are some simple steps you can take to avoid being a victim of this scam and the costs it brings with it.
It’s the responsibility of the service owner to prevent or minimize abuse of their website web forms, not the hosting company. There’s only so much the SMS API can do to prevent this type of fraud.
Here are some reasonably easy and low-cost ways that you can reduce the risk of SMS pumping fraud.
- Disable sign-ups from countries where you don’t operate – take a robust stance and disable the ability for people to complete the form from any country where you don’t operate or where you know the country will be a minor part of your market.
- Use a country IP filter or blocker to block countries where you do not want business anyway.
- Set rate limits on the number of SMS that can be sent to any range of mobile numbers – restrict the number of texts that can be sent in a set number of minutes to certain number prefixes.
- The best solution is to disable text messaging altogether and force all such functions through email addresses which have no cost.
This might not completely resolve the problem but it should massively reduce it. This throttling approach and lack of throughput might deter the cybercriminal from attacking your website!
Detect And Discourage Bots
- Using CAPTCHAs can help deter bots. Try to create a little more friction in the signup process. This will be no issue for genuine customers but will create a hurdle for automated bots.
- Allow only one text to be sent to any mobile number – restrict the number of texts that a single mobile number can receive in any given time period.
- Monitor conversion rates. If the conversion rate of customers suddenly drops, but the number of SMS texts is high, this could be an indication of SMS pumping in action. You could consider setting alerts to trigger if conversion drops below expected or normal levels.
If you offer such features on your website or app it is essential that you take precautions since this type of attack can hit without warning and run up massive costs overnight!
-/ 30 /-
What do you think about this?
Please share your thoughts in a comment below!
Do You Need Support?
Get It Now!
SCARS provides the leading Support & Recovery program for relationship scam victims – completely FREE!
Our managed peer support groups allow victims to talk to other survivors and recover in the most experienced environment possible, for as long as they need. Recovery takes as long as it takes – we put no limits on our support!
SCARS is the most trusted support & education provider in the world. Our team is certified in trauma-informed care, grief counseling, and so much more!
To apply to join our groups visit support.AgainstScams.org
We also offer separate support groups for family & friends too.
Become a
SCARS STAR™ Member
SCARS offers memberships in our STAR program, which includes many benefits for a very low annual membership fee!
SCARS STAR Membership benefits include:
- FREE Counseling or Therapy Benefit from our partner BetterHelp.com
- Exclusive members-only content & publications
- Discounts on SCARS Self-Help Books Save
- And more!
To learn more about the SCARS STAR Membership visit membership.AgainstScams.org
To become a SCARS STAR Member right now visit join.AgainstScams.org
To Learn More Also Look At Our Article Catalogs
Scam & Crime Types
More SCARS
- ScamsNOW Magazine – ScamsNOW.com
- ContraEstafas.org
- ScammerPhotos.com
- AnyScam.com – reporting
- AgainstScams.org – SCARS Corporate Website
- SCARS YouTube Video Channel
Leave A Comment