What is SMS traffic pumping fraud?

Table of Contents

Learn about traffic pumping – a type of attack on companies using SMS messaging. Find out how we protect our customers.

In addition to the definition and consequences of the attack, the article also presents solutions, a list of tools and features of the SMS gateway that SMSAPI has introduced to protect customers of our service.

What is traffic pumping? Definition

SMS traffic pumping is an online fraud that aims to generate artificial SMS traffic in a short period of time. This can benefit competitors, who thus force the company to pay a higher invoice for sending messages, or dishonest operators, SMS providers. Therefore, it is important to use trusted providers to ensure the quality and security of SMS communication.

Other names for this phenomenon: artificial traffic pumping, traffic pumping fraud, Artificially Inflated Traffic (AIT), message scooping.

How does SMS traffic pumping work?

The attack mechanism involves sending multiple one-time code (OTP) requests, link messages, test SMS messages from unsecured forms, mechanisms on a publicly accessible site.

Example of SMS teasing: scammers using a script or bots create new accounts on a website, mobile or web application. The system automatically sends a message to each one containing a code confirming registration or a link to download the application.

Threats and counteracting SMS artificially inflated traffic

The main threats posed by SMS teasing are the increased cost of SMS communication, the stoppage of the service, and the reduced user experience, and therefore the wiezurk losses. Earlier exhaustion of the budget for artificially scooped SMS messaging can result in the unavailability of the 2FA SMS system, which means difficulties in the operation of your system, business.

Fortunately, this scam can be combated. First, you can limit the sending of requests. Consider putting time limits on your forms and securing them with Google reCAPTCHA feature. SMSAPI also helps in the fight! Check your account and turn on the Country filetering feature to block SMS to more expensive destinations.

A real-life example of a traffic pumping attack

The most high-profile example of the practice was the artificial registration of accounts and forced sending of 2FA SMS codes on Twitter. As a result of these actions, the platform was losing $60 million a year. The case was publicized by Elon Musk.

How does SMSAPI protect against traffic pumping?

SMSAPI is a secure SMS gateway for businesses. We operate to the highest standards and are ISO 27001 certified, which confirms our preparation and high level of infrastructure. Our NOC team constantly monitors the correct operation of the SMS system 24/7. Read more about how we protect your security at SMSAPI:

SMSAPI takes care of SMS messaging security

SMSAPI is a trusted SMS provider. We are in the register of SMS integrators kept by the Polish Office of Electronic Communications. We cooperate with CERT, GSM operators and organizations fighting cyber criminals.

All accounts registered with our service are verified. We verify newly reported SMS sender fields before allowing them to be used. Authorization of SMS overwrites is crucial to ensure the authenticity and security of communications.

Learn about the country filtering

Limiting shipping countries is a tool available in the SMSAPI customer panel. With it, you will set a list of destinations to which you want to send or block messages. Just specify the countries and the system will fully automatically block SMS according to your configuration. The country filter works all the time, as long as you do not change your preferences.

Country filtering business SMS messaging
Example of country filtering: dispatches limited to Austria, Czech Republic and Germany

Read about filtering shipping countries

New Function in the Customer Portal: Country Filtering

The importance of SMS authorization and 2FA in security

SMS authorization is of great importance in business. With one-time passcodes, registration confirmation passwords or login passwords sent in SMS messages, companies and online services protect data and user identities.

SMSAPI provides ready-to-use tools to run 2FA SMS on any system. Explore multi-component authentication with SMS Authenticator or use our SMS messaging platform and create your own security based on the open SMS API.

Summary and recommendations for companies

First of all, I recommend monitoring SMS traffic. For unexpected messaging, check your country filter settings. Second, check accesses and active sessions. Take advantage of the option to log out all users and change the password for your SMSAPI account.

SMSAPI contact and support

We work with our customers so that we can constantly improve the security of the SMSAPI platform. If you have any doubts about the operation of the restriction of sending countries, sending SMS abroad – contact the account manager.

Cover: Wes Hicks