Skip to main content

Messaging fraud exists because there are those who want to take advantage of people, gain a commercial advantage over their rivals, or exploit vulnerable systems for personal gain.

Fraud persists because of a lack of awareness, a lack of inclination or a lack of ability to make any meaningful change to the status quo. But left unchecked, the whole messaging industry is put at risk, whether you find yourself directly affected by fraud or not.

So, what exactly are we dealing with? MEF’s messaging working group behind the recently launched Future of Messaging Programme has identified 11 different types of fraud.

1 ) Spam: this can be the result of overzealous marketers knowingly sending promotional messages to bought or farmed lists of telephone numbers in an attempt to increase sales, or the failure by a brand or enterprise to properly manage consumer data correctly, either in terms of how they verify that a number supplied to them by a customer is correct or by not obtaining explicit consent from their customer about how a number may be used for marketing purposes in future.

Fraud within the messaging ecosystem affects everyone, be it directly or indirectly, no matter where you sit within the value chain. If consumers lose faith in SMS, or consumer complaints drive the imposition of overbearing regulations, then this quick, nimble, immediate and effective means of communication may be lost.

2 ) SMS Originator Spoofing: the sending party’s true identity is deliberately hidden in order to trick a consumer into thinking that a message is from someone familiar to them, for example, by using the originator ‘Apple’ to pretend to be “Apple”, or “HMRC” (UK Tax Office).

3 ) SMiShing (SMS Phishing): by combining SPAM, SMS Originator Spoofing and social engineering techniques, the sending party attempts to gain access to online systems, accounts or data such as credit card information by masquerading as a trustworthy entity, for example, a mobile subscriber’s bank.

4 ) SMS Malware: the sending party attempts to gain access to a mobile subscriber’s operating system and sensitive information like banking passwords through the installation of malicious software on a device without the mobile subscriber’s knowledge for example, by disguising it as an innocent app that acts silently in the background, meaning that the mobile subscriber may inadvertently download and install the software themselves.
5 ) Access Hacking: the credentials of a legitimate third party are hijacked, or the sending party sends messages by hacking a website which has the ability to send SMS, by providing fake company information, by using a stolen credit card or other payment method and/or by buying messages with no intention of paying for them.
6 ) Grey Routes in the absence of an AA19/AA60 Agreement: the absence of a commercial agreement is deliberately exploited as a way to avoid paying for message termination when sending A2P messages.
7 ) MAP Global Title Faking: messages are manipulated by the sending party changing a MAP parameter, by changing the originator in order to prevent detection by a firewall or by pretending to be a mobile operator which does not have a commercial agreement in place with the sender.
8 ) SCCP Global Title Faking (Faking): sending a message to a handset originating from a Global Title that either does not belong to the sender or has been leased from a third party and where the SCCP or MAP addresses are manipulated.
9) SMSC Compromise Fraud: relaying and sending messages around the world without paying for them. This leaves the owner of the Short Message Service Center (SMSC) to pay the message termination charges.

10 ) SIM Farms: using a bank of consumer, Machine to Machine (M2M) or Enterprise SIM cards for the delivery of A2P messages. The practice allows messages to be sent inexpensively by taking advantage of specific consumer SIM retail offers which are sold without sufficient contractual protections to prevent M2M and Enterprise SIMs from being used for A2P messaging.

 11 ) Artificial Inflation of Traffic (AIT): a rogue third party uses mobile originated interconnect revenue share as a way of generating profit by sending messages to itself, commonly via a SIM Farm.

The impact of some types of fraud are plain for all to see, such as those that target consumers directly. The ‘how’ and ‘why’ are reasonably easy to understand: overzealous marketers, a sender pretending to be someone they are not to try and solicit private and confidential information or to deliver malicious software into a mobile subscriber’s handset for personal gain.

But others are less obvious to the wider mobile environment, namely, those which occur in the relationships between mobile operators, signalling companies and the aggregators which sit between them. An additional consequence of the efforts by some to gain commercial advantage through the exploitation of network vulnerabilities or manipulation within the routing process is poor quality service delivery to enterprise which can, in turn, damage their relationships with their customers or even their brand.

Miranda Smith

Policy & Initiatives Projects Manager

MEF

color-linkedin-128 color-twitter-128 color-link-128

Fraud within the messaging ecosystem affects everyone, be it directly or indirectly, no matter where you sit within the value chain. If consumers lose faith in SMS, or consumer complaints drive the imposition of overbearing regulations, then this quick, nimble, immediate and effective means of communication may be lost.

Through its collaborative and cross-ecosystem approach, MEF is taking a stand and by clearly identifying the problem we all need to face up to, has taken its first step towards making positive changes and creating a market which is free of fraud.

Sign up now to MEF’s Mobile Messaging Programme – The Future of Messaging. A cross-ecosystem approach to accelerate market clean-up and advance innovation. Find out more and download the free A2P messaging fraud framework now

MEF