AIT fraud: what you need to know
The rise in Artificial Inflation of Traffic (AIT) is leaving many businesses out of pocket.
To counter this growing threat, we’ve updated our https://www.ncsc.gov.uk/guidance/business-communications-sms-and-telephone-best-practice” target=”_self”>SMS and telephone best practice guidance, which is designed to help organisations, and their customers reduce exposure to SMS and telephone-related fraud.
AIT is a technique used by criminals that generates large volumes of fake traffic through apps or websites.
In a typical AIT scenario:
- a fraudster uses a bot to create large numbers of fake accounts
- the fake accounts trigger a one-time passcode (OTP) SMS message to mobile numbers during multi-factor authentication (MFA)
- the fraudster partners with a rogue party in the mobile ecosystem (an operator or aggregator) to intercept the AIT, but never actually delivers messages to the end user
- together, the fraudster and the rogue party claim the profit
This type of fraud can cause substantial financial cost to businesses. Elon Musk summarised how the issue had impacted X (formerly known as Twitter) last December, where he explained that “Twitter was being scammed to the tune of 60 million dollars a year for SMS texts.”
Since the NCSC’s https://www.ncsc.gov.uk/guidance/business-communications-sms-and-telephone-best-practice” target=”_self”>SMS and telephone best practice guidance was originally published in January 2022, AIT fraud has increased, mainly for two reasons:
- Application to person (A2P) SMS costs have risen, increasing the potential profit of AIT fraud.
- AIT is not regulated by common SMS agreements and regulations. There are even companies that openly advertise their ability to defraud businesses by AIT, offering to impersonate hundreds of popular brands.
The overriding priority for your SMS procurement process should be security. https://www.ncsc.gov.uk/guidance/business-communications-sms-and-telephone-best-practice” target=”_self”>Our guidance explains how you can protect your business and mitigate the risk of AIT fraud, without resorting to drastic measures such as charging users to use MFA by SMS.
As always, we welcome feedback on this guidance. You can contact us via our social media and https://www.ncsc.gov.uk/section/about-this-website/general-enquiries” target=”_self”>normal contact channels.
Alex C
Citizen Resilience Lead, NCSC
Original Source: ncsc[.]gov[.]uk
A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.
If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below
To keep up to date follow us on the below channels.