SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
Story image
'Artificial Inflation of Traffic' scams skyrocket in 2023
Thu, 15th Feb 2024

A recent report by Swedish telecom software security company Enea and intelligence agency Mobilesquared has revealed an alarming rise in fraudulent practices known as 'Artificial Inflation of Traffic' (AIT). Their research has discovered that a staggering 20 billion fraudulent marketing and authentication SMS messages were sent in 2023, causing a significant financial burden of $1.16 billion to brands around the globe.

The investigations confirmed that 4.8% of the global messaging traffic was fraudulent, exerting intense pressure on the widely-utilised application-to-person (A2P) messaging ecosystem. In fact, the report suggests that between 19.8 billion and 35.7 billion false messages were released into the system in 2023.

AIT, which uses deceptive methods like employing bots and counterfeit messaging, not only incurs monetary losses but disrupts the reliability of mobile messaging, thereby threatening the credibility of brands communicating with their customers. The report states AIT fraudulent messages now account for a significant 4.8% of total international traffic, forcing major brands to explore alternative communication channels and potentially jeopardising the viability and profitability of the entire messaging ecosystem.

Despite the noteworthy impact of AIT on the A2P SMS industry, the report indicates there is a lack of a consistent definition for AIT or comprehensive descriptions of the techniques used by threat actors. This void hinders the understanding and combating of AIT.

The report identifies six different AIT abuses, each with varied methods of inserting fraudulent traffic into the message path, and provides detailed insights into their estimated market impacts. Enea assembled these categories based on its threat intelligence and with support from industry sources.

Enea, in collaboration with Mobilesquared, highlights the three AIT attack types causing the most significant industry disruption which include Counterfeit Fabrication, Amplification bot Generation, and Masquerade Parasite Generation of AIT.

Simeon Coney, VP of Business Development at Enea, expressed the magnitude of the problem, saying, "AIT not only inflicts significant financial damage but also erodes trust in A2P messaging platforms, a cornerstone for brand-consumer interactions." He emphasised the urgent need for a unified response from the industry to accurately define and combat these deceptive practices.

Emphasising the shared responsibility across spectrums, Coney added, "It's imperative that all stakeholders in the messaging ecosystem - from mobile operators to CPaaS and aggregators - collaborate closely to measure the impact of these AIT frauds, develop and deploy robust solutions that can effectively identify sources and mitigate AIT threats."

Touching upon the aftermath of the pandemic, Nick Lane, chief messaging officer at Mobilesquared, revealed that the crisis led to an increase in brand adoption of SMS but the rise of AIT has set the A2P SMS industry back years. He concluded, "As an industry, we just need to find improved and enhanced methods of protecting it."