ECONOMY & WORK
MONEY 101
NEWS
PERSONAL FINANCE
NET WORTH
About Us Contact Us Privacy Policy Terms of Use DMCA Opt-out of personalized ads
© Copyright 2023 Market Realist. Market Realist is a registered trademark. All Rights Reserved. People may receive compensation for some links to products and services on this website. Offers may be subject to change without notice.
MARKETREALIST.COM / NEWS

Scammers are Using AI to Exploit Text Passcode Authentication; Here's How They are Doing it

AIT scams are a form of cybercrime where cybercriminals target systems with non- or low-protected phone number input fields that distribute one-time passcodes (OTPs), app download links, or other content via text messages
PUBLISHED NOV 25, 2023
Image Source: Pexels/ Pixabay
Image Source: Pexels/ Pixabay

Cyber threats keep evolving as quickly as technology and the digital landscape, and in this ever-changing realm, a new danger is quietly emerging, almost imperceptibly siphoning off revenue from companies and undermining their reputation. AI is the latest tool being deployed by scammers to find a way around text passcode authentication. In this article, we'll explore how AIT scams work, why they are increasing, their impact, and the importance of CISOs and CSOs in combating this menace.

Cover Image Source: Pexels | Tara Winstead
Image Source: Pexels | Tara Winstead

Pexels | Anna Tarazevich
Pexels | Anna Tarazevich

AIT scams involve cybercriminals targeting systems with less protected phone number input fields that distribute one-time passcodes (OTPs), app download links, or other content via text messages.

They start by developing a bot designed to create fake accounts on a web service or app, and then cybercriminals collaborate with a rogue party, which may include small mobile network operators (MNOs), to intercept the artificially inflated traffic without delivering messages to their intended recipients.

The bot triggers the delivery of one-time passcode SMS messages to various mobile numbers.

The rogue party suppresses the delivery of the content.

The cybercriminal and the rogue party share the generated revenues and continue the cycle to further inflate revenues or manipulate conversion statistics.

The challenge with AIT scams is the ability of bots to mimic real user behavior, making them difficult to detect and prevent. As Nigel Gibbons, a senior advisor at security consulting firm NCC Group, notes, they pose a significant financial threat to advertisers, content providers, and telecoms, often resulting in significant costs for worthless traffic or engagement.

Image Source: Pexels | Photo by Tara Winstead
Image Source: Pexels | Photo by Tara Winstead

Among factors that may be triggering the rise of AIT scams, the potential for substantial financial rewards, whether through inflated ad revenues, increased inter-carrier compensation, or higher fees for influencers, attracts cybercriminals to these scams.

The escalating costs of application-to-person (A2P) SMS services make AIT scams even more appealing to cybercriminals, as some may even use the proceeds from AIT schemes to fund legitimate SMS traffic.

The development of more sophisticated bots and software, which are increasingly commercialized as software-as-a-service solutions, makes it easier for fraudsters to mimic real user behavior and avoid detection.

Another major reason is that AIT fraud circumvents MNOs' firewalls because one-time passcodes used in these scams are not typically flagged as spam or prohibited content due to a lack of regulation within common SMS agreements and regulatory frameworks.

Image Source: Boonchai/Getty Images
Image Source: Boonchai/Getty Images

AIT scams can lead to various negative consequences for businesses, including app developers inadvertently facilitating fraudulent activity, resulting in inflated costs for SMS services or revenue-sharing agreements, that impact profitability.

Sending excessive one-time passcodes can also lead to mistrust, which negatively impacts a company's reputation.

In addition to that, AIT fraud exploits the infrastructure provided by MNOs, causing revenue loss as businesses seek alternative authentication methods.

Image Source: Pexels/Tara Winstead
Image Source: Pexels/Tara Winstead

AIT fraud, while not a direct attack or intrusion, impacts the entire organization, making it crucial for Chief Information Security Officers (CISOs) and Chief Security Officers (CSOs) to be vigilant. AIT fraud can have serious consequences, affecting financials, reputational and security risks, data integrity, regulatory compliance, and customer trust.

CISOs must also manage and mitigate financial risks related to cybersecurity, which includes countering AIT scams. To protect against AIT fraud, CISOs and CSOs should implement strong controls, monitoring systems, and user verification processes and collaborate with app developers and MNOs to combat AIT scams collectively.

Image Source: Getty Image | Andrea Verdelli  Stringer
Image Source: Getty Image | Andrea Verdelli Stringer

To reduce the risk of SMS AIT fraud, organizations should deploy detection, prevention, and response strategies. They should conduct regular audits of mobile traffic and advertising campaigns to identify irregularities, ensure that teams understand the risks and signs of AIT scams, distinguish between genuine and fraudulent traffic by understanding the behavior of legitimate users, and partner with ad networks known for taking proactive measures against fraud.

Implementing technologies like reCAPTCHAv2, rate limiting, device fingerprinting, and honeypots to detect and prevent fraudulent activities, could also be a game-changing move.

MORE ON MARKET REALIST
The answers ranged from stupid to highly supportive on the show but few made it to the board.
13 hours ago
Fans were furious after all three contestants failed to recognize the actor who voiced Darth Vader.
14 hours ago
The player, Miguel Martinez got unlucky with the letters he picked and lost out on a massive win.
16 hours ago
The pawn boss managed to get a bargain on the incredible fossil as well.
17 hours ago
The owner of a decades old Martin D-18 guitar couldn't believe it was worth five figures.
1 day ago
The player, Kathryn McWhorter, made it to the finale with a tiny margin after fighting hard.
1 day ago
Harvey couldn't believe the answers the contestants came up with while thinking out of the box.
1 day ago
While Chumlee tried his best to make a deal, the owner of the 1962 Fender Jaguar had a problem.
1 day ago
Despite her disastrous choice of letters, Donna Hall Nanney stunned everyone by cracking the puzzle.
1 day ago
The contestant, Joe Ferroni took the game by storm by nearly registering a $108,000 win.
2 days ago
Harvey couldn't believe that the contestants had no idea how to be diplomatic with their partners.
2 days ago
The contestant, Ryan Richmond, a K-5 music teacher won over $73,000 in one night.
2 days ago
The contestant, Billy Kendra got very close to driving home a brand new Chevrolet Blazer.
3 days ago
The players kept cracking up Harvey over and over again with their stupid answers.
3 days ago
The big box retailer has issued a recall of Kirkland Signature Prosecco Valdobbiadene in 12 states.
3 days ago
The guest was shocked to learn that his Stradivarius violin wasn't what he thought it was.
4 days ago
The owner of the collection of Danny Lyon SNCC Civil Rights Posters was left astonished in the end.
5 days ago
After Harrison bought a signed speed bag for $250, he happened to meet the star at a dinner.
5 days ago
The contestant, Doug, had a hard time coming up with a sensible answer.
5 days ago
While Jennings performed a half-baked trick, it still managed to thoroughly entertain the fans.
6 days ago