ECONOMY & WORK
MONEY 101
NEWS
PERSONAL FINANCE
NET WORTH
About Us Contact Us Privacy Policy Terms of Use DMCA Opt-out of personalized ads
© Copyright 2023 Market Realist. Market Realist is a registered trademark. All Rights Reserved. People may receive compensation for some links to products and services on this website. Offers may be subject to change without notice.
MARKETREALIST.COM / NEWS

Scammers are Using AI to Exploit Text Passcode Authentication; Here's How They are Doing it

AIT scams are a form of cybercrime where cybercriminals target systems with non- or low-protected phone number input fields that distribute one-time passcodes (OTPs), app download links, or other content via text messages
PUBLISHED NOV 25, 2023
Image Source: Pexels/ Pixabay
Image Source: Pexels/ Pixabay

Cyber threats keep evolving as quickly as technology and the digital landscape, and in this ever-changing realm, a new danger is quietly emerging, almost imperceptibly siphoning off revenue from companies and undermining their reputation. AI is the latest tool being deployed by scammers to find a way around text passcode authentication. In this article, we'll explore how AIT scams work, why they are increasing, their impact, and the importance of CISOs and CSOs in combating this menace.

Cover Image Source: Pexels | Tara Winstead
Image Source: Pexels | Tara Winstead

Pexels | Anna Tarazevich
Pexels | Anna Tarazevich

AIT scams involve cybercriminals targeting systems with less protected phone number input fields that distribute one-time passcodes (OTPs), app download links, or other content via text messages.

They start by developing a bot designed to create fake accounts on a web service or app, and then cybercriminals collaborate with a rogue party, which may include small mobile network operators (MNOs), to intercept the artificially inflated traffic without delivering messages to their intended recipients.

The bot triggers the delivery of one-time passcode SMS messages to various mobile numbers.

The rogue party suppresses the delivery of the content.

The cybercriminal and the rogue party share the generated revenues and continue the cycle to further inflate revenues or manipulate conversion statistics.

The challenge with AIT scams is the ability of bots to mimic real user behavior, making them difficult to detect and prevent. As Nigel Gibbons, a senior advisor at security consulting firm NCC Group, notes, they pose a significant financial threat to advertisers, content providers, and telecoms, often resulting in significant costs for worthless traffic or engagement.

Image Source: Pexels | Photo by Tara Winstead
Image Source: Pexels | Photo by Tara Winstead

Among factors that may be triggering the rise of AIT scams, the potential for substantial financial rewards, whether through inflated ad revenues, increased inter-carrier compensation, or higher fees for influencers, attracts cybercriminals to these scams.

The escalating costs of application-to-person (A2P) SMS services make AIT scams even more appealing to cybercriminals, as some may even use the proceeds from AIT schemes to fund legitimate SMS traffic.

The development of more sophisticated bots and software, which are increasingly commercialized as software-as-a-service solutions, makes it easier for fraudsters to mimic real user behavior and avoid detection.

Another major reason is that AIT fraud circumvents MNOs' firewalls because one-time passcodes used in these scams are not typically flagged as spam or prohibited content due to a lack of regulation within common SMS agreements and regulatory frameworks.

Image Source: Boonchai/Getty Images
Image Source: Boonchai/Getty Images

AIT scams can lead to various negative consequences for businesses, including app developers inadvertently facilitating fraudulent activity, resulting in inflated costs for SMS services or revenue-sharing agreements, that impact profitability.

Sending excessive one-time passcodes can also lead to mistrust, which negatively impacts a company's reputation.

In addition to that, AIT fraud exploits the infrastructure provided by MNOs, causing revenue loss as businesses seek alternative authentication methods.

Image Source: Pexels/Tara Winstead
Image Source: Pexels/Tara Winstead

AIT fraud, while not a direct attack or intrusion, impacts the entire organization, making it crucial for Chief Information Security Officers (CISOs) and Chief Security Officers (CSOs) to be vigilant. AIT fraud can have serious consequences, affecting financials, reputational and security risks, data integrity, regulatory compliance, and customer trust.

CISOs must also manage and mitigate financial risks related to cybersecurity, which includes countering AIT scams. To protect against AIT fraud, CISOs and CSOs should implement strong controls, monitoring systems, and user verification processes and collaborate with app developers and MNOs to combat AIT scams collectively.

Image Source: Getty Image | Andrea Verdelli  Stringer
Image Source: Getty Image | Andrea Verdelli Stringer

To reduce the risk of SMS AIT fraud, organizations should deploy detection, prevention, and response strategies. They should conduct regular audits of mobile traffic and advertising campaigns to identify irregularities, ensure that teams understand the risks and signs of AIT scams, distinguish between genuine and fraudulent traffic by understanding the behavior of legitimate users, and partner with ad networks known for taking proactive measures against fraud.

Implementing technologies like reCAPTCHAv2, rate limiting, device fingerprinting, and honeypots to detect and prevent fraudulent activities, could also be a game-changing move.

MORE ON MARKET REALIST
The spooky item was a great find for the pawn shop, but the asking price was too high for Corey Harrison to cut a deal.
11 hours ago
Despite saying that the item was worth a small fortune, the expert was confident about its future.
13 hours ago
Harrison almost blew the deal for the gold & diamond encrusted ring over $3,000.
1 day ago
Insulted by her refusal to partner up, Kevin O'Leary told Lori Greiner, 'Do not screw with Mr Wonderful...'
1 day ago
The witty host reminded everyone that he’s never afraid to deliver the perfect clap back.
2 days ago
TikToker Madilynn Cameron alleged she was asked her to get a membership to use the self checkout facility at Walmart.
2 days ago
The toy train set from the Lionel company turned out to be a invaluable treasure.
2 days ago
The pawn shop boss, Rick Harrison wasted no time to get the mummy authenticated.
2 days ago
The elderly guest was visibly shaken to learn the value of her prized family heirloom.
2 days ago
In an Instagram post, Drew Goldfarb got candid about his big win, friends he made along the way, and things he learnt.
2 days ago
Ken Jennings accidentally let a curse slip and spoiled a clue — and the goof-up made it to air unedited.
3 days ago
The expert admitted that the item wasn't the most appealing thing to appraise.
3 days ago
'Dad had a good day digging,' expert Christian Beadman told the guest after revealing the value of the sculpture.
3 days ago
The guest brought in a rare Alexander Calder sculpture, but she wasn't prepared for the jaw-dropping appraisal.
3 days ago
Cuban, who initially refused to make an offer, jumped back into the competition.
4 days ago
'I've been begging her for this picture ever since I've seen it,' the guest said, recalling how she fell in love it.
4 days ago
With a $1 million prize on the line, Cindy Koenig fell short on a puzzle that many fans felt was quite solvable.
5 days ago
'You blow me away, you're so impressive,' Lori Greiner told the founders, but still lost to Mark Cuban in a bidding war.
5 days ago
Harris still walked away with a good amount of money and a vacation after the game.
5 days ago
'I have to say that I haven't seen very many of these,' expert Bill Harriman said, before revealing its potential value.
6 days ago