ECONOMY & WORK
MONEY 101
NEWS
PERSONAL FINANCE
NET WORTH
About Us Contact Us Privacy Policy Terms of Use DMCA Opt-out of personalized ads
© Copyright 2023 Market Realist. Market Realist is a registered trademark. All Rights Reserved. People may receive compensation for some links to products and services on this website. Offers may be subject to change without notice.
MARKETREALIST.COM / NEWS

Scammers are Using AI to Exploit Text Passcode Authentication; Here's How They are Doing it

AIT scams are a form of cybercrime where cybercriminals target systems with non- or low-protected phone number input fields that distribute one-time passcodes (OTPs), app download links, or other content via text messages
PUBLISHED NOV 25, 2023
Image Source: Pexels/ Pixabay
Image Source: Pexels/ Pixabay

Cyber threats keep evolving as quickly as technology and the digital landscape, and in this ever-changing realm, a new danger is quietly emerging, almost imperceptibly siphoning off revenue from companies and undermining their reputation. AI is the latest tool being deployed by scammers to find a way around text passcode authentication. In this article, we'll explore how AIT scams work, why they are increasing, their impact, and the importance of CISOs and CSOs in combating this menace.

Cover Image Source: Pexels | Tara Winstead
Image Source: Pexels | Tara Winstead

Pexels | Anna Tarazevich
Pexels | Anna Tarazevich

AIT scams involve cybercriminals targeting systems with less protected phone number input fields that distribute one-time passcodes (OTPs), app download links, or other content via text messages.

They start by developing a bot designed to create fake accounts on a web service or app, and then cybercriminals collaborate with a rogue party, which may include small mobile network operators (MNOs), to intercept the artificially inflated traffic without delivering messages to their intended recipients.

The bot triggers the delivery of one-time passcode SMS messages to various mobile numbers.

The rogue party suppresses the delivery of the content.

The cybercriminal and the rogue party share the generated revenues and continue the cycle to further inflate revenues or manipulate conversion statistics.

The challenge with AIT scams is the ability of bots to mimic real user behavior, making them difficult to detect and prevent. As Nigel Gibbons, a senior advisor at security consulting firm NCC Group, notes, they pose a significant financial threat to advertisers, content providers, and telecoms, often resulting in significant costs for worthless traffic or engagement.

Image Source: Pexels | Photo by Tara Winstead
Image Source: Pexels | Photo by Tara Winstead

Among factors that may be triggering the rise of AIT scams, the potential for substantial financial rewards, whether through inflated ad revenues, increased inter-carrier compensation, or higher fees for influencers, attracts cybercriminals to these scams.

The escalating costs of application-to-person (A2P) SMS services make AIT scams even more appealing to cybercriminals, as some may even use the proceeds from AIT schemes to fund legitimate SMS traffic.

The development of more sophisticated bots and software, which are increasingly commercialized as software-as-a-service solutions, makes it easier for fraudsters to mimic real user behavior and avoid detection.

Another major reason is that AIT fraud circumvents MNOs' firewalls because one-time passcodes used in these scams are not typically flagged as spam or prohibited content due to a lack of regulation within common SMS agreements and regulatory frameworks.

Image Source: Boonchai/Getty Images
Image Source: Boonchai/Getty Images

AIT scams can lead to various negative consequences for businesses, including app developers inadvertently facilitating fraudulent activity, resulting in inflated costs for SMS services or revenue-sharing agreements, that impact profitability.

Sending excessive one-time passcodes can also lead to mistrust, which negatively impacts a company's reputation.

In addition to that, AIT fraud exploits the infrastructure provided by MNOs, causing revenue loss as businesses seek alternative authentication methods.

Image Source: Pexels/Tara Winstead
Image Source: Pexels/Tara Winstead

AIT fraud, while not a direct attack or intrusion, impacts the entire organization, making it crucial for Chief Information Security Officers (CISOs) and Chief Security Officers (CSOs) to be vigilant. AIT fraud can have serious consequences, affecting financials, reputational and security risks, data integrity, regulatory compliance, and customer trust.

CISOs must also manage and mitigate financial risks related to cybersecurity, which includes countering AIT scams. To protect against AIT fraud, CISOs and CSOs should implement strong controls, monitoring systems, and user verification processes and collaborate with app developers and MNOs to combat AIT scams collectively.

Image Source: Getty Image | Andrea Verdelli  Stringer
Image Source: Getty Image | Andrea Verdelli Stringer

To reduce the risk of SMS AIT fraud, organizations should deploy detection, prevention, and response strategies. They should conduct regular audits of mobile traffic and advertising campaigns to identify irregularities, ensure that teams understand the risks and signs of AIT scams, distinguish between genuine and fraudulent traffic by understanding the behavior of legitimate users, and partner with ad networks known for taking proactive measures against fraud.

Implementing technologies like reCAPTCHAv2, rate limiting, device fingerprinting, and honeypots to detect and prevent fraudulent activities, could also be a game-changing move.

MORE ON MARKET REALIST
After winning a new home gym, the contestant went all out with his celebration.
15 hours ago
When Harrison came across the 'uber cool' Hollywood prop, he knew he had to buy it.
16 hours ago
Seacrest kept teasing the player and the fans about finally crowining a million dollar winner.
17 hours ago
While the seller came in with a huge asking price, there was one big problem with the collection.
1 day ago
The appraisal turned out to be 10 times the price that the guest had paid for it.
1 day ago
The dress from the Oscar-winning film, "Some Like It Hot," got a six-figure appraisal on the show.
1 day ago
The Batman Utility Belt from the 60's turned out be a sought-after toy.
1 day ago
Fallon got on Steve Harvey's nerves by mixing up the show with "Jeopardy!"
2 days ago
The guest had no idea that the hood ornament was created by renowned artist Harriet Frishmuth.
3 days ago
Fans took to Reddit to discuss the player's performance and what they described as a lucky win.
3 days ago
Harrison couldn't believe his eyes when he saw one of the Holy Grails of American history.
3 days ago
This was the first time that Harrison had come across an IndyCar on sale.
4 days ago
The item turned out to be worth 10 times more than what the guest expected its value to be.
4 days ago
Cuban was against a royalty deal offered by his fellow Sharks, Lori Greiner and Robert Herjavec.
5 days ago
The collection of 11 national championship rings was from the UConn Women's Basketball dynasty.
5 days ago
Fans alleged that the show is using increasingly difficult puzzles in the Bonus Rounds.
5 days ago
The guest had endured a lot of criticism for buying the prints at even such a low price.
6 days ago
Things got intense for her as she unlocked a mega cash with just one key in her hand in the "Master Key" game.
6 days ago
A popular name has come up in every conversation about White's successor.
7 days ago
Lori Greiner wasn't happy at all as Mark Cuban and Maria Sharapova snubbed her for a deal.
7 days ago