ECONOMY & WORK
MONEY 101
NEWS
PERSONAL FINANCE
NET WORTH
About Us Contact Us Privacy Policy Terms of Use DMCA Opt-out of personalized ads
© Copyright 2023 Market Realist. Market Realist is a registered trademark. All Rights Reserved. People may receive compensation for some links to products and services on this website. Offers may be subject to change without notice.
MARKETREALIST.COM / NEWS

Scammers are Using AI to Exploit Text Passcode Authentication; Here's How They are Doing it

AIT scams are a form of cybercrime where cybercriminals target systems with non- or low-protected phone number input fields that distribute one-time passcodes (OTPs), app download links, or other content via text messages
PUBLISHED NOV 25, 2023
Image Source: Pexels/ Pixabay
Image Source: Pexels/ Pixabay

Cyber threats keep evolving as quickly as technology and the digital landscape, and in this ever-changing realm, a new danger is quietly emerging, almost imperceptibly siphoning off revenue from companies and undermining their reputation. AI is the latest tool being deployed by scammers to find a way around text passcode authentication. In this article, we'll explore how AIT scams work, why they are increasing, their impact, and the importance of CISOs and CSOs in combating this menace.

Cover Image Source: Pexels | Tara Winstead
Image Source: Pexels | Tara Winstead

Pexels | Anna Tarazevich
Pexels | Anna Tarazevich

AIT scams involve cybercriminals targeting systems with less protected phone number input fields that distribute one-time passcodes (OTPs), app download links, or other content via text messages.

They start by developing a bot designed to create fake accounts on a web service or app, and then cybercriminals collaborate with a rogue party, which may include small mobile network operators (MNOs), to intercept the artificially inflated traffic without delivering messages to their intended recipients.

The bot triggers the delivery of one-time passcode SMS messages to various mobile numbers.

The rogue party suppresses the delivery of the content.

The cybercriminal and the rogue party share the generated revenues and continue the cycle to further inflate revenues or manipulate conversion statistics.

The challenge with AIT scams is the ability of bots to mimic real user behavior, making them difficult to detect and prevent. As Nigel Gibbons, a senior advisor at security consulting firm NCC Group, notes, they pose a significant financial threat to advertisers, content providers, and telecoms, often resulting in significant costs for worthless traffic or engagement.

Image Source: Pexels | Photo by Tara Winstead
Image Source: Pexels | Photo by Tara Winstead

Among factors that may be triggering the rise of AIT scams, the potential for substantial financial rewards, whether through inflated ad revenues, increased inter-carrier compensation, or higher fees for influencers, attracts cybercriminals to these scams.

The escalating costs of application-to-person (A2P) SMS services make AIT scams even more appealing to cybercriminals, as some may even use the proceeds from AIT schemes to fund legitimate SMS traffic.

The development of more sophisticated bots and software, which are increasingly commercialized as software-as-a-service solutions, makes it easier for fraudsters to mimic real user behavior and avoid detection.

Another major reason is that AIT fraud circumvents MNOs' firewalls because one-time passcodes used in these scams are not typically flagged as spam or prohibited content due to a lack of regulation within common SMS agreements and regulatory frameworks.

Image Source: Boonchai/Getty Images
Image Source: Boonchai/Getty Images

AIT scams can lead to various negative consequences for businesses, including app developers inadvertently facilitating fraudulent activity, resulting in inflated costs for SMS services or revenue-sharing agreements, that impact profitability.

Sending excessive one-time passcodes can also lead to mistrust, which negatively impacts a company's reputation.

In addition to that, AIT fraud exploits the infrastructure provided by MNOs, causing revenue loss as businesses seek alternative authentication methods.

Image Source: Pexels/Tara Winstead
Image Source: Pexels/Tara Winstead

AIT fraud, while not a direct attack or intrusion, impacts the entire organization, making it crucial for Chief Information Security Officers (CISOs) and Chief Security Officers (CSOs) to be vigilant. AIT fraud can have serious consequences, affecting financials, reputational and security risks, data integrity, regulatory compliance, and customer trust.

CISOs must also manage and mitigate financial risks related to cybersecurity, which includes countering AIT scams. To protect against AIT fraud, CISOs and CSOs should implement strong controls, monitoring systems, and user verification processes and collaborate with app developers and MNOs to combat AIT scams collectively.

Image Source: Getty Image | Andrea Verdelli  Stringer
Image Source: Getty Image | Andrea Verdelli Stringer

To reduce the risk of SMS AIT fraud, organizations should deploy detection, prevention, and response strategies. They should conduct regular audits of mobile traffic and advertising campaigns to identify irregularities, ensure that teams understand the risks and signs of AIT scams, distinguish between genuine and fraudulent traffic by understanding the behavior of legitimate users, and partner with ad networks known for taking proactive measures against fraud.

Implementing technologies like reCAPTCHAv2, rate limiting, device fingerprinting, and honeypots to detect and prevent fraudulent activities, could also be a game-changing move.

MORE ON MARKET REALIST
The fans took issue with the clue being too tough and unnecessary for the contestants.
4 hours ago
Cuban wanted to strike a deal with the founder of Coconut Girl and gave her an ultimatum.
6 hours ago
Although the word did make a lot of difference, some fans felt that the decision was ridiculous.
7 hours ago
The guest, who found the item online, didn't think it was the real deal until he heard its value.
1 day ago
The player Samantha secured the first big win of Ryan Seacrest's run on the show.
1 day ago
The sisters wanted to keep their father's legacy alive, but also had their careers to focus on.
1 day ago
The shopper noticed that the watermelon which she bought three days ago was deflated.
1 day ago
The guest couldn't believe that her collection was worth so much money.
2 days ago
While all the Sharks were out, Mark Cuban saw the potential in "Garage Celebrations."
3 days ago
The loss was ironic as the retired teacher coulnd't get a phrase commonly used in classrooms.
3 days ago
The recalls were issued for a range of products including tires, air conditioners and power banks.
3 days ago
The guest who got the item as a gift from a neighbor had little to no idea about its significance.
3 days ago
Harrison got a good deal for the fossil although it wasn't what he had thought.
4 days ago
The player, Beth Barbee left everyone in the dust with her impressive puzzle solving skills.
4 days ago
Given her celebrity status, Harrison cut her some slack in the negotiations.
4 days ago
The deal ultimately fell apart as the seller, Scotty was looking to get $375,000.
5 days ago
The guest was blown away by the six-figure appraisal for his father's John Falter illustration.
5 days ago
Harvey just couldn't believe that the contestant could come up with an answer like that.
6 days ago
Antoinette's win was even more special because she needed a car more than anything at that point.
6 days ago
The player, Catrice Sandt, nearly blew the Bonus Round puzzle by saying too many words in the end.
7 days ago