ECONOMY & WORK
MONEY 101
NEWS
PERSONAL FINANCE
NET WORTH
About Us Contact Us Privacy Policy Terms of Use DMCA Opt-out of personalized ads
© Copyright 2023 Market Realist. Market Realist is a registered trademark. All Rights Reserved. People may receive compensation for some links to products and services on this website. Offers may be subject to change without notice.
MARKETREALIST.COM / NEWS

Scammers are Using AI to Exploit Text Passcode Authentication; Here's How They are Doing it

AIT scams are a form of cybercrime where cybercriminals target systems with non- or low-protected phone number input fields that distribute one-time passcodes (OTPs), app download links, or other content via text messages
PUBLISHED NOV 25, 2023
Image Source: Pexels/ Pixabay
Image Source: Pexels/ Pixabay

Cyber threats keep evolving as quickly as technology and the digital landscape, and in this ever-changing realm, a new danger is quietly emerging, almost imperceptibly siphoning off revenue from companies and undermining their reputation. AI is the latest tool being deployed by scammers to find a way around text passcode authentication. In this article, we'll explore how AIT scams work, why they are increasing, their impact, and the importance of CISOs and CSOs in combating this menace.

Cover Image Source: Pexels | Tara Winstead
Image Source: Pexels | Tara Winstead

Pexels | Anna Tarazevich
Pexels | Anna Tarazevich

AIT scams involve cybercriminals targeting systems with less protected phone number input fields that distribute one-time passcodes (OTPs), app download links, or other content via text messages.

They start by developing a bot designed to create fake accounts on a web service or app, and then cybercriminals collaborate with a rogue party, which may include small mobile network operators (MNOs), to intercept the artificially inflated traffic without delivering messages to their intended recipients.

The bot triggers the delivery of one-time passcode SMS messages to various mobile numbers.

The rogue party suppresses the delivery of the content.

The cybercriminal and the rogue party share the generated revenues and continue the cycle to further inflate revenues or manipulate conversion statistics.

The challenge with AIT scams is the ability of bots to mimic real user behavior, making them difficult to detect and prevent. As Nigel Gibbons, a senior advisor at security consulting firm NCC Group, notes, they pose a significant financial threat to advertisers, content providers, and telecoms, often resulting in significant costs for worthless traffic or engagement.

Image Source: Pexels | Photo by Tara Winstead
Image Source: Pexels | Photo by Tara Winstead

Among factors that may be triggering the rise of AIT scams, the potential for substantial financial rewards, whether through inflated ad revenues, increased inter-carrier compensation, or higher fees for influencers, attracts cybercriminals to these scams.

The escalating costs of application-to-person (A2P) SMS services make AIT scams even more appealing to cybercriminals, as some may even use the proceeds from AIT schemes to fund legitimate SMS traffic.

The development of more sophisticated bots and software, which are increasingly commercialized as software-as-a-service solutions, makes it easier for fraudsters to mimic real user behavior and avoid detection.

Another major reason is that AIT fraud circumvents MNOs' firewalls because one-time passcodes used in these scams are not typically flagged as spam or prohibited content due to a lack of regulation within common SMS agreements and regulatory frameworks.

Image Source: Boonchai/Getty Images
Image Source: Boonchai/Getty Images

AIT scams can lead to various negative consequences for businesses, including app developers inadvertently facilitating fraudulent activity, resulting in inflated costs for SMS services or revenue-sharing agreements, that impact profitability.

Sending excessive one-time passcodes can also lead to mistrust, which negatively impacts a company's reputation.

In addition to that, AIT fraud exploits the infrastructure provided by MNOs, causing revenue loss as businesses seek alternative authentication methods.

Image Source: Pexels/Tara Winstead
Image Source: Pexels/Tara Winstead

AIT fraud, while not a direct attack or intrusion, impacts the entire organization, making it crucial for Chief Information Security Officers (CISOs) and Chief Security Officers (CSOs) to be vigilant. AIT fraud can have serious consequences, affecting financials, reputational and security risks, data integrity, regulatory compliance, and customer trust.

CISOs must also manage and mitigate financial risks related to cybersecurity, which includes countering AIT scams. To protect against AIT fraud, CISOs and CSOs should implement strong controls, monitoring systems, and user verification processes and collaborate with app developers and MNOs to combat AIT scams collectively.

Image Source: Getty Image | Andrea Verdelli  Stringer
Image Source: Getty Image | Andrea Verdelli Stringer

To reduce the risk of SMS AIT fraud, organizations should deploy detection, prevention, and response strategies. They should conduct regular audits of mobile traffic and advertising campaigns to identify irregularities, ensure that teams understand the risks and signs of AIT scams, distinguish between genuine and fraudulent traffic by understanding the behavior of legitimate users, and partner with ad networks known for taking proactive measures against fraud.

Implementing technologies like reCAPTCHAv2, rate limiting, device fingerprinting, and honeypots to detect and prevent fraudulent activities, could also be a game-changing move.

MORE ON MARKET REALIST
She first bought 20 tickets and then went back to buy 10 more after she had an intuition.
52 minutes ago
In an attempt to surprise Sandler, Spade ended up being more generous than he planned.
1 day ago
The man's presence at a women-only poker event also sparked a huge online debate.
1 day ago
He revealed that the piece of advice that changed his outlook toward money came from a celebrity business manager Lester Knispel.
1 day ago
The workers chose to stick to the company's core values and did the right thing.
1 day ago
The guest revealed that she didn't know about the trade mentioned on the disk when it was purchased.
2 days ago
The CEO at the local casino decided to make her birthday even more special by adding a gift to her winnings.
2 days ago
Sometimes things that don't shine turn out to be worth more than gold.
2 days ago
Spending on restaurants and hotels increased by 0.3 percent in May which was the single largest influence.
2 days ago
The Hollywood star said, "I've left more money on the table than any actor actually."
3 days ago
Many are now heading to the shop from far beyond the county to try their luck.
3 days ago
The duo also performed a cover of Adam Jenson's 2017 song “Street Fight”.
3 days ago
Pam, 83, said "I could have made a fortune, but it wasn’t to be. I’ve had a happier life than Marilyn ever had. I’ve no regrets."
4 days ago
Early 1980s was a special era as several rare coins were minted then.
4 days ago
According to reports, the fisherman from Puerto Princesa found the item over a decade ago while he was fishing in the sea.
4 days ago
For decades, the painting was hung in a shabby frame in the living room.
5 days ago
The asteroid was discovered by Italian astronomer Annibale de Gasparis on March 17, 1852, who named it after the Greek Goddess of the soul.
5 days ago
In the video, another friend can be heard gasping and noting how she thought that Maddie was 'exaggerating.'
5 days ago
The man from New Jersey who was looking to save a few bucks, didn't know what luck had in store for him.
5 days ago
In 2004, Ashley Revell from London won $270,000 in one of the most stunning events in gambling history.
5 days ago