Keeping one step ahead of SMS fraud

A significant percentage of all SMS traffic is now spam or fraud related in some way, with mobile devices being hacked, attacked or exploited in order to send phony promotional messages to or from the unwitting victim’s phone.

Guest author

September 14, 2016

6 Min Read
Keeping one step ahead of SMS fraud periodically invites expert third parties to share their views on the industry’s most pressing issues. In this piece Ilia Abramov, Head of Network Security at Xura, takes a look at the many different varieties of SMS fraud and what can be done to combat them.

With billions of pounds in revenue being generated through various forms of mobile targeting and marketing each year, it’s clear that our mobiles demand both ours and the fraudster’s attention. Whether it be clicks, downloads, registrations, watching videos, sending referrals to friends and colleagues, gaming or participating in surveys, each of these activities is being subverted by wrongdoers, who are doing their best to harness digital technology in order to divert a piece of the mobile marketing pie into their own accounts.

By using a number of techniques designed to avoid detection, these individuals are manipulating mobile devices and the services they deliver, along with the laws governing these services, in the attempt to exploit consumers, corporations and networks for their own gain.

A significant percentage of all SMS traffic is now spam or fraud related in some way, with mobile devices being hacked, attacked or exploited in order to send phony promotional messages to or from the unwitting victim’s phone. Indeed, our own audits revealed volumes of illegitimate traffic as high as nearly 20 per cent in some regions.

Many mobile operators are finding it increasingly difficult to detect and control this constantly evolving flood of spam and fraud traffic. If they hope to stay ahead of this ever-growing wave of attacks, they need to understand the motivations of the people responsible and the tools they use to carry them out. Here then, is a brief overview of some of the techniques and methods that make up the arsenal of today’s SMS spammers, scammers and fraudsters.


Of greatest concern are those hostile and intrusive methods in which the motivation is spurred by sabotage, as much as for financial gain.

Similar to the tools used in traditional computer hacking, mobile malware exposes targeted handsets to viruses designed to allow unauthorised access to the infected phone, granting the attacker a door to a user’s personal information, or the ability to alter the functionality of the handset, enabling it to be accessed at a later date.

App farming

This scheme between spammers and implicit handset owners allows questionable messages to be mixed in with the more legitimate SMS traffic. Handset owners download a special app that enables the user to allocate a volume of SMS messages from their handset to be used by a mobile marketing spammers and share in the revenue generated by this. Despite the app provider claiming the messages not to be spam, they often consist of fake verification codes or personal information such as travel details or booking confirmations.

This illegal activity can often go unnoticed by the network.

Unusually, this commonly used technique can result in monetary gain for the consumer who, in return for sending these spam messages, may receive a percentage of any of the revenue they generate, although that consumer is probably unaware this is illegal activity.

Grey routing

In this scam, a message with commercial or malicious content may be sent legally via one network operator to a subscriber located in another, violating the agreement that only person-to-person messages may be sent between networks.  Due to the number of legitimate messages passing between networks and the complexity of distinguishing legitimate content from illegitimate content, it can be extremely difficult for network operators to detect.

By diverging the originating or terminating message in order to bypass legal agreements in this way, unscrupulous bulk SMS providers are able to exploit rating tariffs to achieve their delivery needs while incurring the lowest possible cost.

Premium rate fraud

Of all the tools used by SMS fraudsters, this is possibly the most morally questionable. Consumers may receive a text informing them that they’ve won a prize. Responding to this, they will unwittingly sign up to a costly subscription of which they’ll remain unaware until the next billing cycle.

This type of technique bears similarities to phishing, in which criminals will create a sense of urgency to persuade their victims to respond with personal information such as their bank account details or passwords, which the criminals can then exploit for their own nefarious purposes.

Silent SMS

‘Silent SMS’ exploits, otherwise known as location sniffing, are a means of obtaining data on a handset without that handset’s owner ever knowing that they’re being tracked. While the police legally employ this technique for reasons of law and order – during missing person cases, for instance, it is also used by scammers to unlawfully obtain valuable personal or location data.

Without the user knowing, a message is sent to their mobile, which acknowledges receipt before deleting it, allowing the sender to determine where the phone is located and whether or not it is switched on. As the rise in smartphones and app use has made it easier to send texts undetected, there has been a noticeable surge in this type of exploit in recent years.

SIM farming

Technically not illegal, this method takes advantage of messaging tariffs aimed at consumers. Using a computer linked to a bank of SIMs, fraudsters are able to exploit an operator’s promise of unlimited text messages, and can send bulk deliveries of typically promotional spam to consumers – a use of the facility generally forbidden according to the terms and conditions of most network operators.

Knowledge of the threat landscape

Marketers and advertisers consider SMS marketing as a reliable means of generating revenue – that sees 98 per cent of all text messages opened and read within seconds, and it’s precisely for this reason that criminals will try to exploit it.

However, in light of so many risks, it’s important that operators understand the damage that these spammers, scammers and fraudsters can do to their relationships with customers, and the threats that this damage can pose to their bottom line, their reputation, and their legal position with regard to compliance and regulations.

If they hope to combat these threats, operators must maintain a strong back-end infrastructure, with comprehensive network control and access, which must be relentlessly and continuously developed to prevent criminals from infiltrating their networks.

Most importantly, by ensuring their knowledge of the threat landscape is kept up to date, operators will be in a stronger position to navigate the increasingly dynamic and complex volume of spam, scams, and fraud attempts, and put the right precautions in place to protect their networks, their customers and their reputation.


Ilia-Xura-150x150.jpgIlia is Xura’s network security specialist, leading the product strategy for infrastructure solutions with a particular focus on spam and fraud related issues, and signalling network management. He has presented at a number of events around the world, to share his insight on the evolving network infrastructure, exploring how this may compromise security, and providing advice on how to protect the network from future attacks. Ilia began his career at Xura as a consultant in 2000 within Research and Development in multiple roles, from developer, architect, lead engineer to technical product management – this gives him a holistic view of how network infrastructure has evolved over the years and is best placed to understand the complexities it entails.

Read more about:

Get the latest news straight to your inbox.
Register for the newsletter here.

You May Also Like