March 30, 2021
Cybercriminals are becoming more brazen and sophisticated by the day. The latest cybercrime, described by Joseph Cox in his article A Hacker Got All My Texts for $16, is particularly disturbing because it requires almost no technical knowledge and targets a victim’s phone number without them even knowing.
Recognizing this, organizations such as Prove have architected the trust and identity platform to stay ahead of attackers that exploit vulnerabilities in our telecommunication systems.
This latest SMS theft hack used Sakari, an SMS marketing platform, to exploit a service known as OSR (Override Services Registry). The OSR serves a critical function in our communications infrastructure because it allows VoIP (Voice Over Internet Protocol) landlines and certain MVNOs (Mobile Virtual Network Operators) to receive SMSes. In this case, the attackers fraudulently added entries to the OSR to send copies of SMSes to themselves. This allowed the attackers to retrieve SMS one-time passcodes.
Consumers’ digital life experiences are increasingly mobile, and their daily touchpoints with a variety of service providers are rapidly exploding. Whether logging into a dating app, verifying an e-commerce payment, or proving eligibility for vaccination, the need for frictionless safeguards to protect individuals and online communities is higher than ever. But, the right technology that works behind the scenes will help safeguard people from fake account openings, authorizing high-value financial transactions, and everything in between.
For instance, when a Prove client asks if a phone number is safe to send a text message to or engage with, Prove will check the OSR, among many real-time checks, including SIM swap, to calculate a real-time Trust Score™. A low Trust Score™ will tell Prove clients to apply the appropriate policy, such as not sending a given SMS.
With phone numbers and mobile phones becoming the master keys to our digital lives, it’s important to protect consumers from fraud by bolstering SMS with modern, real-time fraud protection.
Read and learn about FinTech topics you are interested in.