New technical report on unwanted text messaging

ATIS has published a new technical report on unwanted text messaging. The report describes SMS (Short Messaging Service) delivery, unwanted messaging techniques, and countermeasures. Let’s have a look.

Unwanted message types

This technical report on the SMS Unwanted Message Mitigation Landscape describes various types of unwanted messages:

  • Spoofed Sender ID. This is rare because the sender ID is inserted by the network, not the sender.
    • Also, there’s little advantage to spoofing the sender ID because it is not used to look up and display the sender’s name as is done with voice calls.
  • Non-Spoofed Impersonation. This is a more common tactic whereby the context of the message impersonates someone else, e.g., a bank, IRS, Amazon, or a public utility.
  • Link Attacks. The message includes a URL link used to open a browser and collect the victim’s information via phishing.
  • Malware. The message includes a URL link to a malicious website to attempt to install malware on the victim’s device.
  • Unsolicited Advertising. The message contains marketing messages without prior consent from the recipient.
  • Phishing Attacks. The message tricks the victim into revealing sensitive information such as authentication credentials by calling a number, replying to the text, or clicking a link.

Messaging techniques

Unwanted messages are typically sent via the following techniques:

  • Gray Routes. These routes bypass operator policies.
  • Consumer Channel Abuse. Non-consumer messages are disguised as coming from a consumer.
  • SIM Boxes. Used to impersonate consumer messages.
  • Disposable Telephone Numbers. Messages are sent from “burner” numbers, often spreading a few calls at a time across many numbers, a technique called “snowshoeing.”
  • Email Gateways. Most U.S. carriers provide an email-to-SMS gateway, which fraudsters use to send unwanted messages.
  • Compromised API Credentials. Fraudsters hack into someone else’s account to send unwanted traffic.

Countermeasures

  • Know-Your-Customer Registration and Vetting
  • Monitoring and Blocking
  • Anti-Spoofing Sender Authentication
  • Cooperation Among Stakeholders
  • Message Branding—Rich Sender Data
  • Email Gateways
    • Enhanced authentication techniques, such as SPF, DKIM, and DMARC.
    • Limit access to highly vetted sources.
    • Decommission email gateways entirely.
Skeptical woman looking at her phone

TransNexus solutions

TransNexus is a leader in developing innovative software to manage and protect telecommunications networks. The company has over 25 years of experience in providing telecom software solutions including branded calling, toll fraud prevention, robocall mitigation and prevention, TDoS prevention, analytics, routing, billing support, STIR/SHAKEN and SHAKEN certificate services.

Contact us today to learn more.

Request information

* required

This information will only be used to respond to your inquiry. TransNexus will not share your data with any third parties. We will retain your information for as long as needed to retain a record of your inquiry. For more information about how we use personal data, please see our privacy statement.