FIRESIDE CHAT: Outrageous phone bills stun businesses targeted for ‘SMS toll fraud’

By Byron V. Acohido

SMS toll fraud is spiking. I learned all about the nuances of deploying – and defending – these insidious attacks in a recent visit with Arkose Labs CEO, Kevin Gosschalk, who explained how the perpetrators victimize businesses that use text messages to validate phone users signing up for a new account.

Related: Countering Putin’s weaponizing of ransomware

The fraudsters set themselves up as “affiliates” of phone companies in Indonesia, Thailand and Vietnam and then use bots to apply for online accounts, en masse, at a targeted business. The con: each text message the business then sends in return —  to validate the applicant — generates a fee for the phone company which it shares with the affiliate.

This fraudulent activity usually remains undetected until the business receives a bill for an unusually high number of text messages sent to seemingly legitimate users.

Guest expert: Kevin Gosschalk, CEO, Arkose Labs

As a solution, Arkose Labs aims to increase the cost of attacks, making them less profitable for the fraudsters.

Their technology detects malicious actions and offers differing levels of challenges, based on a risk threshold. They also provide their customers with threat intelligence that can be used to prevent attackers from profiting. For a full drill down on our discussion, please give the accompanying podcast a listen.

This is one more example of cybercriminals cleverly exploiting the flaws in a convenient business process. It surely won’t be the last. I’ll keep watch and keep reporting.


Pulitzer Prize-winning business journalist Byron V. Acohido is dedicated to fostering public awareness about how to make the Internet as private and secure as it ought to be.

(LW provides consulting services to the vendors we cover.)

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someone