Companies should prioritize the security of their mobile channels to protect against AIT scams, according to security experts. Implementing strong controls, monitoring systems, and user verification processes is crucial to ensure the integrity of SMS communications. It is also important for organizations to collaborate with app developers and mobile network operators (MNOs) to share information, best practices, and countermeasures to combat AIT scams collectively, says Albrecht, a security professional.
Awareness is the first step in combatting AIT scams. By staying informed about emerging threats like AIT scams, Chief Information Security Officers (CISOs) and Chief Security Officers (CSOs) can proactively assess risks and allocate resources to mitigate the financial and reputational impacts of these scams, states Albrecht. Mandy Andress, the CISO at Elastic NV, agrees with the importance of being aware of these scams. While traffic pumping does not exploit a security flaw directly, it takes advantage of the ease of creating new accounts, Andress explains. Attackers can leverage this process for malicious activities depending on the availability of the service. From a security perspective, Andress emphasizes the need to focus on authentication and the new account creation process rather than relying solely on SMS, which has proven to be insecure. Implementing multifactor authentication or other approaches can enhance security and prevent these types of scams from being successful, while also improving the security for customers’ accounts.
To reduce SMS AIT fraud, a multifaceted approach involving detection, prevention, and response strategies is necessary, explains Gibbons, a security expert. Building a strong, multilayered defense is essential, and it includes regular audits of mobile traffic and advertising campaigns, awareness programs to educate teams about the risks and signs of AIT scams, user behavior analysis to identify fraudulent traffic, and partnering with trustworthy ad networks known for combating fraud effectively.
Yale Fox, a member of the Institute of Electrical and Electronics Engineers, provides further best practices to mitigate mobile SMS AIT fraud. Blocking bots by default, particularly those that do not identify themselves, can effectively reduce fraudulent traffic. Implementing reCAPTCHAv2 on mobile apps can distinguish between human users and bots, significantly reducing bot activity. Rate limiting, setting a limit on the number of requests a user or IP address can make within a certain timeframe, can slow down or halt fraudulent traffic. Device fingerprinting can track devices based on their unique configurations, helping identify suspicious patterns or recurring fraudulent activity. Honeypots, which are decoy systems or traps that lure attackers, can gather information to improve security measures. Implementing passkeys, which are constantly changing passwords, can solve various password-related issues and increase security.
As technology evolves and new forms of AIT fraud emerge, continuous learning, adaptability, and vigilance are crucial, according to Gibbons. Staying informed and up to date with the latest developments is fundamental to staying ahead of fraudsters. By understanding the risks, taking proactive measures, and working together, the risks associated with AIT fraud can be mitigated, creating a safer and more trustworthy digital environment, concludes Gibbons.