Are you feeling the SMS profit pinch?

It doesn’t get airtime, but SMS faking hasn’t gone away – far from it.

This type of fraud is an everyday struggle in the SMS ecosystem. Potentially costing a large MNOs millions of dollars per year, P2P SMS global title faking is a popular form of international revenue share fraud.

It works like this: A fraudster sends SMS messages to MNO subscribers. Sometimes they use fake sender information belonging to a different carrier. The recipient MNO then invoices the owner of the faked information rather than the fraudster and the actual originating MNO.

As the actual sender details are hidden at the billing layer, none of the carriers involved can process the billing correctly. And sadly, as the tools needed to perform this type of fraud are easy to get hold of, it’s relatively easy to pull off.

Fraudsters use faking to sidestep the cost of SMS termination. It’s also a convenient and cost-effective way to send spam and malware attacks (phishing). Typically, content includes links to commercial apps/services or marketing campaigns.

To see how badly faking impacts recipient MNOs, let’s look at two faking examples where the issue was identified after invoicing. An in-depth investigation uncovered the root cause – faking in conjunction with insufficient traffic spike monitoring.

The conclusion? Global title faking can account for up to 90% of the total termination P2P traffic invoice.

Example one shows an MNO that didn’t bring in stricter monitoring or anti-faking measures. The faking continued for 3 months.

Example two shows an MNO that brought in strict anti-faking measures in month 3. The faking reduced massively.

Large MNOs are more likely targets for faking because of their large subscriber bases. Also, they often have more budget and manpower to fight fraud attacks.

Let’s dig a bit deeper into how global title faking works in SMS.

The graphic below shows that the fraudster only sends their actual address information in the first message to the receiving MNO (see #1).

The fraudster has to provide accurate routing information at this stage to get the information they need to route the SMS to the end-user.

Once the fraudster gets the correct routing information, they can change the message content and the billable information (see #3).

Now the fraudster can remove their actual sender information and replace it with details from another carrier. As SMS is billed in this third leg of the journey, the fraudster avoids paying for message delivery.

Unless they’ve taken steps to protect against faking, it could be months before a recipient MNO finds an issue. In most cases, it comes to light when the owner of the information queries an invoice.

According to standard contracts and industry practices, the impersonated MNO isn’t responsible for questionable costs. If the fraud happened some time ago, the receiving MNO might struggle to find information on the fraudster – the original routing requests might no longer be in their systems.

As well as the lost termination revenue for MNOs, troubleshooting costs can be massive if several employees spend hours trying to get to the bottom of each case. Intensive investigations can cost more than 4K EUR each, depending on difficulty and employees involved.

These attacks will continue unless targeted MNOs put anti-faking measures in place. Blocking spoofed carrier addresses only damages the messaging ecosystem: Routing information is public, so fraudsters can simply switch to valid information owned by a different MNO.

The best way to fight this type of fraud is to verify information in both steps of the SMS transmission process and engage the fraudster before it is too late.

Are you affected by faking? For more information check out our SMS Firewall and SMS for Operators offer or contact us or your account manager.

Read our next blog post in this series Global title faking in SMS: How to fight back, where we take a technical look at how global title faking works, dive into what MNOs can do to address it and discuss how Sinch can help.