Fraud and security, Insights

Mirror mirror on the wall, who’s the baddest smisher of them all?

Image for Mirror mirror on the wall, who’s the baddest smisher of them all?

By Robert Gerstmann, Chief Evangelist and co-founder at Sinch

Once upon a time we lived in a land where all our data was respected and protected, and we didn’t need to worry about scams, phishing, and fraud. It was a world full of turreted castles, unicorns, and colorful landscapes. Sadly, life isn’t a fairy tale.

Over the past few years, we’ve seen many of our assumed certainties challenged. The wonderful world of technology is no exception. While it’s brought many opportunities, helping us to connect and live our everyday lives, the tech sector is also experiencing an unprecedented level of challenges that can leave some of us exposed to exploitation — not exactly a happy ending!

But let’s start from the beginning. Over the past twelve months, the team at Sinch has been raising awareness around consumer and data protection and how it’s being undermined by harmful activities undertaken by SIM farms. In Europe, SIM farms are illegal as they breach GDPR. Companies must take more responsibility. It’s time to address the mess. As we approach International Data Protection Day, we have a cautionary tale to tell. We’re not asking you to kiss the frog, but we’re asking companies to be more vigilant to avoid the villains in the piece.

Are you sitting comfortably? Then we shall begin.

Chapter one – Back to basics: A year ago, I authored a piece on SIM Farms — illegal channels for business SMS that are exploiting businesses’ consumer data and exposing their customers to fraud and SMS phishing, aka smishing. In addition, companies risk breaching GDPR and could face hefty fines. At the same time, many of them are simply unaware of the presence of SIM farms in their delivery chains.

Chapter two – The problem is bigger than you think: In 2019, smishing is estimated to have cost European consumers at least €600 million — and the numbers have kept rising since the start of the pandemic. As one of the world’s leading business SMS providers, Sinch is best placed to try and measure the problem. Over a two-month period in 2022, we monitored the European SMS traffic of 22 major tech brands and 21 mobile operators in 16 EU countries to check how messages were being sent. The results are quite striking:

  • Only two countries were free of SIM farm activity
  • 59% of the tech brands’ SMS were sent via SIM farms
  • One in two of the mobile operators had traffic sent to their subscribers via SIM farms

Chapter three – It’s a risky business: As this is a relatively unknown phenomenon, we need to get beyond the statistics. Being a global leader means Sinch needs to better understand the ecosystem within which SIM farms operate and how companies are using them, so we can advise our clients on how to avoid them. We’ve recently commissioned additional research looking at the deep dark web, interviewing more than 40 law enforcement individuals, government regulators, legal advisors, consulting experts, commercial partners, and perpetrators. It shows that SIM farms are unregulated, widespread, and publicly associated with cybercrime and corruption in multiple forms of online and telecom fraud. They also harvest and resell consumers’ personal data or misuse the data themselves. SIM farm operators are also associated with online gambling, human trafficking, kidnap, and ransom. Grim reading — and I’m not referring to the Brothers Grimm.

Chapter four – Address the mess and protect your consumers: Companies need to wake up from a deep sleep and acknowledge there’s a problem. By working together, we’ll find the best solutions to this growing threat. Things may seem fine for the moment, but they’re not, and regulators will become increasingly aware of what’s happening. Understanding your delivery chains, how you’re exposing yourself to SIM farm abuse and eliminating them from your business SMS traffic is now business-critical.

So, as our tale unfolds, we invite you to follow our campaign over the next coming weeks through to its conclusion ahead of World Consumer Rights Day on March 15. We’ll be sharing insights from our research and resources to help you better understand the SIM farm threat and how best to address it. As Snow White may have once said, let’s be Happy not Dopey. Let’s address the mess and help consumers live happily ever after.

Visit our resource page to get more insights into how to protect your business and customers against SMS fraud.

Related blogs