Top Telecom Fraud Trends for 2024 & How to Prevent Them

1. AIT accelerated A2P fraud

Artificial Inflation of Traffic (AIT) is a type of fraud that affects the Application-to-Person (A2P) SMS path. Traffic is artificially increased to generate revenue. Fraudsters utilize bots to boost traffic and send fake one-time passwords (OTPs) to manipulate conversion metrics and create false revenue streams.

AIT is estimated to account for 5% of all worldwide A2P traffic and will cost brands $2.4 billion between 2022 and 2024.

The three main categories of AIT fraud expected to have a major market impact are:

• Counterfeit fabrication AIT: An aggregator adds fake data or traffic while it's being transferred through the system.
• Human and bot amplification of AIT: Traffic is generated by OTPs and other triggers from brand websites and services.
• Masquerade parasite generation of AIT: This involves traffic being injected through CPaaS accounts.

Due to the widespread use of AIT in the messaging ecosystem, an estimated 19.8 billion and 35.7 billion fake messages were sent in 2023 — and business leaders report that the threat is accelerating.

Solution: Integrate strict security measures within your communication platforms. In addition, when choosing a business solution partner, consider the built-in fraud protection tools they offer.

For instance, Plivo Verify API offers a multi-channel two-factor authentication (2FA) solution and an in-built Fraud Shield, designed to mitigate the risk of AIT scams.

The advanced capabilities of the Plivo 2FA API allow you to send images, reach multiple recipients, and set message expiration. Messages that aren't delivered within a certain period are marked as “Failed” with error code 420 and are not charged to customers.

2. Toll fraud

Toll fraud, or International Revenue Sharing Fraud (IRSF), is when fraudsters exploit cloud-based systems. Unlike A2P fraud, toll fraudsters make money by phone calls instead of sending messages. 

Toll fraud impacts landline and mobile phone lines in more than 200 countries. The rise and resale of the number range, where up to 10,000 new IRSF-related areas are promoted weekly, indicate the profitable nature of toll fraud.

The frequent methods fraudsters employ to carry out IRSF are:

• PBX hacking: Unauthorized access to a company's telecommunications network to make international calls to premium rate numbers.
• Automated dialers: Programmed to call numbers at high frequency, which generates high traffic to specific destinations.

The most susceptible groups to toll fraud are Voice over Internet Protocol (VoIP) users, businesses that employ premium-rate numbers, and individuals who handle overseas communications.

Solution: You may not discover toll fraud until your phone bill arrives without real-time monitoring. Plivo’s Fraud Shield protects against high-risk outbound calls with static controls, such as:

• Geo-permissions: Disable communications to high-risk countries where users are not present.
• International Toll Fraud Protection: Create call blocklists for specific high-risk prefixes.
• Number validation: Validate phone numbers to reduce the risk of sending OTPs to fraudulent numbers.

Fraud Shield classifies destination countries based on risk levels. Using Plivo’s robust fraud control, you can set up thresholds based on these risk classifications to ensure that higher-risk countries have stricter controls to minimize the chances of fraud.

3. Account takeover (ATO)

Data breaches expose millions of users' passwords and personal data on the dark web, giving fraudsters the tools to carry out account takeover (ATO) attacks.

ATO involves using stolen personal data to hack accounts and gain access to bank and credit card information. In the second quarter of 2023, there was a 354% year-over-year increase in ATO attacks.

These scams aren’t limited to the financial sector — they also target government organizations. 

Solution: MFA is essential in eliminating account takeover attempts. A reliable MFA provider should support SMS, email, phone calls, hardware tokens, and other forms of authentication for secured verification.

Plivo provides global multi-channel OTP/2FA solutions, ensuring all Verify API requests are encrypted and transmitted securely over HTTPS. Plivo's API authenticates OTP transactions using your auth ID and auth Token, making it easy to integrate into existing systems by utilizing standard HTTP verbs and status codes.

4. Spoofing

Phone number spoofing is another common fraud tactic. Scammers manipulate caller IDs to display fake information, often using local phone numbers. They typically impersonate government agencies to trick recipients into sharing sensitive data such as bank or credit card details. Juniper Research reports that global mobile users have lost $58 billion to fraudulent spoofing calls.

Caller ID spoofing causes financial loss and reduces trust in mobile communications. While advancements in voice call technology have brought many benefits to organizations, they have also created new opportunities for fraudsters.

Solution: Work with telecom providers to implement STIR/SHAKEN caller authentication and trace the origin of calls. Secure Telephone Identity Revisited (STIR) and Signature-based Handling of Asserted Information Using toKENs (SHAKEN) authenticate calling numbers, increasing the credibility of caller IDs.

The Federal Communications Commission (FCC) requires carriers to adopt these standards to combat spoofing and provide accurate caller numbers and names.

Plivo’s built-in fraud control in SMS and Voice APIs help protect customers against SMS pumping and toll fraud and comply with STIR/SHAKEN protocols.

Developers can integrate anti-spoofing measures, including authentication protocols and number verification, using Plivo’s API to secure both inbound and outbound communications.

5. Robocalls and spam messaging

Robocalls are automated phone calls that send pre-recorded messages to multiple recipients at once. Robocalls are used for telemarketing, public service messages, and political campaigns. However, their connection to scams and fraudulent activities poses a serious threat to phone users' privacy and security.

According to the National Consumer Law Center, Americans receive 33 million fraudulent robocalls daily and 50 billion annually.

Fraudsters also utilize AI to create phishing emails that mimic the professional tone of reputed companies to collect personal data. With such tools at their disposal, even scammers with no prior coding knowledge can become hackers in an instant.

Solution: Carriers in the United States have mandated that companies register their brands and use 10-digit long codes (10DLC) for A2P texting. These numbers help distinguish legitimate messages from spam. Additionally, shortcodes must be configured according to carrier requirements, and toll-free numbers need to be validated before use.

Plivo enhances brand trust and recognition with higher-throughput mobile numbers, 10DLC, and short codes for SMS and MMS.

Customers can also automate the 10DLC registration process by using the upgraded server SDKs from Plivo. On the Plivo console, you may link numbers to campaigns and register brands and campaigns.