As technology evolves, so do the fraudsters. 

We've seen a rise in fraud where bad actors target phone verification forms with thousands of requests. This type of attack, known as SMS Traffic Pumping (aka SMS Artificially Inflated Traffic), similar to attacks like International Revenue Share Fraud (IRSF), causes inflated traffic to your app with the intent to make money but not to steal information.   

Unfortunately, this means you might be hit with higher than expected bills from your telecom provider if your application isn't designed to prevent it. While this is a globally-recognized, growing challenge, it’s often more prevalent across mobile carriers in less regulated markets. 

What can you do?

Does your business send SMS One-time Passcodes (OTPs) at onboarding, logins, or high-value transactions as a second factor of authentication? The Twilio Verify API now offers Verify Fraud Guard to mitigate SMS Traffic Pumping attacks. Twilio Verify is a turnkey, fully managed API, purpose-built for OTP use cases.