Every day, cybercriminals grow more brazen and sophisticated. The latest cybercrime, described by Joseph Cox in his article A Hacker Got All My Texts for $16, is particularly disturbing because it requires almost no technical knowledge and targets the victim’s phone number without them even knowing. Fortunately, Prove already has the capabilities to prevent this new fraud from taking hold.
Phone numbers and mobile phones have become the master keys to our digital lives. At Prove, we have architected a trust and identity platform to help the nation stay several steps ahead of attackers that exploit vulnerabilities in our telecommunication systems.
This latest SMS theft hack used an SMS marketing platform called Sakari to exploit a service called OSR (Override Services Registry). The OSR serves a critical function in our communications infrastructure because it allows VoIP (Voice Over Internet Protocol) landlines and certain MVNOs (Mobile Virtual Network Operators) to receive SMSes. In this case, the attackers were able to fraudulently add entries to the OSR to send copies of SMSes to themselves. This allowed the attackers to retrieve SMS one-time passcodes.
The good news is that Prove’s Trust Score™ has already designed the capability to detect and stop this fraud. Consumers’ digital life experiences are increasingly mobile, and their daily touchpoints with a variety of service providers are exploding rapidly. Whether logging into a dating app, verifying an e-commerce payment, or proving eligibility for vaccination, the need for frictionless safeguards to protect the individual and online communities is higher than ever. Prove’s technology works behind the scenes to offer its clients the control and confidence to manage the spectrum of digital-native use cases, preventing fake account opening to authorizing high-value financial transactions and everything in between.
When a Prove client asks if a phone number is safe to send a text message to or engage with, Prove will check the OSR, among many real-time checks, including SIM swap, to calculate a real-time Trust Score™. A low Trust Score™ will tell Prove clients to apply the appropriate policy, such as not sending the given SMS.
As Prove continues to protect consumers from fraud by bolstering SMS with modern, real-time fraud protection, Prove is proud to join forces with leaders from a wide array of industries to call for a wholesale reduction of using SMS for authentication purposes.
To learn how you can protect your clients and prevent fraud, visit www.prove.com.