![[The AI Show Episode 144]: ChatGPT’s New Memory, Shopify CEO’s Leaked “AI First” Memo, Google Cloud Next Releases, o3 and o4-mini Coming Soon & Llama 4’s Rocky Launch](https://www.marketingaiinstitute.com/hubfs/ep%20144%20cover.png)
![Rogue Company Elite tier list of best characters [April 2025]](https://media.pocketgamer.com/artwork/na-33136-1657102075/rogue-company-ios-android-tier-cover.jpg?#)
.webp?#)
![Here’s the first live demo of Android XR on Google’s prototype smart glasses [Video]](https://i0.wp.com/9to5google.com/wp-content/uploads/sites/4/2025/04/google-android-xr-ted-glasses-demo-3.png?resize=1200%2C628&quality=82&strip=all&ssl=1)
![New Beats USB-C Charging Cables Now Available on Amazon [Video]](https://www.iclarified.com/images/news/97060/97060/97060-640.jpg)
![Apple M4 13-inch iPad Pro On Sale for $200 Off [Deal]](https://www.iclarified.com/images/news/97056/97056/97056-640.jpg)
Threat Actors Turning Messaging Service into a Cash Making Machine
A sophisticated fraud scheme known as SMS pumping is quietly draining millions from businesses worldwide by exploiting SMS verification systems. This cybercrime tactic, similar to a modern-day toll scam, involves artificially inflating SMS traffic through automated means, generating fraudulent revenue while leaving legitimate businesses to absorb unexpected costs. The scheme has become increasingly prevalent as […] The post Threat Actors Turning Messaging Service into a Cash Making Machine appeared first on Cyber Security News.
A sophisticated fraud scheme known as SMS pumping is quietly draining millions from businesses worldwide by exploiting SMS verification systems.
This cybercrime tactic, similar to a modern-day toll scam, involves artificially inflating SMS traffic through automated means, generating fraudulent revenue while leaving legitimate businesses to absorb unexpected costs.
The scheme has become increasingly prevalent as more companies adopt SMS-based authentication methods for user verification, creating a lucrative opportunity for cybercriminals seeking to monetize messaging infrastructure vulnerabilities.
At its core, SMS pumping involves threat actors triggering large volumes of verification messages through fake account registrations or password reset requests.
These actions prompt companies to send out verification codes via SMS, with each message incurring a cost.
The fraudsters collaborate with rogue telecom providers or intermediaries who intercept the inflated SMS traffic, typically avoiding actual message delivery to reduce expenses while still collecting revenue from the legitimate business.
Group-IB researchers identified a significant SMS pumping operation where attackers created over 500 synthetic identities to target a company’s Know Your Customer (KYC) onboarding process.
This attack, documented in April 2025, demonstrated how even robust security measures can be exploited for financial gain.
The fraud attempt was only discovered because the perpetrators misconfigured their operation, generating an unmistakable surge of registration attempts within a single hour rather than distributing them throughout the day to blend with normal traffic patterns.
Turning Messaging Service into a Cash Making Machine
The financial consequences of such attacks are substantial. Twitter (now X) famously lost approximately $60 million annually due to SMS pumping fraud before Elon Musk intervened in late 2022.
The company discovered that 390 telecom operators were allowing bot accounts to exploit its two-factor authentication system, generating fake SMS traffic to inflate their own revenue.
For smaller businesses, even modest artificial traffic inflation can result in thousands of dollars in unnecessary expenses monthly.
The attack vectors typically involve four phases: preparation (registering multiple phone numbers through SIM farms or fake identities), execution (triggering high volumes of verification requests), defense evasion (using tactics to bypass rate limits and fraud detection), and monetization (routing traffic through rogue providers who manipulate delivery reports without actually delivering messages).
During the investigation of the KYC exploit, Group-IB’s Fraud Protection system detected several technical indicators revealing the fraudulent nature of the attack.
The system identified that more than 500 fake accounts were created using identical hardware device fingerprints, a clear indicator of coordinated automation.
.webp)
The traffic originated from known hosting services and high-risk ISPs, environments commonly associated with fraud operations rather than genuine users.
The attack visualization graph further confirmed the bot-driven nature of the registrations.
All fabricated identities connected through the same fingerprint despite attempts to appear as separate users.
The attackers employed sophisticated session management, assigning fresh cookies to each new identity to create the illusion of different users while maintaining the same underlying hardware setup.
Particularly telling was the unnatural keystroke behavior exhibited in the captured sessions.
.webp)
The system flagged medium to high-risk keystroke patterns that suggested scripted or automated input during registration.
These patterns, combined with the use of disposable email addresses, created a distinctive technical footprint that allowed for identification of the fraudulent activity.
The financial threat posed by SMS pumping extends beyond direct messaging costs to include potential service disruptions, customer trust erosion, regulatory penalties, and long-term reputation damage—making detection and prevention critical priorities for organizations utilizing SMS verification systems.
Equip your team with real-time threat analysis With ANY.RUN’s interactive cloud sandbox -> Try 14-day Free Trial
The post Threat Actors Turning Messaging Service into a Cash Making Machine appeared first on Cyber Security News.
