Fergal Parkinson
Published on: August 1, 2023
Few people outside of niche techy circles had even heard of AIT until this year – now it’s something of a buzz phrase.
The single biggest reason is – Elon Musk.
The tech sector’s highest-profile character – the outspoken, performative man behind PayPal, Tesla, SpaceX and rockets to space – dragged it screaming into the spotlight in the early days of his new role as the owner of Twitter.
“I discovered that Twitter was being scammed to the tune of $60 million a year for SMS texts,” he raged. “Basically, there are telcos who are not being super honest out there, in other parts of the world, who were basically gaming the system and running, like, two-factor authentication SMS texts over and over again, and just creating a zillion bot accounts to literally run up the tab so that Twitter would SMS text them, and Twitter would pay them millions of dollars, without even asking about it.”
Elon – welcome to Artificially Inflated Traffic.
Like many things in the digital world this long-winded phrase is usually reduced to its acronym, AIT. Or it’s sometimes described alternatively as AGT – Artificially Generated Traffic – but it amounts to the same thing.
And Musk’s description was pretty much spot on, although it’s usually described somewhat less frankly.
It’s essentially a scenario in which bad actors use bots to register new accounts on websites, with each new application automatically generating the sending of a one-time passcode (OTP) via SMS.
The reason they do this is that the ultimate client – in Musk’s case Twitter – will foot the bill for the OTP messages sent to all these bot accounts. And although the amount charged for each single message sent is relatively low, if those bots can work up hundreds of thousands or even millions of new applications, then the aggregated sum for the scammer can be very lucrative indeed.
By artificially inflating traffic they generate revenue in the absence of a single real new customer.
And, as Musk says – because payment takes place all but automatically – the money can disappear before anyone has even noticed it’s happening. The scammers will further work this under-the-radar aspect deliberately. For example, they’re fond of initiating a wave of applications on a Friday evening when they’re less likely to be detected – and addressed – for hours longer than in another slot.
But where Musk does oversimplify is in his attribution of blame: ‘there are telcos who are not being super honest’.
This reductive statement suggests that there’s a single visible culprit for each AIT scam – in fact, infuriatingly, there almost always isn’t, which is what makes it so difficult to call out the offender and cease trading with them.
This is because of the complexity of the digital chains involved in these processes, with multiple agencies interacting with each other and each paying and receiving fees in small sums.
So, trying to identify ‘whodunnit’ and initiate sanctions against them after they ‘dunnit’ is usually a doomed enterprise: it’s very difficult to work out who the culprit is and if you disrupt the existing connections speculatively you could be cutting off genuine new customers whom, of course, you’re desperate to engage.
It makes much more sense to adopt the most up-to-date procedures at the point of onboarding. By using telcom data-driven screening processes, host companies can detect in seconds whether the number used at the point of sign-up is genuine and connected to a real person. Our version of this is called TMT Authenticate – but other products are available, as they say on the BBC. The point is with these procedures is you don’t let your platform get flooded with fake customers so you no longer know who’s real and who’s not – and you don’t need to send OTPs at all because the verification security is of such high integrity they’re simply not required. So, there’s no risk of AIT attacks whatsoever.
But, of course, sometimes you just aren’t in the right place to tear up your onboarding procedures and start again. If you still need to use SMS-delivered OTPs as a customer communication tool for now then we have an alternative product, TMT TeleShield, which can work with what you’ve got and make it much more secure. This weeds out those bot numbers and ensures that only genuine, active numbers attached to a real person in the place they claim to be can receive them – and blocks, for example, premium rate numbers or invalid numbers linked to attempted AIT.
Musk, characteristically, tried to come up with his own solution: “I said cut off any telco that’s got fraud above 10 percent. Now that has caused some havoc in many parts of the world. Now we’re going back to the telcos and saying: ‘Listen, if you stop scamming us, then we will gladly pay you some amount of money for SMS texts, but you can’t turn a blind eye’. We’ll take 10 percent fraud, but we’re not going to take 90 percent fraud.”
I’m not sure this approach could ever be functional or even cost effective. It’s much cheaper to invest in protocols to avoid the problem. But Musk will be Musk.
For the rest of us it’s more about practical ways forward. Because of course this issue is global. Twitter is only the tip of a very lucrative and slippery AIT iceberg.
Last updated on September 18, 2024
"Phone number verification plays a critical role in helping to detect and prevent online fraud. TMT ID’s TeleShield product provides easy access to global mobile data, enabling us to enhance the actionable results of our MaxMind minFraud® services."
"BTS (Business Telecommunications Services) is successfully using TMT’s Velocity and Live services to check the status of mobile numbers. This way we make sure we optimize the performance of the service offered to our customers and ensure the quality of terminating traffic to all countries.”
"Working with TMT’s TeleShield service has expanded our ability to detect fraud and minimise the risk to our business. TeleShield brings peace of mind and the opportunity to stop fraud before it affects our customers’ bottom line or the service."
"LATRO relies on TMT’s TeleShield to provide the most up to date and reliable numbering qualification information within our fraud reporting tools, enabling us to protect our customer’s revenues and empowering them to defend themselves against fraudulent numbers."
"TMT is a valued partner that enables us to manage our routing costs effectively. They proactively and continuously expand their operator and country coverage while delivering exceptional customer service. We can always count on them to achieve high-quality results and look forward to our continued collaboration."
"TMT provides us with the most comprehensive numbering intelligence data through their fast and reliable Velocity and Live services. TMT is a trusted partner for us, their products ensure that we continue to optimise the best performance and service to our customers."
"TeleShield from TMT gives 42com the power to detect and target telephony fraud scams internationally, thereby protecting our company from the financial and customer experience impacts of telecommunications fraud."
"It has been a pleasure to work with the team at TMT. They have become an essential provider of accurate numbering data information and Number Portability services globally."
"Deutsche Telekom Global Carrier uses TMT ID as one of their key suppliers for Mobile Number Portability Data services. Deutsche Telekom Global Carrier uses TMT ID’s Velocity MNP solution. This is an ultra-fast query service that optimises the routing of international voice calls and A2P messaging."
We provide the most comprehensive device, network and mobile numbering data available
Contact us > Chat to an expert >
