Verify

Verify and validate customers globally using their phone number.

Velocity

Discover the network provider for every mobile number globally.

Authenticate

Protect customers, accounts, and transactions within your app.

Live

Discover if a mobile number is assigned to a subscriber.

Score

A real time phone number credibility score.

TeleShield™

Identify if a number has the propensity to be used for fraud.

Banks and Financial Services
E-Commerce
Insurance
Mobile Messaging
Gaming & Gambling
Communication and Service Providers
Identity & Verification Providers
eBooks
News
Developers
FAQ
About us
Events
Careers
Contact us
Articles

Phishing Tackle for sale

Credit card on a laptop keyboard with a fish hook, implying a phishing scam concept involving silent authentication.

At TMT there are a number of reasons why we’re excited about our new service TMT Authenticate, our new frictionless silent authentication service, partly because we believe that it represents the mobile ecosystem getting back on the front-foot in the fight against fraud.

However, some interesting intelligence this week from Microsoft illustrates very efficiently why things need to move forward.

Microsoft’s threat intelligence team have been monitoring the activities of a group they call DEV-1101 and who have started to sell a ready-to-go Phishing kit, which amongst other things allows fraudsters to bypass the very security mechanism designed to protect users, such as SMS One-Time Password (OTP).

Put simply, the kit includes a range of standard templates to mimic things such as Microsoft Outlook,  but the really interesting thing is that it uses AI ‘bots’ to sit in the middle of the authentication process, circumventing existing 2-factor authentication (2FA).

When the victim falls for a Phishing email and ‘clicks the link’ they are taken to a web page that looks and feels like the real login page of their favourite brand, but is obviously there to harvest their login data. The AI will gather these credentials and in parallel open a login session with the real site. When the real site sends their request for a 2-factor authentication such as a one-time password, the bot will mirror that on the fake site, so the user inputs the correct code into the fake site, and the bot in turn then quickly transfers it to the real login attempt being perpetrated by the fraudster.

Microsoft say this kit was first advertised online almost a year ago, and sells for as little as $300 for the standard version and $1000 for the deluxe version.

Whilst the above is not doing anything we haven’t seen before it is of course substantially lowering the fraudsters barrier to entry and is expected to herald a massive increase in this type of crime, circumventing a OTP which let’s face it is the most common form of 2-factor authentication out there and still in use by the majority of online brands.

Why this is relevant to TMT Authenticate is also pretty simple, because it works directly in conjunction with the Mobile Network Operators who are authenticating the device from encrypted data held on the SIM card, it does not require a user to enter any credentials, so there is nothing to share with any bad guys.

Furthermore, the communication flow does not just involve the device, because the authentication messaging goes directly between the operator, TMT Analysis and the website you are trying to access, not the handset. Therefore, it’s never going to be susceptible to these kinds of so-called Man-in-the-middle attacks because there is nothing to intercept.

Authenticate explanation design one app blog post

As ever, the advice from the industry remains the same:

  1. Always be on the lookout for suspicious emails;
  2. Don’t click the link – unless you are sure its genuine;
  3. Talk to TMT Analysis about Authenticate and see if it can improve the security and user experience of your customers!

Last updated on March 21, 2024

Contents

Related Articles

Romance Fraud: The Honeytrap Scandal at the Heart of the UK Government

Promotional graphic for an article on victim of fraud by Edward Glasscote with a zoomed-in view of figures representing people.

Who are the Victims of Fraud?

An older woman examining a document with a magnifying glass, accompanied by a promotional graphic for an article discussing the resilience of older customers against scammers.

Why Older Customers Are Not The ‘Easy Targets’ Scammers Think


What Our Customers Are Saying

"BTS (Business Telecommunications Services) is successfully using TMT’s Velocity and Live services to check the status of mobile numbers. This way we make sure we optimize the performance of the service offered to our customers and ensure the quality of terminating traffic to all countries.”

Business Telecommunications Services

"TMT is a valued partner that enables us to manage our routing costs effectively. They proactively and continuously expand their operator and country coverage while delivering exceptional customer service. We can always count on them to achieve high-quality results and look forward to our continued collaboration."

Global Message Service

"TMT provides us with the most comprehensive numbering intelligence data through their fast and reliable Velocity and Live services. TMT is a trusted partner for us, their products ensure that we continue to optimise the best performance and service to our customers."

Global Voice

"TeleShield from TMT gives 42com the power to detect and target telephony fraud scams internationally, thereby protecting our company from the financial and customer experience impacts of telecommunications fraud."

Alberto Grunstein - CEO

"It has been a pleasure to work with the team at TMT. They have become an essential provider of accurate numbering data information and Number Portability services globally."

Luisa Sanchez - VP of SMS and Messaging Solutions, Identidad Technologies

"Deutsche Telekom Global Carrier uses TMT ID as one of their key suppliers for Mobile Number Portability Data services. Deutsche Telekom Global Carrier uses TMT ID’s Velocity MNP solution. This is an ultra-fast query service that optimises the routing of international voice calls and A2P messaging."

Deutsche Telekom Global Carrier

Ready to get started?

We provide comprehensive device, network and mobile numbering data available.

Contact us > Chat to an expert >