1 / 16

SMS fraud and SPAM guidelines by Infobip

GSMA Arab World, Kuwait, 14.4.2014. SMS fraud and SPAM guidelines by Infobip. Introduction. The first SMS message ever: by Vodafone UK on 3 December 1992 from Neil Papworth of Sema Group using a personal computer to Richard Jarvis of Vodafone using an Orbitel 901 handset

katy
Download Presentation

SMS fraud and SPAM guidelines by Infobip

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. GSMA Arab World, Kuwait, 14.4.2014. SMS fraud and SPAM guidelinesby Infobip www.infobip.com

  2. Introduction • The first SMSmessage ever: • byVodafone UK • on 3 December1992 • from Neil Papworth of SemaGroup • using a personal computer • to Richard Jarvis of Vodafone • using an Orbitel 901 handset • text was “Merry Christmas”. • SMS service today – 22yrs later • High popularity and volumes • Very high ROI, but decending revenues • Diverse: P2P, A2P, P2A, M2M • Rich ecosystem and mash connectivity • Popular fraud chanell • High customer impact and churn threat • Challenging control and monetization • The first commercial SMSmessage: • Initally only free network notification • First commercial SMS in 1993 • by Radiolinja(Telia) Finland • Only NOKIA supported SMS • Slow adoption due to fraud (0.4 SMS/sub/month in 1994) • On-net only by 1999 due to SMS spoof • In 2000. averages 25 SMS/sub/month www.infobip.com

  3. Fraud types by GSMA • Described in: • AA.50 – SMS fraud critera • AA.70/AA.71 – SMS fraud prevention • BA.43 – SMS handbook • Increased by lowering communication price and increasing demand • Fraud is affecting all aspects of network performance www.infobip.com

  4. 360° network impact ...expirence ...perception ...churn ...stability ...credibility ...delivery ...perception ...value ...integrity ...cost ...load ...stability ...cost ...load ...efficency www.infobip.com

  5. SMS Fraud managment www.infobip.com

  6. Basics of SMS fraud enviroment SS7 • Operator A is the sending Operator • Operator B will receive the message • Operator C is normally not involved in the message flow • The Signalling Provider represents the international signalling Network www.infobip.com

  7. SMS Fake B • Classification criteria in AA.50: • Own Address Criteria • Incorrect Operator Link Set Criteria • Unexpected ‘End’ Message Criteria • Abnormal Load Criteria • No Address Found Criteria • MAP Only Fake Criteria • Illegal Message Contents Criteria* • MAP error “unidentified subscriber” Criteria • All MAP or SCCP level manipulation on SMS MT indicating fake identity is used on either B or C side FSM_ACK >2% FSM_SM A C www.infobip.com

  8. SMS Spoof B • Classification cirteria in AA.50: • MSISDN Criteria • Location Criteria • Unusual Traffic Pattern Criteria • TAP with SMSC billing tickets comparison • Operator compliants critera • SS7 criteria • Incorrect Carrier Link Set Criteria • Comparison MAP – SCCP criteria • Manipulated SMS MO from foregin VLR to home SMSC • LocUp (outbound)/SMSMO • > [0,5] normal • <= [0,5] A www.infobip.com

  9. GT Scanning B • Multiple SMS MO sent from one location trying to access any open GT’s to be able to send free SMS • Multiple SRI_SM sent on random or consecutive parts of the range to detect ANY response • Used for data collection and database creation • Used to detect network weakness – unsecured nodes • Ease up future attacks and create high network load • Forbidden by GSMA SRI_SM for MSISDN SRI_SM for MSISDN+1 SRI_SM for MSISDN+2 SRI_SM for MSISDN+3 SRI_SM for MSISDN+4 SRI_SM for MSISDN+5 SRI_SM for MSISDN+6 A www.infobip.com

  10. SMS flooding B • Extraordinary traffic volume during limited time period • Can be aimed at HLR, MSC, BSC or even BS to the single MSISDN • Can be done „unintentionally” by 3rd party attempting bulk SMS or SPAM delivery • Usual in case of „manual filtering” to abuse delay in blocking • Impacts network performance and stability FSM_SM for MSISDN FSM_SM for MSISDN FSM_SM for MSISDN FSM_SM for MSISDN FSM_SM for MSISDN FSM_SM for MSISDN FSM_SM for MSISDN A www.infobip.com

  11. SMS SPAM and content fraud • SMS SPAM indicated unsolicited delivery regardless of content • Subtype of SPAM aims to abuse receivers behavior to generate profit • „Call for prize”, „SMS XXXX to confirm”, „Visit URL: XXXX to see” • SPAM can range from harmless marketing over interconnection generating artifical communication to serious money theft • GSMA initative to facilitate centralized SPAM managment • using a universal short code (“7726” (S-P-A-M) or “33700”)   • local and to a global collection, aggregation and reporting service • Submitted to GSMA SPAM Reporting service www.infobip.com

  12. How to manage fraud • Cooperation within ecosystem: operators, signaling providers, content providers... • Technical readiness to detect, analyze and alert on fraud incident • Operational readiness with trained Revenue assurance departments • Timely communication and tracking: Respond. in 24 hrs Incident Report to source NO Sanctions YES NO Resolved in next 24 hours Report YES Resolution www.infobip.com

  13. Prevention – 1. educate • Rather than reactively, act to prevent fraud from happening in a first place: • Educate subscribers: Don’t reply, Don’t trust, Report • Keep your staff trained and aware of threat to cut down response time • Cooperate with your signaling and DCH providers and demand their support • Create minimal response time procedures and keep track of implementation • Have your teams to track your partner reputation • JoinGSMA Security Group andMessaging Anti-Abuse Working Group (MAAWG)

  14. Prevention – 2. make it harder • Fraudsters will usually know how well your network is protected before attack, so: • Real-time „live” detection systems and NRTRDE, rather than „black box” • Use real-time alarming and dedicated response personnel (own or managed) • Ask your provider on possible exchange of data with foreign probes • Monitor both SS7 layers SCCP and MAP, track consistency • Keep awareness of all SS7 channels SMS, USSD and HLR • Keep track of CDR, SMS filter, 7726 and TAP files correlations

  15. Sanctions • Maximize data collection • Via GSMA: sanctions@gsm.org • Unilateral sanctions • Use Group leverage • Keep it confident • Be persistant

  16. Conclusion • Messaging is valuable communication channel • MNO’s need to protect its integrity and credibility • Requires cooperation of whole ecosystem • High technical and operational readiness • Proper fraud management will return all around benefits for networks, content providers and subscribers Thank you!

More Related