A fraudster develops or uses an automated bot or low-skilled workforce to trigger actions such as fake account creation, OTP requests, or password resets. These bots or human bots mimic real user activity, often bypassing security measures through direct API calls.
These actions trigger SMS messages, which are sent to phone numbers controlled by the fraudster, creating inflated traffic.
The fraudster collaborates with a “rogue party,” often a corrupt telecom provider or intermediary with access to SMS routing infrastructure.
The rogue party intercepts the inflated SMS traffic, typically avoiding message delivery to reduce costs. Instead, they route the traffic to numbers they control.
The rogue party earns revenue by collecting funds from the inflated SMS traffic, benefiting from volume-based pricing or other arrangements.
