Prove Trust Score™ Ready to Detect and Stop New Fraud Vector
Every day, cybercriminals grow more brazen and sophisticated. The latest cybercrime, described by Joseph Cox in his article A Hacker Got All My Texts for $16, is particularly disturbing because it requires almost no technical knowledge and targets the victim’s phone number without them even knowing. Fortunately, Prove already has the capabilities to prevent this new fraud from taking hold.
Phone numbers and mobile phones have become the master keys to our digital lives. At Prove, we have architected a trust and identity platform to help the nation stay several steps ahead of attackers that exploit vulnerabilities in our telecommunication systems.
This latest SMS theft hack used an SMS marketing platform called Sakari to exploit a service called OSR (Override Services Registry). The OSR serves a critical function in our communications infrastructure because it allows VoIP (Voice Over Internet Protocol) landlines and certain MVNOs (Mobile Virtual Network Operators) to receive SMSes. In this case, the attackers were able to fraudulently add entries to the OSR to send copies of SMSes to themselves. This allowed the attackers to retrieve SMS one-time passcodes.
The good news is that Prove’s Trust Score™ has already designed the capability to detect and stop this fraud. Consumers’ digital life experiences are increasingly mobile, and their daily touchpoints with a variety of service providers are exploding rapidly. Whether logging into a dating app, verifying an e-commerce payment, or proving eligibility for vaccination, the need for frictionless safeguards to protect the individual and online communities is higher than ever. Prove’s technology works behind the scenes to offer its clients the control and confidence to manage the spectrum of digital-native use cases, preventing fake account opening to authorizing high-value financial transactions and everything in between.
When a Prove client asks if a phone number is safe to send a text message to or engage with, Prove will check the OSR, among many real-time checks, including SIM swap, to calculate a real-time Trust Score™. A low Trust Score™ will tell Prove clients to apply the appropriate policy, such as not sending the given SMS.
As Prove continues to protect consumers from fraud by bolstering SMS with modern, real-time fraud protection, Prove is proud to join forces with leaders from a wide array of industries to call for a wholesale reduction of using SMS for authentication purposes.
To learn how you can protect your clients and prevent fraud, visit www.prove.com.
Get in touch
Keep reading
Read the article: Anatomy of an Account Takeover Attack: Analysis and Response PlanLearn practical strategies for handling identity verification API errors or no-match responses. Explore fallback methods and clear communication tactics to ensure a smooth, user-friendly experience.
Read the article: Prove Global Fraud Policy℠: A New, Adaptive Standard for Digital IdentityIntroducing the Global Fraud Policy (GFP), Prove’s new unified, adaptive fraud-defense engine that replaces fragmented, custom rules with a single, comprehensive policy that automatically updates as new threats emerge. This forward-looking framework helps businesses anticipate and respond to evolving threats like GenAI deepfakes, synthetic identities, and eSIM bots, protecting customers at scale.
.png)
Read the article: Passkey Syncing Fraud: The New Attack Vector Everyone Saw ComingPasskey syncing, a feature meant for convenience, has created a new security threat by allowing attackers to compromise cloud accounts and download victims' passkeys. Learn how this fraud happens and the steps consumers and businesses can take to protect high-risk accounts.
