Fraudsters exploit the vulnerabilities of SMS in numerous ways; it’s very easy for fraudsters to buy customers’ personal information on the dark web and then arrange account takeovers to intercept SMS OTP messages.
Fraudsters are also using targeted malware bots to gain access to customers’ devices, steal their information, and intercept OTPs and authenticator codes.
Fraud schemes like these that exploit SMS 2FA—including SIM swap and port-out scams where fraudsters impersonate customers to divert messages to a phone number that they control—are hitting the headlines, and government regulators are taking notice. In the United States, the Federal Communications Commission (FCC) is putting pressure on telcos to stop customers from swapping SIMs unless the carrier has a secure method for authenticating customers.
But the vulnerability of SMS isn’t just a problem for telcos. It’s a problem for any brand that uses SMS 2FA.