Skip to contentSkip to navigationSkip to topbar
On this page

What is SMS Pumping Fraud?


SMS pumping fraud happens when fraudsters take advantage of a phone number input field to receive a one-time passcode, an app download link, or anything else via SMS. The messages are sent to a range of numbers controlled by a specific mobile network operator(link takes you to an external page) (MNO) and the fraudsters get a share of the generated revenue.

This happens in one of two scenarios:

  • The MNO is complicit in the scheme and has a revenue sharing agreement with the fraudsters.
  • The MNO is unknowingly exploited by the fraudsters.

In the second case, smaller MNOs get paid by larger MNOs for subscribers and traffic, so a fraudster can create a fake company and promise large amounts of traffic. The MNO may not care what the source of the traffic is and ends up supporting the fraud. In either case, you're more likely to see this type of fraud occur with smaller operators.


Signs of an SMS pumping attack

signs-of-an-sms-pumping-attack page anchor

You will likely see a spike of messages sent to a block of adjacent numbers (i.e. +1111111110, +1111111111, +1111111112, +1111111113, etc.) controlled by the same MNO.

If you're sending SMS for a one-time passcode (OTP) use case, you will likely not see a completed verification cycle.


Fight SMS pumping fraud with Twilio

fight-sms-pumping-fraud-with-twilio page anchor

Need some help?

Terms of service

Copyright © 2024 Twilio Inc.