|
|
|
|
|
|
by honkdaddy
1737 days ago
|
|
|
Very interesting. I definitely get phishing SMS messages from time to time, but I didn't realize these were some of the very few which actually made it through. Any idea how these bad actors are able to send out these massive batches of spam SMS? My naiive guess would be bulk purchasing disposable SIMs but I imagine it's more sophisticated? |
|
|
Basically there are tons of VOIP companies, with varying levels of give-a-shit and spam detection capabilities.
Generally they are incentivized to let people self-serve on their platform - spin up quickly and start running traffic, or blasting spam, whatever. Especially if you're a small company, you're probably more likely to look the other way for a bit if someone is spending money on your platform, until regulators call, and you can be like "ok we looked into it and shut them down". Also you don't want to be overly aggressive, because what if a great customer comes onto your platform, loves the ease of setup, and starts running legitimate traffic, then you shut them down because they were triggered by whatever crappy spam heuristics your small company came up with, and the customer is gone to another platform where they don't have to deal with that.
Then the company/group running the traffic moves onto other VOIP providers until they get a bad enough name or push the envelope so much that no one will take them.
Then they just create a new "company" that no one recognizes the name of, and start again.
Honestly I think an open sourcing of spam detection heuristics and algorithms would be a massive help, but companies that are good at this obviously see it as a competitive advantage, just like the email space - for example if Twilio is great at keeping spam off their platform (no idea if they are, but they would have the most resources to do so), then all numbers registered with Twilio are less likely to get flagged/blocked downstream - all Twilio customers benefit. Twilio can say "any number you buy with us will be considered clean by downstream parties, no need to worry about getting flagged/blocked, then having to change the numbers you use for your business to communicate with customers, which could be saved in their phone already, etc."
The patterns spam takes vary wildly, often being specific to telecom laws and practices in specific jurisdictions, so it really is a tough problem. If an algorithm flags spam, you often want to then reach out to the customer and try to understand if there's a legitimate reason for the traffic patterns, etc. So there's a layer of customer relations beyond the algorithms that's also tough to scale.