New Cloud Security Podcast Video Discusses SMS Fraud and AI Threats
🎬 NEW VIDEO FROM @CloudSecurityPodcast
In this new video from the Cloud Security Podcast, host Ashish interviews Frank, a cybersecurity expert with extensive experience in digital identity and fraud protection. The discussion primarily focuses on SMS fraud, a $10 billion annual problem, and how attackers use advanced techniques to exploit corporate vulnerabilities.
Frank begins by sharing his professional journey, which led him from major consulting firms to specialized roles in cybersecurity and digital identity. He explains that identity is often misunderstood and remains a major weakness for companies, especially in the context of the cloud. SMS fraud, although often overlooked, is a growing problem, particularly due to the increase in "toll fraud" attacks where attackers exploit SMS streams to generate illegal revenue.
SMS "toll fraud" is a $10 billion annual problem. Attackers use bots to generate millions of SMS transactions, often targeting premium numbers in distant countries. These attacks often go unnoticed because they do not directly involve security teams. Companies often realize the problem only when mobile phone bills increase significantly. Frank gives the example of a ride-sharing company that discovered a multi-million dollar fraud after the finance department noticed an unexplained increase in mobile phone costs.
Frank also explains how attackers use psychological techniques to prompt users to respond to fraudulent messages. For example, well-crafted messages claiming to be from the DMV and threatening to revoke a driver's license if the user does not respond immediately. These messages are becoming more credible thanks to the use of artificial intelligence (AI) to personalize and contextualize attacks.
The discussion also addresses the impact of AI on fraud attacks. Attackers use "smart bots," bots written by AI, to quickly adapt their attacks to new defenses. Frank mentions a more than 500% increase in "smart bot" attacks over the past year. These bots can write and adapt their scripts in real-time, making traditional defenses ineffective.
To combat these threats, Frank recommends a multi-step approach. First, companies must understand their vulnerabilities, including their API footprint and SMS streams. Second, they must form cross-functional teams to share data and identify anomalies. Third, they must invest in mitigation technologies and ensure that leaders are aware of the threats and ready to allocate the necessary resources.
Frank concludes by emphasizing the importance of data fusion and threat information sharing within the organization and with external partners. He stresses that fraud will never completely disappear, but it can be managed and mitigated with the right strategies and technologies.
Finally, Frank shares some personal aspects of his life, including his love for music, cooking, and outdoor activities with his grandchildren. He also expresses his pride in working with a talented team of professionals at Aros, with whom he has collaborated several times throughout his career.
To learn more about Frank and Aros, and to discover how they help companies protect against fraud, you can visit their website or contact them directly via LinkedIn.