SMS Fraud: What Is Artificially Inflated Traffic (AIT) & How to Stop It?

Artificially Inflated Traffic is costing businesses millions every year.

Sometimes — like in X and Elon Musk’s case — it’s as much as $60 million annually.

But what exactly is Artificially Inflated Traffic, why is it so common right now and what can you do to protect against it?

That’s what we’ll unpack in this blog post: SMS Fraud: What Is Artificially Inflated Traffic (AIT) & How to Stop It?

Let’s jump in.

What Is Artificially Inflated Traffic (AIT)?

Artificially Inflated Traffic (AIT) – often referred to as SMS fraud, SMS toll fraud or SMS pumping – is a type of messaging fraud whereby bad actors create fake or excessive SMS traffic – hence ‘artificially inflated’ – for their own financial gain.

Here’s how it typically works:

  • A fraudster targets one of your automated SMS workflows – most commonly those used to send One-Time Passwords (OTPs) during login or verification.
  • Using bots or automated scripts, they repeatedly trigger that workflow, generating a huge increase in outbound SMS traffic that you’re paying for.
  • The messages are delivered to phone numbers controlled by the attacker — often routed via premium-rate or international carriers that support revenue-sharing models.
  • The fraudster receives a cut of the revenue from that inflated traffic, while your organisation is left covering the cost of thousands of messages that were never intended for real users.

As you can imagine, this type of SMS fraud is extremely hard to detect because everything appears to be working as expected. Messages are successfully delivered. No errors are raised. But behind the scenes, you’re paying for artificially inflated traffic that was never triggered by actual customers – not good!

How to Detect and Stop AIT

Artificially Inflated Traffic, or SMS Pumping, often hides in plain sight, which is exactly what makes it so effective.

It blends into your regular traffic patterns, making it difficult to spot unless you’re looking closely at where your messages are going — and why.

That said, there are a few key indicators to look out for that could point to artificially inflated traffic.

Message Volume Spikes

A sharp, unexplained increase in SMS traffic is one of the most common signs of AIT.

If you see a spike in outbound messages but haven’t launched a marketing campaign, experienced a seasonal uplift or made any changes to your service, it’s worth investigating.

Fraudsters often use bots or scripts to trigger large volumes of messages in short bursts — typically targeting OTP or form-based workflows. These spikes can go unnoticed until costs start rising.

Low Conversion Rates

If you’re sending large volumes of OTPs or notifications but very few recipients are completing the next step, that’s a red flag.

In many cases of AIT, everything looks fine at first. Messages are delivered successfully, and no errors appear in your reports, but those messages aren’t reaching real users.

Instead, they’re being routed to numbers controlled by attackers, which means no one logs in, confirms a booking or takes meaningful action.

If your messages are going out, but nothing’s coming back, it’s definitely worth investigating further.

Unusual Destination Patterns

AIT attacks often involve sending messages to countries or number ranges that have no clear connection to your customer base.

These destinations are typically selected because they support revenue-sharing models, allowing fraudsters to earn a cut of the messaging costs.

Even though the messages appear to be delivered successfully, they’re being routed to numbers that serve no legitimate purpose.

If your traffic suddenly shifts toward unfamiliar regions or number patterns where you don’t have presence, it’s a strong sign something suspicious is going on.

Billing Anomalies

Artificially inflated traffic often goes unnoticed until the invoice arrives and something doesn’t add up.

If your SMS spend increases sharply without a clear business reason, it could be a sign of inflated traffic.

Spotting unfamiliar carrier charges, higher per-message costs, or a change in destination mix are all telltale signs that you’re being targeted by fraudsters.

When your bill tells a different story from your actual usage, it’s time to take a look into what’s really going on behind the scenes.

Why SMS Fraud Is Still a Growing Threat

The rise of Artificially Inflated Traffic (AIT) isn’t slowing down — and there are a few key reasons why.

Wide SMS Channel Usage

Nearly everyone has a mobile phone these days — and nearly every phone can receive texts. That makes SMS one of the most widely used ways for businesses to reach people quickly.

With so much messaging volume going out every day, it’s a natural target for fraudsters looking to exploit automated systems at scale.

Rising A2P SMS Costs

Couple that wide adoption with a steady increase in the cost of sending SMS —especially to certain international destinations — and the appeal for fraudsters becomes even greater.

The higher the cost per message, the bigger the potential payout when attackers inflate traffic. In some cases, they’re earning a cut of every fake message that gets sent, turning artificial traffic into real money.

Complex & Opaque Routing

When you send an SMS, it doesn’t always take a straight path to the recipient. Instead, it often travels through a chain of intermediaries — aggregators, resellers, and international carriers — before it’s delivered.

Unfortunately, some of these players operate in markets with minimal oversight, and not all routing decisions are visible to you as the sender. This lack of transparency makes it easier for artificially inflated traffic to remain hidden, especially when it’s being routed to high-risk or premium-rate destinations.

Detection is Often Reactive

The artificial inflation of traffic doesn’t raise alarms on the surface. Messages appear delivered, delivery reports come back clean and oftentimes everything will appear normally in your dashboard.

But because the activity mimics legitimate user behaviour, fraud often goes undetected until someone notices a spike in costs or a pattern in destination numbers. By that point, thousands — sometimes tens of thousands — of dollars may already be lost to fraudulent SMS traffic.

Common Types of SMS Fraud (And Where AIT Fits In)

AIT is just one form of SMS fraud.

To get a better understanding of how it works — and why it’s so hard to detect — it helps to look at it alongside a few other common types of messaging abuse.

Each one exploits SMS in a slightly different way, but the goal is the same: generate revenue through dishonest or unauthorised activity.

SMS Pumping Fraud

Also known as artificially inflated traffic, SMS pumping happens when bots or scripts repeatedly trigger SMS messages — usually OTPs or alerts — to numbers controlled by the fraudster. This drives up volume and cost, with the attacker earning a cut of the fees.

According to a 2023 report by Enea and Mobilesquared, this type of activity is estimated to account for around 5% of all international A2P SMS traffic, highlighting just how widespread and costly it has become.

SMS Toll Fraud

In many cases, toll fraud overlaps with AIT. The key difference is that toll fraud typically focuses on sending messages directly to high-cost destinations to profit from inflated messaging charges — whereas AIT is often tied to high-volume automated workflows, like OTPs, that can be exploited at scale.

Grey Routes

Grey routes are unauthorised delivery paths used to send messages at lower cost. They bypass official commercial agreements between carriers and exploit technical loopholes to cut corners. While not always fraudulent in intent, they often result in delivery issues, inflated traffic and a lack of transparency.

Spam and Phishing (Smishing)

These are messages sent with the intent to deceive the recipient — usually to steal personal information, login credentials, or payment details. While not financially motivated through message volume like AIT, they’re still a major part of the SMS fraud ecosystem.

What AIT Looks Like in the Real World

AIT doesn’t always make headlines — but it happens every day across industries that rely on SMS for time-sensitive, automated communication.

Here are a few real-world examples that show how quickly inflated traffic can go unnoticed — and how damaging it can become:

Example #1: OTP Abuse Costs Bank Thousands

Let’s say a national bank notices an unexpected spike in SMS spend.

Fraudsters are using bots to trigger repeated OTP requests through the login page and each message is sent to premium-rate number under their control.

Because the traffic looks normal and the messages are successfully delivered, the issue goes unnoticed.

By the end of the month, the bank has absorbed tens of thousands in inflated costs.

Example #2: Fake Bookings Inflate SMS Volume for Healthcare Provider

Now imagine a healthcare provider experiences a sudden spike in SMS confirmations linked to its online booking form.

Fraudsters are using bots to submit fake appointments, triggering automated messages to premium-rate numbers they control.

As the messages are delivered and no obvious errors are raised, the activity blends in with normal traffic – that’s until the billing report reveals a sharp rise in messaging costs.

Example #3: Government Form Exploited to Pump Traffic

A government department uses SMS to confirm receipt of online applications. One of its public-facing forms allows users to request status updates by entering a mobile number.

Attackers exploit the form by submitting thousands of automated requests using premium-rate numbers. The system processes and sends the messages without raising any red flags.

It’s only during a quarterly review of traffic reports that internal teams notice the spike in volume and identify patterns tied to specific destinations—by which point the damage is already done.

ait blog banner desktop

Protect Against SMS Fraud with Soprano

Protecting your organisation from artificially inflated traffic starts with visibility and control.

While AIT can be difficult to spot, businesses that actively monitor message behaviour, review destination patterns and question unexpected traffic trends are far better placed to mitigate risk.

At Soprano, we’re proud to deliver premium-quality SMS routes — never grey or low-cost paths — to ensure message integrity and reduce exposure to fraud-prone destinations.

Our ISO 27001 certification underpins our commitment to security, and we apply strict standards when it comes to carrier selection and traffic routing.

But we also know that AIT is evolving.

That’s why we’re building new capabilities to help our customers take more proactive control over their traffic, strengthening detection and prevention features within our platform to stay ahead of emerging fraud threats. These enhancements will complement the reliability and scale provided by our trusted messaging platform.

With more than 4,500 enterprise and government organisations worldwide relying on our platform to power their customer interactions, we remain focused on enabling secure, high-performance messaging — while continuously evolving to meet the challenges ahead.

If you’d like to safeguard your messaging and explore how to reduce exposure to AIT, get in touch with us today to speak with a communication expert.

Related Posts:

  • omr24; conference stage; bühnenbild

    May 29, 2024

    Communication in the Digital Space: 3 Key Insights from OMR24 Expo 

    Read Now
  • healing healthcare comms how omnichannel engagement is transforming patient provider interactions blog post hero images (1)

    June 3, 2024

    Healing Healthcare Comms: How Omnichannel Engagement is Transforming Patient-Provider Interactions 

    Read Now

  • October 23, 2024

    What are Passkeys and Should You Start Using Them?

    Read Now