SUPPORT.TWILIO.COM END OF LIFE NOTICE: This site,, is scheduled to go End of Life on February 27, 2024. All Twilio Support content has been migrated to, where you can continue to find helpful Support articles, API docs, and Twilio blog content, and escalate your issues to our Support team. We encourage you to update your bookmarks and begin using the new site today for all your Twilio Support needs.

SMS Traffic Pumping Fraud

SMS Traffic Pumping Fraud, also known as Artificially Inflated Traffic, happens when fraudsters take advantage of a phone number input field to receive a one-time passcode (OTP), an app download link, or anything else via SMS. If this form does not have adequate controls, the attackers can inflate traffic and exploit your app. The fraudsters send SMS to a range of numbers controlled by a specific mobile network operator (MNO) and receive a share of the generated revenue.The attack causes inflated traffic to your app with the intent to make money and to steal information. While the specific ways attackers monetize fraud is different, the strategies you can implement to reduce fraud are similar.


Understanding, Preventing and Reporting Fraud

For more information please review our helpful resource here: Preventing Fraud in Programmable Messaging

Additional Resources

Have more questions? Submit a request
Powered by Zendesk