Skip to content Skip to navigation Skip to topbar

Twilio Docs

Programmable Messaging

Getting Started

Messaging Onboarding Guides

Overview 1. SMS Foundations 2. Prepare your sender strategy 3. Build your Account 4. Monitor your application

How to work with your Twilio Free Trial account (US only)How to work with your Twilio Free Trial account (rest of world)Guide to using the Twilio Virtual Phone Messaging Services Quickstart SMS Quickstarts WhatsApp Quickstarts

API Reference

Message Resource

Overview MessageFeedback Resource Media Resource

Service Resource

Service Resource AlphaSender Resource ChannelSender Resource PhoneNumber Resource ShortCode Resource (A2P 10DLC) BrandRegistration Resource (A2P 10DLC) BrandVetting Resource (A2P 10DLC) UsAppToPerson Resource (A2P 10DLC) UsAppToPersonUsecase Resource

Messaging: Country Pricing Resource Deactivations Resource ShortCode Resource

Preventing Fraud

Preventing Fraud in Programmable Messaging SMS Pumping Protection

Tutorials

Receive and Reply to Incoming Messages Send SMS and MMS Messages Send Appointment Reminders Retrieve and Modify Message History Browse all Messaging tutorials

Messaging Services

Overview Send Messages with Messaging Services Manage opt-ins and opt-outs Best Practices for Scaling with Messaging Services Manage queueing and latency Alphanumeric Sender IDs

Messaging Features

SMS Pumping Protection

Messaging Insights

Overview Dashboards Messaging Intelligence

Message Scheduling Link Shortening

Usage Guides

How to work with your Twilio Free Trial account (US only)How to work with your Twilio Free Trial account (rest of world)Guide to using the Twilio Virtual Phone Preventing Fraud in Programmable Messaging What to Know Before Sending International SMS Messages SMS Geo Permissions Twilio's request to your incoming message Webhook URL Outbound Message Status in Status Callbacks Track the Message Status of Outbound Messages Best Practices for Messaging Delivery Status Logging Safeguard with Message redaction Debugging Common Issues with SMS How to Optimize Message Deliverability with Message Feedback

TwiML

Overview <Message><Redirect>

US A2P 10DLC

US A2P 10DLC Overview Required Business Information Registration for Government and Non-Profit Agencies

Register Your Business

Direct Standard and Low Volume Standard Registration Direct Sole Proprietor Registration Transition from a Sole Proprietor Brand to a Standard Brand

For ISVs: Register Your Customers

ISV Onboarding Overview Standard and Low-Volume Standard Registration Sole Proprietor Registration Use Externally Registered Campaigns Create Mock Brands and Campaigns

Troubleshooting A2P 10DLC Registrations Set Up Notifications for A2P 10DLC

Toll-Free Verification

Console Onboarding Guide REST API Onboarding Guide

Messaging Channels

Overview WhatsApp Facebook Messenger (Public Beta)Google Business Messages (Public Beta)

Other Messaging products

Content Editor: message templates for any messaging channel Conversations: two-way messaging Verify: user verification and one-time passwords

Related docs

Phone Numbers General Usage Identity and Access Management (IAM)

Messaging
Voice
Serverless
Flex
Studio
All docs...

SDKs
Help

Log in
Sign up

Rate this page:

12345

On this page

Recommended actions to prevent fraud

Use Verify to send verifications and enable Verify Fraud Guard
Activate the SMS Pumping Protection feature for Programmable Messaging
Implement geographic permissions to restrict destination countries
Detect bots and refresh your user experience to prevent them
Set rate limits
Implement exponential delays between retry requests
Look up the phone number before sending
Analyze IP and detect VPNs
What to do if you suspect fraud on your Twilio account
What's next?

Recommended actions to prevent fraud

Use Verify to send verifications and enable Verify Fraud Guard

Activate the SMS Pumping Protection feature for Programmable Messaging

Implement geographic permissions to restrict destination countries

Detect bots and refresh your user experience to prevent them

Set rate limits

Implement exponential delays between retry requests

Look up the phone number before sending

Analyze IP and detect VPNs

What to do if you suspect fraud on your Twilio account

Preventing Fraud in Programmable Messaging

One of the challenges of operating globally is the increased exposure to fraud.

A common type of attack we see is SMS pumping, where fraudsters take advantage of a phone number input field to receive a one-time passcode, an app download link, or anything else via SMS. The messages are sent to a range of numbers controlled by a specific mobile network operator (MNO) and the fraudsters get a share of the generated revenue. Phone number verification and two-factor authentication (2FA) flows are often exploited for this purpose.

The attack causes inflated traffic to your app with the intent to make money and not to steal information. While the specific ways attackers monetize fraud is different, the strategies you can implement to reduce fraud are similar.

verification fraud diagram.


_10Account SID: 
_10Product Type: 
_10Date/time Range: 
_10To/Recipient Country: 
_10Workspace SID: 
_10Description of Activity:

What's next?

Here are some more resources that you might enjoy:

What Is SMS Pumping Fraud?
Anti-Fraud Developer Guide
SMS Pumping Protection for Programmable Messaging
Best practices for phone number validation during new user enrollment

Rate this page:

12345

Need some help?

We all do sometimes; code is hard. Get help now from our support team, or lean on the wisdom of the crowd by visiting Twilio's Stack Overflow Collective or browsing the Twilio tag on Stack Overflow.

Terms of service

Copyright © 2024 Twilio Inc.