White Paper Excerpt

RBM Handbook for CPaaS – Chapter 2

Persistent and Evolving Threats in the New Age of Rich Media Messaging

The merits that have made A2P messaging successful for brands communicating with consumers also create favourable conditions for misuse.

First, text messaging is ubiquitous. As noted above, SMS is a global telecom standard implemented on almost every mobile phone. It is the de facto international standard messaging service, and RCS/RBM will take over this role as handset support is enabled by default in native messaging apps. The vast user base is the primary factor attracting brands – and spammers – to these services.

Secondly, high open and engagement rates mean recipients open, read, and respond to messages soon after receiving them. The immediacy and the fact that subscribers react quickly to text messages make misuse especially dangerous. In general, subscribers are less suspicious of text messages than, for example, email messages, increasing the risk of them clicking links or responding to nuisance messages and becoming victims of scams.

 

Scam message on phone screen

Handbook: Securing Messaging in the New Age of Rich Media

This is an excerpt from our handbook Securing Messaging in the New Age of Rich Media,  a guide to RBM security for CPaaS providers. Download the full handbook for a comprehensive overview of RBM security.

RBM handbook excerpt cover V2

Misuse Ranges from Nefarious Scams to Accidental Compliance Breaches

What are the most persistent threats? Different kinds of misuse result in various types of spam, and CPaaS providers need to identify and block them all. A rough breakdown of spam categories might look like this:

1. Scams and Smishing Fraud

Smishing is a growing issue worldwide. Criminals are shifting from email to messaging for phishing campaigns, driven by messaging’s high success rates. SMS is one of the two most frequently exploited channels for scams, according to GASA.

2. Unsolicited Messages

Brands that ignore laws and guidelines to send commercial messages without consent are a major issue and cause of spam complaints.

3. Misleading Messages

Some senders profit from intentionally misleading content, such as impersonating other brands or making dishonest claims or offerings, often combined with aggressive marketing language. The immediacy and reach of messaging channels propel misleading campaigns at the recipients’ expense.

4. Accidental non-compliance

Brands sometimes fail to comply despite good intentions. Ignorance of rules and best practices or lack of control functions can inadvertently cause brands to send non-compliant campaigns. MNOs are still mandated to block these messages from reaching subscribers, which means CPaaS providers are also required to do so. What is appropriate to send, to whom, and when can differ between regions or countries. This makes it difficult for brands to know exactly where the line is between what is okay and what is not.

It is not in anyone’s interest for smishing and misleading messages to be allowed. For inadvertently sent messages, however, CPaaS providers must guide brands to stay within acceptable use. Brands can suffer from reputational damage if they send inappropriate messages. Detecting bad campaigns before they reach subscribers should be of paramount importance to CPaaS providers.

 

Related insights

CPaaS Buyer's Guide Cover Image

The Buyer’s Guide to Messaging Firewalls for CPaaS

Read more

Tags: A2P Messaging, CPaaS

Why Messaging Security Must Start with SMS, MMS and RBM 3

Verified Senders, Encryption and Rich Media: Improving Messaging but Adding New Risks

Read more

Tags: A2P Messaging, CPaaS, RBM, RCS, SMS

RCS Messaging example on phone with security background

Unmasking the Security Challenges of Rich Communication Services

Read more

Tags: A2P Messaging, Mobile Security, RBM, RCS

Why Messaging Security Must Start with SMS, MMS and RBM 3

Why Messaging Security Must Start with SMS, MMS and RBM

Read more

Tags: A2P Messaging, CPaaS, RBM, RCS, SMS

Verifying the Verified: Why RBM’s Verified Sender Feature is Important But No Silver Bullet for Message Protection

Verifying the Verified: Why RBM’s Verified Sender Feature is Important But No Silver Bullet for Message Protection.

Read more

Tags: A2P Messaging, CPaaS, Mobile Security, RBM