RBM Handbook for CPaaS – Chapter 2
Persistent and Evolving Threats in the New Age of Rich Media Messaging
The merits that have made A2P messaging successful for brands communicating with consumers also create favourable conditions for misuse.
First, text messaging is ubiquitous. As noted above, SMS is a global telecom standard implemented on almost every mobile phone. It is the de facto international standard messaging service, and RCS/RBM will take over this role as handset support is enabled by default in native messaging apps. The vast user base is the primary factor attracting brands – and spammers – to these services.
Secondly, high open and engagement rates mean recipients open, read, and respond to messages soon after receiving them. The immediacy and the fact that subscribers react quickly to text messages make misuse especially dangerous. In general, subscribers are less suspicious of text messages than, for example, email messages, increasing the risk of them clicking links or responding to nuisance messages and becoming victims of scams.
Handbook: Securing Messaging in the New Age of Rich Media
This is an excerpt from our handbook Securing Messaging in the New Age of Rich Media, a guide to RBM security for CPaaS providers. Download the full handbook for a comprehensive overview of RBM security.
Misuse Ranges from Nefarious Scams to Accidental Compliance Breaches
What are the most persistent threats? Different kinds of misuse result in various types of spam, and CPaaS providers need to identify and block them all. A rough breakdown of spam categories might look like this:
1. Scams and Smishing Fraud
Smishing is a growing issue worldwide. Criminals are shifting from email to messaging for phishing campaigns, driven by messaging’s high success rates. SMS is one of the two most frequently exploited channels for scams, according to GASA.
2. Unsolicited Messages
Brands that ignore laws and guidelines to send commercial messages without consent are a major issue and cause of spam complaints.
3. Misleading Messages
Some senders profit from intentionally misleading content, such as impersonating other brands or making dishonest claims or offerings, often combined with aggressive marketing language. The immediacy and reach of messaging channels propel misleading campaigns at the recipients’ expense.
4. Accidental non-compliance
Brands sometimes fail to comply despite good intentions. Ignorance of rules and best practices or lack of control functions can inadvertently cause brands to send non-compliant campaigns. MNOs are still mandated to block these messages from reaching subscribers, which means CPaaS providers are also required to do so. What is appropriate to send, to whom, and when can differ between regions or countries. This makes it difficult for brands to know exactly where the line is between what is okay and what is not.
It is not in anyone’s interest for smishing and misleading messages to be allowed. For inadvertently sent messages, however, CPaaS providers must guide brands to stay within acceptable use. Brands can suffer from reputational damage if they send inappropriate messages. Detecting bad campaigns before they reach subscribers should be of paramount importance to CPaaS providers.