Artificially inflated traffic (AIT): Causes and solutions

Artificially inflated traffic (AIT) drives fake OTP requests, high-risk patterns, and lost revenue. Learn how to detect and prevent this growing SMS fraud. 

Goran Valjak Senior Telecom Business Executive
Skip to table of contents

When it became public that Twitter (now X) was losing over $60 million annually because bot accounts were pumping A2P SMS traffic, it quickly drew attention. This bombshell highlighted a type of fraud with immense consequences for the entire mobile and messaging ecosystem – artificially inflated traffic (AIT).  

Studies indicate that AIT accounts for 5% up to a staggering 40% of all international A2P SMS traffic, with the proportion varying by region. This widespread fraudulent activity led to significant financial losses, costing businesses an estimated US$1.6 billion for businesses in 2023 alone.  

What is AIT and why is it a problem?  

Artificially inflated traffic (also known as SMS pumping fraud) is a type of SMS fraud that increases the number of requests for SMS one-time PINs sent from businesses. By using bots, fraudsters generate fake one-time PIN requests to generate unnecessary costs and benefit financially.  

This fake traffic results in fake accounts, distorted conversion rates, and clear red flags that point to potential fraudulent activity. 

Effects of AIT on telcos 

AIT is fairly simple, but the impact is much wider: it has a huge damaging effect on the overall trust in the digital and mobile ecosystem, affecting reputations of telcos and businesses alike, not to mention the security aspect. 

It raises the question whether A2P two-factor authentication can be trusted and could consequently compromise the value of A2P SMS as a business messaging channel.  

For years, telcos have considered A2P SMS a dependable source of revenue, largely due to the delivery of SMS-based one-time PINs. AIT fraud may push businesses to consider other authentication methods that aren’t always available to all users, while A2P SMS remains widely accessible and easy to use for 2FA. Removing it could leave accounts unprotected, which should never be an option. 

Ironically, despite the costs of AIT, some players in the ecosystem can benefit from it. While most enterprises are victims, a few use it to inflate user numbers and show growth. To fight these threats, telcos, communication providers, and enterprises must work together to protect customers, secure sending messages, and win back trust. 

How does AIT work?  

AIT is typically initiated by fraudsters who use automated software programs to send out large numbers of PIN requests to generate revenue from businesses. These high-risk requests are difficult for businesses to distinguish from genuine user activity. 

Various parties in the messaging system might be tempted to use AIT:

  • Businesses: Brands could misuse AIT to mispresent their customer base, as it could be an indicator of customer base growth.   
  • Communication providers: CPaaS providers could misuse AIT to inflate the number of OTPs which could directly or indirectly bring them more revenue.   
  • Mobile network operators: MNOs could misuse AIT to inflate the number of OTPs which could directly or indirectly bring them more revenue.   
Diagram illustrating the flow of artificially requested PINs (bot) and subscribers through social media platforms triggering one-time PINs (OTP). Fake traffic enters a compromised ecosystem via aggregators Y and X, with aggregator Y having a high conversion rate. This traffic goes through the local MNO to subscribers and back to the internet, where a bot enters the OTP, leading to financial loss. Organic traffic flows through protected ecosystems via Tier 1 messaging platforms and Infobip’s messaging platform to the local MNO, reaching subscribers without interception. Brand costs are indicated at the bottom right. The right side of the diagram contrasts fake traffic (compromised ecosystem) from organic traffic (protected ecosystem). Icons represent bots, subscribers, social media, clouds for aggregators and messaging platforms, a shield for protection, and monetary symbols for costs.
Diagram illustrating the flow of artificially requested PINs and subscriber traffic through social media and messaging platforms, highlighting the differences between compromised and protected ecosystems.

Why do businesses and telcos fall into the trap of AIT?  

We can identify two sources for artificially generated traffic; both businesses and telcos can contribute to AIT. 

The first source is businesses seeking the cheapest rates, which often leads them to partner with lower-tier SMS aggregators

Businesses assume cheaper routes will save money, but low-cost aggregators often can’t break even after paying for the businesses’ traffic usage. To compensate, some generate artificial traffic, keeping the profit for themselves instead of sending it to the telco. 

When businesses choose low‑cost aggregators instead of reputable providers or direct telco connections, bots may be used to trigger fake OTP requests and inflate message volumes. 

In the second scenario, when telcos set high A2P SMS revenue targets, they may partner, intentionally or not, with aggregators that pump artificial traffic, increasing telco revenue but inflating business bills. 

Common messaging use cases for artificially inflated traffic 

The messaging use cases most often targeted by AIT are time-sensitive, user-initiated interactions, especially one-time passwords (OTPs). These include scenarios where a user receives an authentication code or a security alert that prompts them to take action, for example verifying an account or responding to suspicious activity. 

Why 2FA and OTPs are the main use case for AIT? Businesses generally use OTP to onboard new users, login users and reset passwords. With high SMS rates in some markets, bad actors can easily exploit these flows by automating OTP requests with bots, generating large volumes of fake traffic that result in significant financial loss. 

How to manage AIT?  

Some may see AIT as a revenue stream, but it harms the industry and raises trust and compliance concerns. To reduce the risk of AIT, telcos, communication providers and businesses should implement a comprehensive fraud prevention strategy. This includes monitoring suspicious activity, implementing authentication protocols, using advanced analytics to detect anomalies in traffic patterns, and new features for recognizing AIT.  

They should ensure that their systems are regularly updated with the latest security patches to protect against any potential vulnerabilities.  

What can businesses do to protect the ecosystem?  

As mentioned earlier the responsibility lies with all three organizations, including businesses. As a business it is important to responsibly choose the communication provider to help fight AIT. While cost is always a factor in choosing a communication provider or aggregator, it shouldn’t be the only one. What should businesses pay attention to? 

  • Cost: Higher messaging costs can indicate official routes are being used and reflect the expenses of direct connections. 
  • Validity of connections: Confirmation letters and references from telco providers improve the credibility of aggregators and communication providers. 
  • Conversion rate: Conversion rates offer transparency into how many messages are successfully delivered and matched to platform activity. 
  • Direct connections: The number of direct connections to telco operators reduces the risk of grey routes and limits the chances of fraud entering the communication channel. 
  • Testing: Businesses should test the connection firsthand before signing up with a provider. 

What can telco operators do to protect the ecosystem?  

Telcos or mobile network operators are one of the key stakeholders in the messaging ecosystem. Given their central role, telcos must take specific measures to keep the ecosystem secure, including: 

  • Realistic goal setting: When setting A2P SMS traffic goals or KPIs telcos must look at their organic growth and set achievable targets. 
  • Responsible partnering: Like businesses, telcos should choose communication partners carefully, prioritizing security and guidance, not just revenue. 

What can aggregators and communication providers do?  

Aggregators and communication providers can strengthen security by enforcing a zero-tolerance policy on AIT and offering guidance and tools to monitor and protect the messaging system. 

Recently, Infobip has been recognized as the number one provider among Established Leaders in the Artificially Inflated Traffic (AIT) Fraud Prevention market by Juniper Research.  

Infobip was ranked as the leading company because it offers a comprehensive solution to AIT fraud detection and prevention strategies, including its Infobip Signals solution, which detects AIT by monitoring phone number behavior, ranges, and types.  

Helping set Infobip aside from others in the market is its use of AI and machine learning (ML) algorithms to detect and block OTP traffic, ensuring automated protection for enterprises.   

Infobip has a comprehensive solution to combat AIT fraud, with a significant messaging client base to inform future AIT detection and prevention strategies. Infobip’s growth into markets in North America and Western Europe is critical when considering the high levels of AIT fraud in these regions, therefore making them key regions for AIT prevention solutions. Infobip offers several AIT prevention solutions, with Juniper Research highlighting the ‘Infobip Signals’ solution as a crucial tool in blocking AIT fraud, with differing levels of aggression depending on the enterprise’s needs. 

Georgia Allen

Research Analyst at Juniper Research 

Best practices for preventing AIT 

AIT can be difficult to detect and prevent, but there are some best practices and solutions that can help reduce the risk.  

1. Implementing firewalls 

SMS firewalls can detect and block suspicious SMS traffic patterns, such as large volumes of messages sent from and to the same destination. This prevents fraudsters from inflating traffic with fake messages, keeping businesses safe. Additionally, firewalls can be used to detect and block messages containing malicious content, such as spam or phishing links.  

Diagram illustrating an SMS firewall system. SMS traffic enters from the left and is processed by the SMS firewall, which is linked to an analytic hub. After analysis, the SMS firewall classifies the traffic into three categories: Allowed (marked with a checkmark), Leaked (marked with an information icon), and Blocked (marked with an X). Allowed and Leaked traffic proceeds to a cell tower icon on the right, representing delivery. Penetration testing is indicated as part of the SMS firewall process, and icons for signal strength and cost are shown at the bottom. The overall flow represents monitoring and filtering of SMS traffic for security and performance.
Diagram showing the flow of SMS traffic through an SMS firewall.

2. Setting rate limits  

Rate limits are used to stop fraudulent behavior and prevent attackers from targeting applications. Limiting the number of messages sent to certain numbers or prefixes helps prevent fraud, especially in financial services where attackers may target sensitive data. Rate limits should be monitored using AI and machine learning so they can adjust dynamically in real time, making it harder for fraudsters to bypass. 

3. Detecting bots  

The prevention of bots from sending artificially generated traffic or requesting OTPs is important to protect the ecosystem. Tools like BotD or CAPTCHAs can help identify and block bots by adding small steps for users, such as verifying an email before signing up for 2FA. These minor steps frustrate automated scripts while keeping the process easy for real users. 

Explore best CAPTCHA alternatives in 2025 

4. Delays between verification attempts 

Adding increasing delays between authentication retries helps slow down rapid requests. This prevents a single number from receiving too many messages at once and makes it easier to spot bot activity. Best practices include setting a maximum number of attempts and using back-off algorithms to space out each retry. 

5. Monitoring OTP conversion rates 

Tracking how often one-time codes (OTPs) are successfully used is key to protecting your system. Monitoring these conversion rates and setting alerts for unusual activity helps ensure OTPs are used correctly and flags potential fraud. 

6. Detecting fraud with Infobip Signals for businesses  

To protect businesses from AIT, consider using Infobip Signals. The solution is as simple as plug and play and requires no development effort.  

Here’s how Infobip Signals helps you:

  1. Proactive fraud detection: Continuous monitoring of message traffic using advanced volumetric and rate-based analytics enables early identification and prevention of suspicious or fraudulent activity. 
  2. Intelligent threat mitigation: Intelligence-led techniques such as analyzing risk profiles, contact ratios, and behavioral patterns protect from threats and reduces the risk of attacks.  
  3. Real-time automated protection: Machine learning and advanced algorithms detect and block AIT instantly, ensuring communications remain secure and customers’ trust is maintained. 
A visual showing Infobip Signals will check for patterns and flag numbers that are potentially fraudulent.
Infobip Signals will check for patterns and flag numbers that are potentially fraudulent.

At Next, we are committed to protecting our customers from fraud while continuing to provide the rich, responsive, and reliable communication that they expect from us. To benefit from the latest anti-fraud technology, we partnered with Infobip to empower us to be proactive in keeping both our customers and infrastructure safe from new and emerging threats. Their AI and machine-learning powered solution Infobip Signals, helped block approximately 175,000 artificial messages per month, enabling us to maintain the reliability and security of our SMS messaging by mitigating the risk of fraudulent activity. This means that our customers always receive updates on time, and we can continue to deliver the personalized promotional messaging that they expect.  

Raz Razaq

Domain Manager, Customer Contact Experience Technology, Next

Creating a safer messaging ecosystem together

Building a secure and trustworthy messaging ecosystem requires everyone to work together and adopt effective measures against AIT. If left unchecked, AIT can damage credibility and push businesses away from SMS, the channel with a 98% delivery rate

Businesses must understand the risks of choosing low-cost routes, telcos need to align their revenue expectations with real market growth, and aggregators must avoid compromising their reputation for short-term gains. Only through shared responsibility can the industry protect its users and restore confidence in A2P messaging. 

At Infobip, we work directly with telcos and businesses to secure the ecosystem. Our 800+ direct carrier connections and our advanced firewall solutions help you limit fraud and ensure no third parties benefit from artificial traffic. 

Take control of artificially inflated traffic and protect your users with advanced AI detection

Contact an expert Learn more about Infobip Signals

Get the latest insights and tips to elevate your business

By subscribing, you consent to receive email marketing communications from INFOBIP. You have the right to withdraw your consent at any time using the unsubscribe link provided in all INFOBIP’s email communications. For more information please read our Privacy Notice