Problem statement
We’re currently experiencing a large number of SMSes - looks like we’re experiencing SMS pumping fraud.
Solution
To mitigate an SMS Pumping Attack:
- Tighten Bot Detection to “Always On”
- Block sign-ups from known bad email domains using Pre-Registration Action
- Block known/risky bad emails using Pre-Registration Action and validation API (Sendgrid)
- Allow SMS enrollment only from allowed country codes using Send Phone Message Action
- Add threshold alerting on logstream to detect event volume spikes