Mitigate SMS Pumping Attacks

Problem statement

We’re currently experiencing a large number of SMSes - looks like we’re experiencing SMS pumping fraud.


To mitigate an SMS Pumping Attack:

  • Tighten Bot Detection to “Always On”
  • Block sign-ups from known bad email domains using Pre-Registration Action
  • Block known/risky bad emails using Pre-Registration Action and validation API (Sendgrid)
  • Allow SMS enrollment only from allowed country codes using Send Phone Message Action
  • Add threshold alerting on logstream to detect event volume spikes