Auth0 Community

Mitigate SMS Pumping Attacks

Knowledge Articles

konrad.sopala June 28, 2023, 9:31am 1

Problem statement

We’re currently experiencing a large number of SMSes - looks like we’re experiencing SMS pumping fraud.

Solution

To mitigate an SMS Pumping Attack:

Tighten Bot Detection to “Always On”
Block sign-ups from known bad email domains using Pre-Registration Action
Block known/risky bad emails using Pre-Registration Action and validation API (Sendgrid)
Allow SMS enrollment only from allowed country codes using Send Phone Message Action
Add threshold alerting on logstream to detect event volume spikes

June 2023 Community News

Topic		Replies	Views	Activity
Passwordless SMS attack mitigation Knowledge Articles passwordless , sms , spam , bot , attack-protection , denial-of-service	1	2059	September 22, 2022
Preventing Bad Actors from Hitting the Passwordless Endpoint Repeatedly Loading Knowledge Articles passwordless	1	742	September 21, 2023
Block Certain Phone Numbers from Receiving SMS for MFA Knowledge Articles twilio , sms-mfa , send-phone-message-action	1	28	July 23, 2024
Does Auth0 Support Twitter Verify Fraud Guard Natively Knowledge Articles twitter	1	310	February 23, 2024
Does the 'Send Phone Message' Flow only trigger when not using Twilio? Help mfa , one-time-password-otp-factor	1	1042	July 17, 2023