Talk to our expert team today!

OTT channels are becoming more and more prominent in the messaging landscape, but are less equipped to defend against fraudulent activity. Is OTT becoming a target for bad actors?

In this blog post, Aidan Kenny, Fraud and Cybersecurity Development Manager at Openmind Networks, explores how fraudsters are evolving their efforts and how the industry is responding.

As OTT messaging including RCS, iMessage, WhatsApp, Viber, Telegram and others become more and more prominent in the messaging landscape, do we now have a looming problem where fraud events will move to these channels that are less capable of defending themselves from attacks?

Mobile operator networks have been the focus of attacks up until now, with SMS the preferred channel for bad actors to run their smishing campaigns. This has led to significant resources being deployed to stop fraud events on these networks and an attempt to protect end users. However, OTT providers, who are carrying much of the messaging traffic, are now being pulled into the conversation.

There have been reports recently of a large iMessage smishing campaign taking place in Western Europe. Direct visibility on the nature of this attack is difficult in terms of volume of messages but, not surprisingly, it is typical of smishing campaigns at this time of year in that it is purported to be from a delivery and logistics provider. 

As Apple iMessage is completely OTT, and can’t be screened for malicious content by telecoms operators, it is only secondarily visible. We are seeing significant SMS versions of these attack messages as they are forwarded into the SMS networks from iMessage users. This means as people receive an inbound smishing message over iMessage they sometimes share or forward these messages to family and friends who are on the SMS channel and so they show up in the traditional telco message network.

“Operators will not want to be tarnished by association with OTT messaging apps that might be confused with the telco network messages.”

Aidan Kenny, Fraud and Cybersecurity Development Manager, Openmind Networks

The indication from the volume of secondary traffic like this is that the smishing attack on iMessage appears very significant in scale. Among a small group of telco employees it is being reported that all of these people and their personal network of friends and family have received these attack messages. The correct course of action for consumers in a situation like this is to contact Apple support directly with the senderIds of the iMessage subscriber sending the messages. Apple can then block those sender ids. It is likely there will be a lot of concerned leadership teams in telcos across Europe if this is the epicenter of the attack. 

The problem with iMessage and RCS for the operator is that the message arrives in a common inbox with SMS, so from the customer point of view this is the operator’s fault, not Apple or Google. Operators will not want to be tarnished by association with OTT messaging apps that might be confused with the telco network messages.

As operators in Europe implement more sophisticated firewall solutions to combat the growing fraud problem, it is becoming clear that GDPR rules clash with the requirements of firewalls. How can operators safeguard their networks while upholding users’ data privacy rights?

Openmind Networks handles the challenge of GDPR restrictions to allow operators protect their networks while maintaining subscribers’ data privacy. 

Smart Services CDR Depersonalisation

For security/data privacy reasons, the Call Detail Record (CDR) feed will be depersonalized before transfer to the Smart Services Virtual Machine.

Four mechanisms are applied to de-personalise the SMS messages:

  1. Given/Family names replaced with NAME
  2. All numeric characters replaced with a single, repeated character, e.g. 55555
  3. Email addresses replaced with EMAIL
  4. Message Metadata (OA/DA) obfuscated

In the below example we have a sample depersonalized message text. 

From +353-86-457-ABCD

To +353-87-329-FEAG

Hi NAME, just to let you know that if you are coming to see NAME the gate code is 55555 and you can contact her at EMAIL if you want to talk about the price of $55555. 

The combination of everything above will form the complete obfuscation picture below. Any identifiable information is removed to preserve the privacy of the message and its owner.

To learn more about the topics covered in this article, or to discuss how Openmind Networks can help you protect your network and users from fraudulent activity, please get in touch at or contact our team of experts online here.

Share this post:

Blogs you might be interested in