In my work as a Customer Solutions Manager at Vonage, a recurring topic is SMS fraud. It’s a challenge that many companies sending SMS face at some point. To give the most common example, many of our customers use Vonage APIs to send SMS with 2FA/OTP codes to their users. However, fraudsters attack such solutions with bot networks, trying to automate SMS traffic to numbers under their control for financial benefit (also known as “traffic pumping” or “artificially inflated traffic” (AIT).

In this tutorial, we’ll show you how to set up automated alerting in case of potential attacks and receive those alerts within Slack.

How do we protect against SMS fraud?

There are two main things you can do to enhance your protection against SMS fraud.

On the one hand, there are steps you can take within your own application, such as rate-limiting SMS requests, identifying and ruling out premium numbers, or using CAPTCHAs. 

On the other hand, Vonage has introduced Vonage Fraud Defender to support our customers in protecting themselves against SMS Fraud. With a few simple steps, it is possible to create Traffic Rules, which block or unblock traffic to destinations that you don’t intend to send to at all. With Traffic Rules, it is easily possible to create global Allow or Block Lists. 

Fraud Defender goes much further. It analyzes the volume of SMS traffic per country and automatically raises an alert if an abnormal traffic increase is detected. For such cases, Fraud Defender enables customers to decide whether to be alerted via email, automatically block country traffic, or both. As this alert is based on the volume of SMS to a destination, we call it Volumetric Changes Alert.

Traffic Rules and Volumetric Changes Alerts are free of charge for all Vonage customers. 

How do Volumetric Changes Alerts work? 

To help our customers be aware of and protect themselves against abnormal traffic increases, Fraud Defender is running statistical calculations, comparing the per-country traffic in the last 12 hours against historical data from the past 90 days. If there is a potentially abnormal increase, a Volumetric Changes Alert will be raised and displayed within Vonage Fraud Defender. Note that alerts will only be created if traffic surpasses 1000 SMS / 12 hours.

Our customers can define Alert Actions, which will be carried out every time a Volumetric Changes Alert is created. There are two choices to make:

1. Whether or not you’d like to receive an email notification about the alert

2. Whether you would like to block traffic to that destination, keep the alert in the system for your review, or not block it at all (you could still manually add a Traffic Rule later, of course)

What if I want my notifications in Slack?

You might feel like email alerts don’t suit your needs - what if an alert happens on the weekend, or at night, where you possibly wouldn’t receive your company email? Or maybe your team doesn’t use email much at all? While we’re working on adding further channels, email is the first one supported. So here’s a workaround to bring those alerts to the Slack channel of your choice.

Many of our customers are using Slack, so we’ll explain here how to send your alerts to Slack instead of (or on top of) your email.

Follow the steps below. Note that most steps can be carried out by all users, but steps 5 and 6 require the user who created your Vonage account.

1. Navigate to the Slack channel which should receive fraud alert notifications.

2. Click the channel name on the top to open channel options.

   Accessing Slack channel options

3. Move to the “Integrations” tab and select “Send emails to this channel” at the bottom.

   Accessing Slack channel email integration settings

4. Copy the email address that is displayed. You can customize the e-mail appearance if you like.

5. Now, let’s move on to your Vonage Dashboard and add this email address to your list of alerted emails. Within the Vonage Dashboard, navigate to “API Settings” on the left,  then to the “Notifications” tab, or follow this link. Click the pencil icon if you are able to see Vonage Fraud Defender in the “Subscription Configuration” section. Else, click “Subscribe for notifications”. (Note that this step can only be performed by the user who created your Vonage account.)

   Setting up Vonage Fraud Defender Notifications

6. Add the email address you copied from Slack and click the plus sign. Then, click Save. (Note that this step can only be performed by the user who created your Vonage account.)

   Add your e-mail address(es) to Vonage Fraud Defender Notifications

7. Double-check whether Fraud Defender Alert Actions are set up correctly. To do this, go to “Fraud Defender” on the left, then click on “Set up alert actions”, or follow this link. Depending on your current setup, either use the pencil icon on “SMS / Volumetric Changes”, or click “Add alert Action”.

   Alert Actions Overview

8. Ensure that “Choose Notification type” is set to “Notify me” in the “Actions” section near the bottom. You can use this opportunity to double-check whether alerts should go to review mode or be blocked automatically. You also have the option to limit these actions to be carried out only after certain thresholds are reached. Note the minimum of 1000 per 12 hours explained above.

   Setting up Alert Actions

What happens next?

Well, hopefully, nothing. But in case of a possible fraud attack, identified by Vonage Fraud Defender Volumetric  Changes Alerts, your Slack channel will now display an email, notifying you of the alert, with a link to Fraud Defender to take further action:

Volumetric Changes Alert notification inside Slack

Conclusion

SMS fraud remains one of the most prevalent threats to companies sending OTP/2FA codes, and other forms of communication, via SMS. 

With Vonage Fraud Defender, you have a free tool at your disposal to block and unblock destinations and automatically be notified via email to your Slack workspace in case our Volumetric Alerts identify an abnormal traffic increase to a destination.

If you have any questions about Vonage Fraud Defender or Volumetric Change Alerts, be sure to contact your Vonage Account Manager or CSM, or join us on the Vonage Developer Community Slack and stay up to date with developer announcements by following VonageDev on X, formerly known as Twitter.