AIT Protection

AIT - Artificially Inflated Traffic - attacks occur when threat actors use bots and automation to generate large volumes of fake or fraudulent traffic.

Often, the threat actors' goal is injecting traffic to high-cost destinations, leading to financial costs for your organization, or sending SPAM/Phishing to cause reputation and compliance issues.

Vonage AIT Protection monitors your SMS traffic in real-time. Depending on the protection level you select, potentially fraudulent traffic will be automatically blocked or a Fraud Alert will be raised for you to review.

AIT Protection Levels

AIT protection allows you to define a Global Protection Level and set up custom levels on a per country basis. The ‘High’ protection level is the most aggressive; ‘Standard’ protection blocks only high-risk traffic lowering the risk of false positives, and by selecting ‘None’ Fraud Alerts will be raised for you to review, but will not automatically block traffic. Below are further details about the different AIT protection levels.

AIT Protection Overview.png

None

The ‘None’ AIT Protection level does not block potentially fraudulent traffic. A per country Fraud Alert will be raised once the protection detects potentially fraudulent unblocked traffic. Fraud Alerts are shown in your Alerts section. Once you have assessed the Fraud Alert you can increase the protection level to start blocking traffic, or place manual blocks through Traffic Rules. Keep in mind that, to receive email notifications when a Fraud Alert is raised you need to have an Alert Action for 'AIT Protection' established.

Standard

The ‘Standard’ AIT Protection level lowers the likelihood of false positives by automatically blocking traffic showing a high fraud risk, while traffic showing a non-high fraud risk won't be automatically blocked by the AIT Protection: a per country Fraud Alert will be raised indicating the amount of unblocked traffic (i.e. traffic that would have been blocked if AIT Protection level is set to 'High'), if any.

High

The ‘High’ AIT Protection level blocks all potentially fraudulent traffic. This level grants the highest protection against fraud, but it also increases the chances of false positives: traffic generated by a number within a close range of a high fraud risk number is blocked in addition to all traffic already blocked by the 'Standard' setting. The ‘High’ AIT Protection level does not generate Fraud Alerts because all potentially fraudulent traffic is automatically blocked.

How to enable AIT protection

AIT Protection is included with Fraud Defender Advanced. To opt in, fill out this form or contact your Account Manager. Please note that, for now, AIT Protection can only be enabled for Vonage SMS services. You can configure global protection (covering all countries) and apply overrides for specific countries as needed.

1. Dashboard

From the dashboard, the 'Traffic rules' panel contains the 'AIT protection' section.

Dashboard AIT protection

Click 'Review' to see the AIT Rules page.

AIT standard config

Move the 'Enable' toggle to activate the configuration. This configuration will apply to all countries. In the following example we have enabled the ‘Standard’ protection level:

AIT standard config

Select the 'Edit' button to configure the desired protection level (High, Standard, None) and add exceptions for different countries (if needed):

AIT exception countries
AIT countries config created

2. API

The same steps can be done via the API. For example, I want to create AIT protection configuration with Standard protection level for all countries and add exceptions for some of them:

PUT
https://api.nexmo.com/v0.1/fraud-defender/configurations/protections/ait/sms

{
   "data":{
      "protection_enabled":true,
      "default_protection_level":"standard",
      "protection_level_per_country":[
         {
            "country":"AF",
            "protection_level":"high"
         },
         {
            "country":"AL",
            "protection_level":"none"
         }
      ]
   }
}

The API requires you to provide a country code in ISO 3166 format.

How to receive emails for AIT Fraud Alerts

An AIT Protection Fraud Alert is generated when potentially fraudulent SMS are not being blocked. Therefore, only "Standard" and "None" protection levels might raise Fraud Alerts. The "High" protection level blocks all potentially fraudulent traffic, meaning no Fraud Alerts are raised. Rejected SMS by AIT Protection will return error code 23. An AIT Fraud Alert represents the number of unblocked SMS within a one-minute window. For example, if your protection level is set to "None," you will receive an AIT Protection Fraud Alert every minute, indicating the number of potentially fraudulent unblocked SMS, if any. AIT Fraud Alerts are generated automatically. To receive an email notification when an AIT Fraud Alert is triggered, follow these steps:

  1. Ensure you are subscribed to Fraud Notifications. If you are the account primary user, you can do this from the Notifications tab under the API Settings page, otherwise reach the account primary user to get subscribed.
  2. Set up an Alert Action for AIT Protection Fraud Alerts: navigate to the Alert Actions page and verify that there is an Alert Action of type "AIT Protection" with the notification action set to "Notify". We recommend configuring a threshold value so that an email is sent only when a certain number of SMS are unblocked within a one-minute window.
Configure Fraud Alert Actions

The created action will be displayed in Alert Actions page.

Fraud alert action

You can also turn off notifications by selecting "Don't notify me" in the Actions field. You will still see alerts in the Alerts view, but you won't receive email notifications.

Switch off notifications