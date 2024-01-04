The Madrid Institutes of Advanced Studies IMDEA Software and IMDEA Networks, together with researchers from the Carlos III University of Madrid, have discovered a “significant abuse” of applications that allow the generation, and subsequent use, of disposable numbers that do not require any registration in order to be used. A situation that allows cybercriminals to use them without leaving a trace while they try to carry out their online fraud by impersonating our identity.

One of the conclusions drawn from the study, which lasted more than 12 months, is that the use of this type of tools, which are initially designed to improve the privacy of users, has resulted in the possibility of evading measures. security features such as two-step authentication that is used by a growing number of applications.

A global pattern of abuse

All of the previously mentioned organizations expose “a global pattern of abuse that affects the main internet platforms and online services in the field of social networks, entertainment, education and finance.” In some cases, in fact, they have also been able to be linked to telecommunications services, public administrations and even banking entities. Although, yes, with a lower frequency than all of the above.

The report was presented at the RED 2023 Traffic Analysis and Measurement Conference and it is important to highlight that they are a clear indicator of the “worrying panorama” that these types of tools show to be used in order to attack user privacy. In many cases, helping to access personal accounts that contain a large amount of their data. Some of the companies that use SMS are Amazon, PayPal, Instagram or Google, among many others. So if you can access them by skipping two-step verification, your privacy is at risk.

Stricter security measures

In 2018, when the aforementioned organizations carried out the same investigation, they determined that there were “thousands” of disposable numbers that were used to create missing accounts. Currently, they are counted in “millions.” A clear demonstration of the current trend that these types of actions are following.

A scenario that requires “greater awareness and stricter measures” to combat the growing use of this type of tools. Find the perfect formula to achieve a balance between user privacy and the protection that any service with similar characteristics must have to prevent its use from ending up being oriented towards fraudulent activities or focused on online fraud. At the same time, the study also highlights that in recent years “online services have redoubled their efforts to combat the creation of fake accounts, identity theft and unauthorized access. This has been achieved mainly by taking advantage of SMS as a secure channel to send verification messages.”

However, it seems that cybercrime has also taken advantage of it to try to do precisely the opposite of what is intended by companies concerned about the privacy and security of their users.