SMS Pumping Is Draining Your 2FA Budget — and Mobile-Originated iMessage 2FA Fixes It
SMS pumping is a type of fraud where attackers use automated scripts to trigger SMS 2FA codes to random or targeted phone numbers, often in high volumes, causing the service provider to incur significant costs per message. This drains the budget allocated for 2FA. The article presents a solution: mobile-originated iMessage 2FA. Instead of sending an SMS from the server, the user's device sends an iMessage to a predefined address or service, which then verifies the code. This approach leverages Apple's iMessage infrastructure, which is free for the sender and receiver, and eliminates the per-message cost of SMS. Additionally, because the message originates from the user's device, it is harder for attackers to spoof or automate, reducing the risk of pumping. The article claims this method fixes the budget drain caused by SMS pumping.
SMS pumping can inflate 2FA costs; iMessage 2FA offers a cost-effective and more secure alternative.