Message received — and deceived: Fighting the onslaught of text scams

The flurry of texts about unpaid highway tolls. The constant calls from unknown numbers. The offers of a bucket-list vacation for cheap. Even dream job offers. These are just a few ways scammers exploit our newly interconnected world.  

Although fraud and scams dates back to ancient Greece, mobile phones, the internet, automated tools and, more recently, the ability of AI to create voice clones of loved ones or craft hyper-personalized messages to fool potential victims have facilitated unprecedented economies of scale.

Whereas con artists used to rely on their silver tongue and well-stocked Rolodex, cybercriminals today have weaponized digital connectivity to cast a global net and operate with near invisibility.  
The fallout has been staggering. Scammers stole $1.03 trillion last year from victims around the world — more than the GDP of any but the 19 richest countries. Nearly half the global population encounters a scam each week. 

“The impact is on you and me; it's my mum, your dad, our children, our grandparents,” says Richard Cockle, head of Connected Industries at GSMA, the mobile network trade association. “Everybody knows somebody who’s been targeted in some form of fraud.”  

These days, the majority of scams start with a phone call (vishing attack) or text message (smishing). In vishing attacks, cybercriminals use sophisticated social engineering and impersonation to manipulate people into transferring funds for what they think is a legitimate cause.

For example, scammers might pose as an agent from your bank — even spoofing the bank’s number on your caller ID — and warn you that your account has been compromised. But if you follow their instructions to transfer the balance, your savings end up in the scammer’s pocket. Victims who are initially contacted by phone tend to suffer the highest losses — an average of $1,480 per person in the U.S. in 2023. 

Smishing attacks often begin with deceptive messages designed to lure you into downloading malware or revealing sensitive data. You might get a notice about an overdue parking ticket or an undelivered package, with a link to a genuine-looking payment form. Scammers use whatever information you enter to try to take control of your financial accounts. Between 2020 and 2024, the total cost of text scams quintupled in the U.S. 

Because cybercriminals take advantage of both telecommunications and financial networks, both industries have developed sophisticated fraud prevention tools — but neither has enough data to track the full lifecycle of a scam on its own. So Mastercard is teaming up with Deutsche Telekom, and GSMA to share insights and fight bad actors from multiple angles.

“Fraudsters don't differentiate between data sources, so why should we?,” asks Din Uppal, Mastercard’s global vertical lead for technology, media and telecoms. “If we’re going win the fight against fraud and scams, it has to be a team effort.”  

Zooming out 

The best time to stop a scam is before any money leaves the victim’s account. But spotting fraudulent payments among the millions of genuine transactions every day can be like looking for a needle in a haystack. In many cases, customers are tricked into sending the money.  

Most fraud detection systems only pick up on unusual payer behavior, such as an elderly customer suddenly sending multiple large sums. To detect scam in real time, financial institutions need a broader perspective. In 2023, Mastercard added another dimension to banks’ safeguards by introducing Consumer Fraud Risk. CFR is an AI solution that scrutinizes both sending and the recipient account — including its transaction volume, payment values and links to mule accounts — to detect the telltale traits of a fraudster. Layering that intelligence with the bank’s existing systems, CFR infers the risk of every impending payment and delivers a risk score in real time. Earlier this year, Mastercard and Feedzai announced plans to scale Consumer Fraud Risk to customers in key markets. 

While Mastercard has a network-wide view into its clients’ transactions, it  has limited visibility into consumers’ other digital interactions. Telecoms, on the other hand, can’t see where or when customers are spending. But they can access reams of connectivity data. In fact, wireless providers are reliable sources for a user’s mobile number, location and call history. All can be obscured or manipulated in the phone’s operating system, but not in the cellular network’s database. 

Sharing intelligence to combat fraud and scams 

By collaborating with Deutsche Telekom, and GSMA, Mastercard is looking to broaden  visibility into fraud and scam blind spots . For example, when telecom operators analyzed the call histories of bank customers who fell victim to scams, they found that 80% were on the phone — presumably with their scammers — while authorizing the transfers.  

By uncovering these new patterns in data, Mastercard and its partners are making it possible to detect risky transactions much earlier. 

“We are being permanently attacked by fraudsters,” says Andrzej Ochocki, head of Identity Management at Deutsche Telekom. “But by joining forces with Mastercard, we can protect customers from scams today and stay ahead of new forms of cybercrime.” 

Consumers can also keep themselves safe by looking out for red flags — such as messages or calls from unfamiliar numbers, strange links and requests for personal information. Scammers often create a false sense of urgency, so be wary of pressure to take immediate action. If you receive a call from someone claiming to be from your bank or credit card company, hang up and dial the number on the institution’s website.  

“If we can get each link in the chain, from telecoms to financial institutions to customers, to do their part,” Cockle says, “we can make the digital age a lot safer for everyone.”