Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Fraud requires that someone make a misrepresentation. Who makes a misrepresentation when SMS fraud is committed? What is the misrepresentation?

Is there any chance that this isn’t actually fraud and that companies who send out tons of text messages to any number a person specifies are just paying for their extraordinarily poor design?



I think the fraud here is that the user isn't an actual, legitimate user of the web service. Maybe 'user fraud' is a better term to use here.


The attacker misrepresents themselves as a legitimate user who just wants to set up 2FA on their account.


It's definitely fraud and it's definitely detectable when a 10000 block prefix of numbers sends 100x more SMS than every other prefix out of the blue.

It's basically a referral marketing campaign where the fraudster does revenue share with local sketchy infrastructure providers.


I mean, it feels like stealing but it would be complicated to build a case around a fraud charge given that no one ever actively told a lie.

Maybe this is taken care of in the user agreement or the terms of services? “User warrants that he is not trying to profit by use of the two factor auth system?” I’ve never read an agreement like this one.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: