Prelude 2025 SMS Pumping Fraud Report: What 205 Million Authentication Requests Revealed

The 2025 SMS Pumping Fraud Report by Prelude highlights the evolution of SMS pumping into a significant fraud ecosystem, revealing that over 205 million authentication requests were analyzed, with 11.83% identified as fraudulent. SMS pumping, which involves exploiting SMS verification endpoints to create fraudulent traffic for monetary gain, has become pervasive due to its invisibility, as it does not cause immediate user-facing failures and can inflate metrics like Daily Active Users. The report notes that certain countries and carriers are disproportionately targeted, with residential proxies serving as the main attack infrastructure, making it difficult to distinguish fraudulent activity from legitimate user behavior. Machine learning has become essential in real-time fraud detection, as static rules fail to counteract the adaptive nature of these attacks. The report emphasizes that modern SMS pumping fraud is driven by economic incentives, and organizations need to implement robust defenses like prefix-based rate limiting and real-time monitoring to disrupt attackers' profitability and prevent repeat targeting.