There are a few ways one can benefit from AIT / SMS Pump:

- Exclusivity: This is where an exclusivity deal is signed with a party for a specific route. But when those parties are engaging themselves with a minimum traffic volume and fail to meet their objectives, they tend to turn to AIT to achieve their objectives.

- Range Leasing: Here we have a rogue party leasing a number range and getting a revenue share of the traffic going through that range. MNO could be aware or not of the scheme.

- Range Hosting: Same as above but hosted on MNO. MNO could be aware or not of the scheme.

- CR Tampering: More complex scheme where a party would send lots of OTP to dead numbers in the hope to drop CR and DR. This might lead to the rogue party getting that traffic afterwards if the customer is looking at switching provider.

You don't control the number. When signing up for a service or setting up SMS 2FA, you need to initiate the process by inputting a number. Attackers input numbers that are very expensive to route to, and since SMS is not a flat rate service, when this happens at volume it gets very expensive very quickly. I've seen really scummy MNO's costing around ~25 cents per SMS.

Oh I see they profit from the fact that I'm charged to send the SMS, I thought they were profiting from the end user visiting a link (and generating ad revenue)

Thanks for explaining!

Thought experiment: Maybe if enough of us do it, companies will stop forcing us to use SMS for 2FA and let us use a proper authentication device instead.

The fraudster creates new accounts on your service for each of these phone numbers. They don't care about verifying the 2fa code. They just care that you send a text to those numbers.