How to Protect Yourself From Telecom Frauds
Every industry is at risk of fraud, and the telecommunications industry is no exception. Telecom frauds can hit providers and customers alike, albeit through different methods. This type of fraud has unfortunately turned into a big business; these immoral acts funnel billions of dollars every year from carriers’ and subscribers’ accounts into the hands of criminals and morally compromised individuals.
Types of Telecom Frauds
International Revenue Share Fraud (IRSF)
IRSF is when attackers artificially inflate traffic to international premium rate numbers (IPRN). It has plagued the telecom industry and any digital business using a voice- or SMS-based one-time password (OTP). These attacks cause losses running into millions of dollars annually. Unfortunately, the attacker is usually in cahoots with a carrier.
Simply put, the attacker triggers the voice- or SMS-based OTPs, ranging from high-volume attacks to low-and-slow ones. Clueless, the consumer-facing business forwards the OTP request to a communication provider. The provider then forwards it to a carrier. Usually, It passes from carrier to carrier before it reaches the intended consumer. However, in the case of an IRSF attack, the corrupt carrier intercepts it and forwards it instead to an IPRN. Since “terminating” a call on an IPRN is expensive, the consumer-facing business is billed the excessive charges and is stuck absorbing the losses.
There are a couple of ways individuals and businesses can protect themselves from international revenue share fraud:
- Prevent scripted attacks by using a script breaker such as CAPTCHA.
- Gain PRN intelligence to identify rogue PRNs and predict the possibility of an IRSF attack.
- Deploy billing alerts for steep transactions.
- Prepare by leveraging network-level, signaling data, and smart fraud prevention tools.
Interconnect Bypass Fraud/ Sim Box Abuse
This scam involves the exploitation of the difference between high international interconnect rates and low retail rates. Under normal circumstances, traffic goes from its origin to its destination by passing from carrier to carrier. Every carrier charges for receiving the traffic and pays to route it to the next courier in the chain. However, in the case of interconnect bypass fraud, the morally corrupt carrier manipulates the routes and takes advantage of the difference between low and high termination rates.
Certain companies offer software, often AI- and ML-based, for detecting and preventing interconnect bypass fraud. Take a look at the Subex bypass fraud solution powered by AI. It offers enhanced sim box detection using a Test Call Generator (TCG), Machine Learning, and Self-Learning Rules. Furthermore, it is equipped with an anomaly engine capable of identifying unknowns, making it future-ready to address next-gen frauds. The software also supports open-source technologies and Android handsets operating as TCG probes, significantly reducing the Capex.
PBX Hacking
A company’s private branch exchange (PBX) consists of its private network allowing users to talk with each other. PBX hacking criminals look for a company’s vulnerability. Once that’s done, and they manage to get in, the individual makes international calls. Subsequently, the clueless PBX owner foots the bill. Several steps need to be taken to prevent such fraud:
- Choose VoIP
- Change Voicemail Passcodes
- Disable or Restrict Voicemail Call Thru
- Do Not Post a DID Directory Online
- Restrict Voicemail Access Attempts
- Disable Past Mailboxes
- Schedule Routine PBX Checks
- Lock Your PBX Closet
- Upgrade from digital to IP
Spoofing
Calling Line Identity (CLI) spoofing is common and includes robot calls, one-ring scams, and phishing. The caller ID displays false information, usually that of a trusted brand or institute. Unbeknownst to the victim, the criminals then steal valuable personal information using scripts.
The outcome of these attacks could be catastrophic, but there are ways to reduce their likelihood and impact:
- Employ Packet Filtering with Deep Packet Inspection
- Authenticate users and systems
- Use Spoofing Detection Software
- Use Encrypted and Authenticated Protocols
Subscription Fraud
This situation occurs when a morally compromised individual fraudulently obtains mobile devices through identity theft. The identities are acquired through phishing or bought on the dark web. There are three main ways to protect the company from such fraudulent behavior:
- Smart Authentication
- Biometrics
- Document Authentication
Wangiri Fraud
This telecommunication fraud involves striking curiosity in customers by calling, ringing once, and immediately hanging up. The victim then calls back, unknowingly calling an expensive premium number. This scam is also applicable to SMS. The victim receives a message prompting them to call back a designated number.
There are several actions the operator can take to detect and protect their business from Wangiri calls. Detecting enticing calls relies on monitoring incoming calls from high-risk countries, a large number of incoming very short or unanswered calls, and customer complaints for calls coming from unknown international numbers. As a business owner, the operator beware of outgoing calls from many subscribers to international numbers with unfamiliar or high-risk country codes. Those signs are indicators of Wangiri callback calls.
Furthermore, informing and warning the subscribers is always a good idea, as an educated subscriber base goes a long way in avoiding these problematic situations. Experts also advise keeping an updated blacklist of known fraudulent numbers. They also recommend routing any outgoing calls to suspected high-risk countries to a pre-announcement informing the caller of the potential risks and costs.
Having preventions in place is as essential as having a solution. So, blocking incoming and outgoing calls from/to known Wangiri number ranges is the first on the list of preventative measures for businesses.
Final Thoughts
While technology is a fantastic aid to humanity, there must be more education surrounding its dangerous uses. Individuals planning to get involved in sectors utilizing and relying on technology must have adequate knowledge to protect themselves and their businesses from nefarious people. Unfortunately, many fall victim to the lack of tech savviness and end up bankrupt and destitute because their operations were compromised and their customers lost trust in them. It is best to invest in professional telecom security as it is better to prevent than lose an exuberant amount of money to scams and frauds.
Inside Telecom provides you with an extensive list of content covering all aspects of the tech industry. Keep an eye on our Telecom sections to stay informed and up-to-date with our daily articles.