Telecom Fraud Guide

A Guide to Detecting and Preventing Telecom Fraud

According to the Federal Trade Commission, telecom fraud continues to account for more and more fraud complaints each year. The numbers continue to grow and new technology has led to an onslaught of new telecom fraud tactics. The latest schemes are difficult to track and investigate because of their frequency, their layers of anonymity, and their global nature.

This guide will help you learn about the different types of telecom fraud and industry best practices for detection and prevention.

Three Major Categories of Telecom Fraud

We will divide the many telecom fraud schemes into three broad categories, based on who the fraudsters are targeting. These categories are:

Schemes to Defraud Telecom Service Providers

These schemes are the most complicated, and exploit telecom service providers using stimulated traffic, SIP trunking, regulatory loopholes, and more.

Schemes to Defraud Subscribers

This is simply any scheme that involves gaining access to someone else’s account to make free phone calls.

Schemes Conducted Over the Telephone

Also known as phone fraud, this category covers all types of general fraud that are perpetrated over the telephone

Schemes to Defraud Telecom Service Providers

Telecom Service Providers are particularly vulnerable to telecom fraud. Fraudsters are able to manipulate telecom regulatory systems to their advantage, and to the disadvantage of the service provider, in ways that are difficult to detect, trace, and prosecute. Fraudsters often take advantage of lax security practices of a service provider’s customers. A customer whose network has been compromised will often refuse to pay large fraudulent charges, leaving the service provider to cover the bill. Finally, attacks frequently happen over holidays and weekends, when networks are often monitored less closely.

The industry best practice for detecting and preventing this type of telecom fraud is to monitor call detail records (CDRs) in real time for suspicious traffic or call patterns. To truly shut down fraud, any fraud prevention system should be combined with call routing technology. NexOSS and SDReporter from TransNexus are currently the only solutions that combine fraud detection with routing. This means that when suspicious traffic is identified, the TransNexus platforms will automatically change the outgoing calling plans to re-route dangerous traffic, stopping the fraudulent activity before it gets started.

Call Transfer Fraud

One type of telecom fraud that has been a particular issue for soft switch users is call transfer fraud. In this scenario, the fraudster hacks into a PBX and uses that PBX’s services to make free long distance calls. By instructing the compromised PBX to transfer the call to the hacker’s own phone service, subscribers to the fraudster’s phone service can speak to their international destinations through the hacked soft switch, and the soft switch operator cannot bill the hacker’s subscriber. Those familiar with three way calling will recognize the inspiration for call transfer fraud.

Call Transfer Fraud Scenario

Call Transfer Fraud Scenario

  1. Hacker phone service hacks unsuspecting PBX to make a call to make international calls
  2. PBX sends SIP INVITE to soft switch
  3. Softswitch routes call to international carrier
  4. Hacker instructs PBX to blind transfer call to Hacker Phone Service
  5. PBX sends SIP REFER to soft switch to blind transfer call to Hacker Phone Service
  6. Softswitch sends SIP INVITE to Hacker Phone Service
  7. Hacker’s Subscriber speaks to international destination through soft switch.

Most soft switches have no way of tracking a call once it is transferred out of the network, so fraudsters can generate a significant amount of traffic and revenue for themselves before being caught.

False Answer Supervision

When a dialed phone number is not in service, the calling party will hear a brief recording telling them the number is not longer in service. There is no answer supervision or connection between the calling and called party. Since the call never connects, it is an incomplete call and should not be billed. However, fraudsters use false answer supervision to make these calls appear as completed calls which may be billed. Perhaps the fraudster has published rates for terminating calls without any intention of actually completing the calls. Here, service providers will route calls through the fraudster, who, instead of terminating the call, will play a not in service message and then bill the service provider for more than 10 seconds of calling. This type of fraud hurts the originating service provider both by costing money, and by hurting their reputation. The key indicators of this type of fraud are:

  • Short phone calls
  • Calling party hangs up nearly 100% of the time
  • High answer seizure ratio

False Answer Supervision Fraud Call Scenario

false-answer-supervision

  1. Subscriber makes a call
  2. Service provider routes calls to its wholesale Least Cost Routing Provider
  3. The wholesale customer routes the call to a wholesale provider who has been chosen for its exceptionally good rates to certain high cost destinations
  4. In most cases, the wholesale provider completes the call, but in some cases, the wholesale provider routes calls to the high cost destination with a “false answer” – charging for a completed call, without ever trying to complete it.

Location Routing Number Fraud

Location Routing Number Fraud or LRN fraud works based on the desire of some service providers to avoid extra charges from LRN “dips.” Most providers will run an LRN dip to determine the correct LRN for a dialed number. However, many service providers will not perform an LRN dip if the LRN is already in the SIP message. Fraudsters take advantage of this by inserting fake LRNs into their calls. For example, they may insert the LRN for a relatively cheap terminating destination, when the call is actually going to a high cost rural destination. The service provider will then bill the fraudster for the cheaper call, but will have to eat the cost of the expensive rural call. In some cases, this can be up to 5x the price they billed the fraudster.

Location Routing Number Fraud Call Scenario

LRN-Telecom-Fraud

  1. Source Network sends a call to a wholesale provider with an incorrect low cost LRN in the SIP INVITE
  2. Provider charges the Source Network for a call to the incorrect LRN
  3. The provider completes the call
  4. The correct LRN for the call is more expensive than expected. The provider loses money, and the Source Network gets below cost termination.

Revenue Sharing Fraud

Revenue share fraudulent activities are those which abuse carrier interconnect agreements. Cooperation is the key to this type of fraud. The fraudster’s goal is to pair up with a destination that can charge high rates, and then inflate traffic to his numbers at little or no cost to himself. These types of schemes can occur within a country, or across international borders. Though they may not be technically illegal, they are often also paired with PBX hacking or other forms of fraud that generate illegal and artificial traffic.

How to Detect Revenue Sharing Fraud

The typical call signature for revenue sharing fraud is a spike in traffic to high cost destinations. Because these spikes often occur over holidays or weekends, service providers must have a monitoring and alarm system in place that will stop the fraud immediately. TransNexus solutions monitor call detail records (CDRs) in real time. They look at five minute samples of call attempts for suspicious spikes. When a spike occurs, the solutions will send email and SNMP fraud alerts. In addition to the alarms, TransNexus solutions may be configured to re-route calls or change the outgoing dial plan of subscribers who may have been compromised.

Multiple Transfer Fraud

Multiple call transfers are a sophisticated technique for doubling International Revenue Sharing Fraud while making the fraud more difficult to detect.

Multiple Transfer Fraud Scenario

  1. Fraudster phone service hacks an enterprise PBX to make calls to high cost destinations
  2. PBX sends SIP INVITE to service provider’s soft switch
  3. Service provider routes call to high cost destination
  4. Fraudster instructs PBX to transfer call to another high cost destination
  5. The fraudster hangs up. The call between the two high cost destinations remains in place.
  6. Fraudster shares in the revenue from the fraudulent calls.
  7. Fraudster repeats steps 2-6 to set up hundreds or thousands of simultaneous calls

Once the calls are transferred, they stay up until the carrier shuts it down. TransNexus customers report calls staying up for over 24 hours. On many platforms transferred calls don’t count against concurrent calls, and most switches won’t cut a call record until the call is over. If the criminal is clever, he will transfer dozens or hundreds of calls concurrently. They are pinned in the network, and can go unnoticed until it is too late.

How to Detect Multiple Call Transfer Fraud

The typical call signature for any type of IRSF is a spike in traffic to high cost destinations. Because these spikes often occur over holidays or weekends, service providers must have a monitoring and alarm system in place that will stop the fraud immediately. TransNexus solutions monitor call detail records (CDRs) in real time. They look at five minute samples of call attempts for suspicious spikes. When a spike occurs, the solutions will send email and SNMP fraud alerts. In addition to the alarms, TransNexus solutions may be configured to re-route calls or change outgoing dial plans.

Call Forwarding Fraud

The call forwarding hack is a more sophisticated form of VoIP telecom fraud. In this case, fraudsters are hacking through the user access web portal of an enterprise PBX. By guessing a user’s password, they can login to a PBX, and configure call forwarding to an expensive long distance destination to profit from IRSF. Then the hacker will call the telephone number of the hacked account which forwards the call for IRSF.

Call Forwarding Fraud Scenario

  1. Fraudster accesses the web interface of a PBX or IVR of a voice mail system, compromises a user’s login and password, and sets the user’s account to forward calls to a high cost destination.
  2. Fraudster calls the compromised number over either the PSTN or VoIP.
  3. Compromised PBX forwards the call to the service provider’s softswitch.
  4. The service provider switch forwards the call to the high cost destination. The service provider must pay to complete the fraudulent calls, but rarely receives payment from the enterprise with the compromised PBX.
  5. The fraudster shares in the revenue from the fraudulent calls.
How to Detect Call Forwarding Fraud

The typical call signature for any type of IRSF is a spike in traffic to high cost destinations. Because these spikes often occur over holidays or weekends, service providers must have a monitoring and alarm system in place that will stop the fraud immediately. TransNexus solutions monitor call detail records (CDRs) in real time. They look at five minute samples of call attempts for suspicious spikes. When a spike occurs, the solutions will send Email and SNMP fraud alerts. In addition to the alarms, TransNexus solutions may be configured to re-route calls or change outgoing dial plans.

International NANPA Fraud

The NANPA (North American Numbering Plan Administration) lists both numbers within the United States, as well as select international numbers found in North America, the Caribbean, and US territories. At the same time, many switches do not consider numbers listed in NANPA as international, even though they are off shore. Our customers report that this leaves them vulnerable to International Revenue Share Fraud (IRSF) because they cannot block calls to certain off shore high fraud destinations like the Caribbean.

For organizations who cannot block off shore numbers listed in NANPA or the LERG, TranNexus solutions offer a work around. TransNexus solutions monitor call detail records (CDRs) in real time. They look at five minute samples of call attempts for suspicious spikes. When a spike occurs, the solutions will send Email and SNMP fraud alerts. In addition to the alarms, TransNexus solutions may be configured to re-route calls or change the outgoing dial plan of subscribers who may have been compromised.

International Revenue Sharing Fraud (IRSF)

International Revenue Sharing Fraud (IRSF) is, without a doubt, both the most damaging and the most prevalent VoIP telecom fraud scenario. Revenue share fraudulent activities are those which abuse carrier interconnect agreements. The fraudster partners with a local carrier that charges high rates for call termination and agreement to share revenue for any traffic generated by the fraudster. Common destinations for these calls include West African countries, UK mobile numbers, and satellite phones.

IRSF is characterized by large amounts of calls, often with long duration, to a single destination. While it is not difficult to detect IRSF by examining Call Detail Records (CDRs), by the time you collect the CDRs, the damage has been done.

“IRSF is the most common form of fraud we see,” said Ryan Delgrosso, CTO of Phone Power. “The international carrier that delivers the last mile is obligated for paying the final destination telco. They charge the carrier that sent them the call, and the cost flows downhill until you get to the access point that was compromised. Further complicating matters, these schemes always cross international boundaries making pursuing it from a criminal perspective almost impossible. Access or retail service providers usually end up eating the costs.”

The first step for a potential VoIP fraudster is gaining illegal access to your network. As with any large network, it is nearly impossible to protect every access point to a VoIP network. This is especially true for retail service providers whose customers access the service provider’s network over the Internet using a wide range of different access devices. Residential or small business customers access the service provider network using analog telephone adaptors (ATAs) that may be easily compromised. Larger enterprises may access the service provider’s network via a SIP trunk connected to a Private Branch eXchange (PBX) which aggregates traffic from hundreds of SIP phones. Many of the SIP phones may be on the public Internet and completely removed from any security precautions that could be enforced the enterprise or service provider. In addition, lax PBX security precautions can make PBX hacking a simple task.

The typical call signature for revenue sharing fraud is a spike in traffic to high cost destinations. Because these spikes often occur over holidays or weekends, service providers must have a monitoring and alarm system in place that will stop the fraud immediately. TransNexus solutions monitor call detail records (CDRs) in real time. They look at five minute samples of call attempts for suspicious spikes. When a spike occurs, the solutions will send Email and SNMP fraud alerts. In addition to the alarms, TransNexus solutions may be configured to re-route calls or change outgoing dial plans.

Traffic Pumping

Because of telephone regulations, long distance carriers must pay access fees to local exchange carriers for calls to those carriers’ local subscribers. Rural carriers may charge substantially higher access fees than urban carriers. In order to increase their incoming call volume and revenue, some rural carriers partner with telephone service providers to route their calls through the rural carrier. These often include phone sex or free conference call providers, who expect a high volume of incoming calls. A similar scenario occurs internationally, with fraudsters making setting up conference servers in third world countries and making deals with the local (often state owned) telephone company.

To qualify as access stimulation or traffic pumping, a fraudster must:

  • Have a revenue share agreement between the terminating carrier that stimulates demand
  • Have a 3 to 1 increase in interstate terminating to originating traffic or 100% traffic growth in a month year over year.

In this case, authorities can step in and force the terminating carrier to re-file their access tariff with the public utilities commission within 45 days. Because of the extra traffic, the terminating carrier would no longer be eligible for the high access fee, and will likely be dropped from the revenue sharing agreement.

The typical call signature for traffic pumping fraud is a spike in traffic to high cost destinations. TransNexus solutions monitor call detail records (CDRs) in real time. They look at five minute samples of call attempts for suspicious spikes. When a spike occurs, the solutions will send Email and SNMP fraud alerts. In addition to the alarms, TransNexus solutions may be configured to re-route calls or change outgoing dial plans.

Voice Mail Hacking Fraud

Voicemail hacking was an early form of communications fraud. It can happen simply and easily through the telephone network. It is a problem rampant enough that even the FCC has recently issued guidelines on how to avoid becoming a victim. Here, a hacker need only find a device with an easy-to-break password. Some voice mail systems have static or easily guessed default passwords, and users often do not change the default. Recent studies have shown that the password 1-2-3-4 constitutes nearly 5% of Voice Mail passwords – 7x the frequency of the next most common password (0-0-0-0).

Criminals can easily use this straightforward technique for International Revenue Sharing Fraud (IRSF). Once they have the password to an account, it is a simple matter in many Voice Mail systems to exploit the “Call Back” feature – that feature that allows a user to immediately return a missed call. The criminal calls the phone number, leaving their IRSF number as the “call back” number. Then, they login to the account, find their missed call, and return it, signaling the Voice Mail to initiate a call to their IRSF number. Once the call is connected, a criminal can attempt to leave it up as long as possible, often hours or days.

The typical call signature for any type of IRSF is a spike in traffic to high cost destinations. Because these spikes often occur over holidays or weekends, service providers must have a monitoring and alarm system in place that will stop the fraud immediately. TransNexus solutions monitor call detail records (CDRs) in real time. They look at five minute samples of call attempts for suspicious spikes. When a spike occurs, the solutions will send Email and SNMP fraud alerts. In addition to the alarms, TransNexus solutions may be configured to re-route calls or change outgoing dial plans.

One Ring and Cut (Wangiri) Fraud

Wangiri, in Japanese, means “one and cut.” That is, one ring and a cut off phone call. A wangiri phone fraud scheme relies on this single ring method for a quick way to make money. A fraudster will set up a computer to dial a large number of phone numbers at random. Each rings just once, then hangs up. This leaves a number as a missed call on the recipients’ phone. Users often see the missed call and believe a legitimate call was cut off, or are simply curious as to who called, so they dial the missed number. The number turns out to be a premium rate number – anything from advertising to “free prizes” to sex services.

There is also an SMS variant of Wangiri fraud that has been reported recently. In this variation, subscribers receive an SMS message like “Please call me back, this is urgent!” as a way to entice them to return a call.

One Ring and Cut (Wangiri) Fraud Scenario

one-ring-and-cut-wangiri-telecom-fraud

  1. The Fraudster sets up calls to voice subscribers, but hangs up after one ring. This means that the fraudster isn’t charged for making the calls.
  2. Curious subscribers see a missed call on their phones, and return the call, not realizing that the number is actually a high cost destination.
  3. If subscribers are on a flat rate plan, the service provider will be left paying high termination costs with no corresponding increase in revenue
  4. The Fraudster shares in the revenue from the fraudulent calls.

The typical call signature for wangiri fraud is a spike in traffic to high cost destinations. TransNexus solutions monitor Call Detail Records (CDRs) in real time. They look at five minute samples of call attempts for suspicious spikes. When a spike occurs, the solutions will send Email and SNMP fraud alerts. In addition to the alarms, TransNexus solutions may be configured to re-route calls or change outgoing dial plans.

Toll Bypass Fraud

Bypass fraud is the unauthorized insertion of traffic onto another carrier’s network. You may also find this type of fraud referred to as Interconnect fraud, GSM Gateway fraud, or SIM Boxing. This scenario requires that the fraudsters have access to advanced technology, which is capable of making international calls appear to be cheaper, domestic calls, effectively “bypassing” the normal payment system for international calling. The fraudsters will typically sell long distance calling cards overseas. When customers call the number on the cards, operators are able to switch the call to make it seem like a domestic call.

What is Toll Bypass Telecom Fraud?

Bypass fraud is the unauthorized insertion of traffic onto another carrier’s network. You may also find this type of fraud referred to as Interconnect fraud, GSM Gateway fraud, or SIM Boxing. This scenario requires that the fraudsters have access to advanced technology, which is capable of making international calls appear to be cheaper, domestic calls, effectively “bypassing” the normal payment system for international calling. The fraudsters will typically sell long distance calling cards overseas. When customers call the number on the cards, operators are able to switch the call to make it seem like a domestic call.

Toll Bypass Fraud Call Scenario

toll-bypass-telecom-fraud

  1. Service provider has the choice to route a subscriber’s call to a more expensive Wholesale Provider (A) or a lower cost “Gray Market” Provider (B)
    A2. Service Provider routes call to Wholesale Provider
    A3. Wholesale Provider pays a toll to the international Legacy Telephone Company (PTT)
    B2. Service Provider routes call to a lower cost fraudulent wholesale provider
    B3. The fraudulent wholesale provider routes the call through a SIM Box
    B4. The international call routed through the SIM Box to a cell tower looks like local subscriber traffic, so the fraudulent service provider pays a significantly reduced toll.

Inter/Intra State Toll Bypass Fraud

Bypass fraud is the unauthorized insertion of traffic onto another carrier’s network. Inter/Intra State toll bypass fraud attempts to bypass the higher tolls of inter-state traffic by making it look like intra-state traffic.

Inter/Intra State Toll Bypass Fraud Call Scenario

inter-intra-state

  1. Subscriber places an intra-state call
  2. Fraudulent Service Provider changes the calling number of the call so that it appears to be a less expensive inter-state call
  3. Wholesale Long Distance Provider routes call to the LEC as an inter-state call
  4. LEC completes the more expensive intra-state call, but charges for a less expensive inter-state call

Toll Free Fraud

Toll Free Fraud can affect any business that uses a toll free number. In this scheme, a fraudster will typically make a profit sharing agreement with a CLEC. He will then use VoIP technology to make multiple calls to a toll free number – often that of a large corporation. The CLEC will perform a dip to the SMS 800 database, and then transfer the call to another network for termination, earning something like 1.5 cents per minute in switched originating access fees. The fraudster will then navigate the automated IVR prompts, avoiding connecting to a live operator. These calls are often left up for hours at a time and automated so multiple calls will be made at once. When large companies, like financial institutions, are targeted, they frequently don’t even notice the huge charges racked up by toll free fraud, even though they are expensive, long calls.

toll free fraud scenario

  1. Fraudster makes calls to toll free customer
  2. CLEC pays for an Toll Free Database dip
  3. CLEC routes the call to the designated Toll Free Provider
  4. Toll Free Provider completes the call to the Toll Free customer
  5. Toll Free Customer pays the provider the service fee
  6. Toll Free Provider pays the originating access fee to the CLEC
  7. The CLEC makes a profit sharing payment to the fraudster

Wholesale SIP Trunking Fraud

Fraudulent wholesale trunking is a relatively new phenomenon, but one that is growing in popularity and difficult to detect. In this scenario, the fraudster is actually making money by selling wholesale trunking services, using stolen credentials to terminate the calls. The key calling signature for this type of fraud is a huge number of apparently random calls. The destinations are not particularly high cost, but neither are they cheap. Countries like Vietnam, Laos, and other middle-priced Asian countries show up often. The traffic often appears to be to residential numbers.

TransNexus customers have reported tracing this type of fraudulent traffic coming from prepaid calling card companies operating a VoIP platform in an offshore colocation facility. Prepaid calling services are well suited to exploit this type of fraud since there are no calling numbers linked to customers. The IP address of the prepaid calling platform is the only link to trace the fraudster. Unfortunately, geolocation cannot always be used to identify the fraudster. These services can be offered via a tunnel through the internet that hides the true IP address of the fraudster. The public IP address of the fraudster’s calling platform could be the IP address of a hosted Virtual Private Network (VPN) service while the actual prepaid calling platform is located in a different part of the world.

Wholesale SIP Trunking Fraud Scenario

Wholesale-Sip-Trunking-Telecom-Fraud

  1. Fraudster steals subscriber’s credentials
  2. Fraudster’s softswitch registers with service provider’s softswitch using stolen user name and password
  3. Legitimate user places a call
  4. Fraudster sends INVITE to service provider’s softswitch
  5. Softswitch routes call to international long distance destination

Wholesale SIP trunking fraud is often difficult to detect because the call patterns look similar to normal subscriber usage. For these types of fraud events, we have found that a 60 minute sample of call duration data by call source provides the best detection. By tracking the fraud score for call duration, TransNexus solutions effectively monitor the spend rate of each call source.

Schemes to Defraud Subscribers

Subscriber fraud can affect any phone owner. It encompasses any fraud that involves using another person’s account to make free phone calls. Subscriber fraud may be as simple as using a lost or stolen phone or SIM card. The best way to combat subscriber fraud is to educate subscribers on basic security best practices, including creating and protecting strong passwords, and carefully examining bills for unrecognized calling activity.

Calling Card Fraud

Calling card fraud can happens in a number of ways. Fraudsters might call subscribers and pose as a service provider representative, and then ask for calling card numbers for verification purposes. Another common scenario is that someone watches or listens as the subscriber punch in or read their calling card number at a payphone. Subscribers should be aware of anyone calling to request calling card verification. They should only give out their card number when placing a call through an operator. Subscribers must also be careful that no one is watching when they key in their card PIN or any other PIN.

Lost or Stolen Phones and SIM Card Fraud

If a criminal gains access to a subscriber’s lost or stolen phone, he will be able to gain unauthorized access to the subscriber’s network. Once recognized as a ‘bona fide’ customer, fraudsters then have access to a network and are able to carry out revenue generating schemes that can seriously damage reputation and bottom-line profits. The true impact of subscription fraud often goes unrecognized because providers mistake it for bad debt. Subscribers should report lost or stolen equipment immediately to their service provider. Service providers can often add the lost device to the national list for lost or stolen mobile devices so that it cannot be used on their own or other service provider’s networks.

Virus Auto Dialer Fraud

An auto dialer virus uses a subscriber’s dial-up modem and phone line to make long distance calls without their permission. Subscribers may inadvertently acquire an auto dialer through viruses, spyware or hackers. Subscribers may prevent virus auto dialer fraud by using anti-virus programs and a firewall. Subscribers should be aware of their computer’s dial-up internet access and usage, and program modems to make a dialing noise, so they can tell when it makes a new connection. When not in use, subscribers should unplug phone lines from their computers.

Schemes Conducted Over the Telephone

Criminals of all sorts use telephony as a tool to defraud consumers and businesses. Phone fraud is a huge category, and can cover anything from Nigerian prince style scams to identity theft to extortion. TransNexus does not offer a solution to protect against these types of fraud, though there are other solutions on the market that can.

Account Takeover

With this type of telecom fraud, the fraudster generally attacks something like a financial institution. Fraudsters will call financial institutions and maliciously impersonate another customer in order to steal the contents of an account. Pindrop Security estimates that a financial institution taking 50,000 calls per day will lose over $10 million per year to phone fraud losses. It is not an easy task to distinguish between legitimate callers and phone fraud. One way is by using phoneprinting technology to analyze the audio content of a phone call. Pindrop Security offers solutions that measure certain characteristics of the audio signal to form a unique fingerprint for each call. In addition, they can identify the region the call originated from and determine if the call was from a landline, cell phone or specific VoIP provider. These pieces of information provide an high levels of insight into caller behavior.

Phoneprinting routinely identifies over 80% of inbound fraud calls to enterprise contact centers, saving millions of dollars in losses and contact center expenses a year.

Telecom Denial of Service (TDOS)

Telecom Denial of Service (TDoS) attacks are similar to traditional data network denial of service (DDoS) attacks. In a DDoS attack, unauthorized users flood a system with too many access requests, preventing legitimate users from accessing the network. For TDoS, fraudsters make a huge number of phone calls, keeping them up for long durations, and overwhelming the capacity of an organization’s phone network.

TDoS attacks can impair a voice network’s availability, but can also be used as a tool for extortion. TDoS attacks have been in the news recently as a threat to public safety, as fraudsters have taken to using TDoS attacks against hospitals, police stations, and other public services.

If your organization suffers from a TDoS attack, it is important that you save as much information as possible about the attack. Save the voice recording of suspects, phone numbers, start and stop times, number of calls per hour, ANIs, and IP addresses. Retain all call logs and IP logs. After the attack, you can then use the information to file reports with the FBI’s Internet Crime Complaint Center and your local police department.

Vishing

Phishing is a form of fraud that uses email messages with phony addresses, websites or pop-up windows to gather your personal information, which can then be used for identity theft. A form of phishing that uses the telephone instead of email is known as Vishing or “Voice Phishing.”

Vishers pose as a legitimate business to attempt to gather information from someone. That information can then be used for identity theft or other forms of fraud.

Visihing Fraud Scenario

  1. Fraudster calls the utility company while spoofing the ANI of a customer. The fraudster then navigates the utility’s phone system to gather customer data, especially credit balance.
  2. Fraudster calls customers who are behind on their payments while spoofing the utility company’s ANI. The fraudster, pretends to work for the utility company, and demands payment over the phone in order to get the customer’s credit card information.

Don’t give out your personal information. Legitimate companies will never call or email you to request information such as passwords, bank account information or credit card numbers unless they’re responding directly to an inquiry you know you have made. To make sure you’re dealing with the real company, you can always contact us them directly. Be cautious about posting personal information on public websites, such as social networking sites. Fraudsters might use those details to gain your trust.