Your message is highly valuable for us. One of our experts will follow up with you within 1-2 business days to discuss your request or to inquire for additional information if needed.
Reading time: 8 minutes
The second post from A Definitive Guide to Telecom Security, a series of security-focused publications by our Telecom experts, focuses on how voice fraud casts a serious toll on telecom companies and their customers. Last year, the total losses experienced due to voice fraud constituted   with International Revenue Interconnect Bypass and Traffic Pumping leading the way as top offenders.
So how do you fight back? By understanding how the common voice scams are engineered and implementing advanced detection mechanisms for identifying those early signs of fraud en masse.
The Common Voice Fraud Types and Their Impact on Telecom
IRSF (International Revenue Share Fraud)
As the name implies, this scheme assumes a backdoor revenue-sharing agreement between an IPRS or a communications provider and a fraudster who receives compensation for pumping paid traffic.
Annually, IRSF fraud is estimated to generate   in damages to businesses. Most telecom companies are well aware of this type of fraud. However, solving this issue remains a challenge since it is extremely hard to sift through all the daily traffic and identify abuse patterns using standard monitoring solutions as these give a high false-positive rate. That’s why the most forward-looking telecoms are exploring anomaly detection algorithms, powered by machine learning, along with other AI-driven telecom cybersecurity solutions and voice fraud detection software.
False Answer Supervision (FAS)
FAS fraud comes in two types:
- Early answer – a call connection (and the beginning of tariffing) takes place before the real subscriber answers the phone. You may have experienced this type of telecom voice fraud if you heard unusual RBT beeps for way longer than usual. Fraudulent agents do that to conceal the scam. Afterward, they receive a small cut from your call.
- Late disconnect – the call remains active and the billing clocks after the receiving party hangs up. The call will remain active until the original caller disconnects. An extreme variation of this scenario is called “call stretching”. In such cases, the fraudster will replay some part of your conversation or another pre-recorded announcement to keep you on the line for longer.
FAS is particularly problematic as it perpetuates on unsuspecting customers, resulting in high VoIP bills and, subsequently, high dissatisfaction with the telecom provider.
Number hijacking is another variety of FAS fraud. In such cases, however, the caller doesn’t get connected to the other party. What happens instead is that, the number hijacker or fraudulent operator uses various techniques to keep the customer waiting for the connections for as long as possible. They might play RBT sounds, on-hold jingles, fake IVR sounds – all for the sake of keeping the calling party active till the maximum call timer runs out.
Interconnect Bypass (SIM Box) is another common mechanism of intercepting traffic from legitimate providers. Using the public Internet, the fraudulent party routes call traffic to a local operator via a SIM box, so that the call ends with them.
By doing so, the bad actors replace the more expensive international interconnect with a cheaper (practically free) routing channel and pocket the difference. While this type of voice fraud doesn’t impact the customers as much, it certainly drains telcos’ budgets.
Roaming fraud schemes also assume the usage of SIM boxes. Several scenarios are possible:
- Billing delay – the fraudster implements a billing delay for the roaming calls to generate significant traffic volumes, up until their activity is discovered and the SIM box gets blocked.
- Subscription fraud – agents initiate access to SIM cards from one or more telecom service providers for roaming services and never end up paying.
Alternatively, the fraud may be continuously topping up foreign SIM-cards using stolen credit card data (without fully draining the account). In essence, it’s a minor case of money laundering that is particularly hard to track.
Roaming fraud is particularly lucrative and is estimated to cost the telecom industry  . In fact, a single malicious SIM card can generate an average of 18 hours of traffic, resulting in a retail loss of US$4,800 on average. In extreme scenarios, the figure can go up to $50,000 per hour.
Common Voice Fraud Techniques to Watch Out For
To know how to effectively battle voice fraud, you should also understand how the other party operates. Below is a quick overview of the common offense techniques telecom fraudsters use:
PBX systems still remain a relatively easy leeway for hackers to break into the telecom networks and wreak havoc. Weak password security is often to blame for that. That’s why the latest PBX phone systems often feature fraud prevention mechanisms, which leverage the voice recognition technology. When a fraudster gains access to a PBX business phone, they can pump up significant traffic levels for an IPRS, and the system owner later has to foot an enormous bill.
Several key practices for preventing PBX and VoIP hacking are as follows:
- Never use default or weak passwords
- Change all PINs and passwords regularly
- Implement access control measures
- Make sure all the systems get regular software updates installed.
Call Forwarding Fraud
A number of PBX phone systems let you enable call forwarding to a certain number. Oftentimes, a malicious party can hack into this process remotely by leveraging the system’s IVR and issuing commands via DTMF (dual-tone multi-frequency) signaling. Or they can break into your system by gaining access to an Internet-connected VoIP phone. In either case, the agent re-directs the expensive international traffic to the fraudulent numbers.
Wangiri (Missed Call Fraud)
Wangiri fraud (a Japanese term for one (ring) and cut) targets customers with a series of missed calls. When they decide to call back, the fraudster deploys CLI (caller ID) spoofing, deception, or IRSF fraud.
A wangiri campaign comes in two phases:
- Ping campaign – a series of 0-second calls, targeted at large customer databases. The fraudster doesn’t wait for an answer and just leaves a missed call from an IPRS number.
- Call back – when an unsuspecting customer decides to return the call, they are usually greeted by a call center worker whose goal is to keep them on a paid line.
Google Voice Fraud
Google Voice fraud is a recent add-on to the collection. Also known as the  , this low-level technique doesn’t carry many risks but can be rather annoying for the users. A scammer usually approaches someone by phone in a response to advertising and asks the other party to send them a six-digital number they will shortly receive in a text message. The fraudster then uses the person’s phone number and code to set up a Google Voice account using their phone number and potentially spam others.
While this type of fraud does not expose your personal details, it can be rather annoying. If you suspect that you were targeted with this scam, go to your Google Voice account, and its settings, then add your phone number, and new verification code.
Best Practices for Combating Voice Fraud
The first step towards dealing with voice fraud is its detection. Most voice fraud detection apps can automatically scan through phone number databases, ranges, and destinations to determine “blacklist” callers. Whenever your monitoring system notices an incoming/outgoing call to one of these numbers, your team receives an alert for further investigation.
The second pillar of telecom anti-fraud measures is an advanced traffic analytics mechanism. Most of the voice fraud schemes mentioned in this post assume certain behavioral patterns. Learning to identify them in near real-time is the key to the effective fraud prevention.
Some of the common approaches to voice fraud detection include:
- Comparing measured call duration with the expected (average) length of calls.
- Analyzing frequent sequential ringing and call overlapping from the same numbers.
- Performing a statistical analysis of the volume of charged calls in relation to initiated calls (measuring ASR: answer seizure rate).
In most cases, telecoms employ software and hardware systems that analyze every call detail record and weed out the malicious ones based on the pre-configured traffic filtration rules. More recently, some companies have also started experimenting with neural networks for telecom fraud detection. For instance, one   lately have tested a neural network for detecting telecom subscription fraud that had a success rate of 85.7% – a higher figure than traditional voice fraud detection mechanisms can secure.
The last important approach to combating voice fraud is the dispute procedure. Encourage your customers to report fraudulent bills in a timely manner and according to the stated procedures. To start the dispute procedure, ask them to provide the following official documents:
- CDR analysis concluding fraud
- Fraud description based on the CDR analysis
- Official fraud letter from the operator
- Official letter stating that the operator has not been paid or experienced a loss for the specific portion of traffic that is now being disputed
- Police report
Once your company receives these documents, you can escalate the issue to an international communication provider and so forth. The goal of this procedure is to help wholesale telecom industry players jointly negotiate the terms for writing-off the fraudulent traffic bill. Doing so helps make voice fraud less attractive for the end-benefactors as they risk not getting their final cut.
Combating communication fraud is a challenging mission. While the fraud scenarios described above are not technically sophisticated, detecting such schemes among the large volume of traffic is complicated. However, by applying the right fraud prevention and detection techniques you can reduce the toll of voice fraud on your operations.
If you need extra telecom security expertise, Infopulse team would be delighted to step in. We have significant experience in delivering managed IT security services for telecoms and implementing ad-hoc anti-fraud solutions, powered by big data analytics, machine learning, and AI. Contact us!
About the Author
Andrii Ivanov has over 15 years of experience in telecom, who’s currently involved in Fraud Prevention and Service and Network Assurance activities at Infopulse. Andrii contributes to the project success of a leading telecom provider BICS. He’s also an expert in fraud issues analysis and prevention, detection rules creation and tuning, etc.  .