Types of fraudulent calls and how to prevent them | firez
Internet and Telecom

Types of fraudulent calls and how to prevent them

In 2022, the Communications Fraud Control Association reported a whopping $39.89 billion in telecommunications-related fraud. This number includes telecom provider, subscriber, and general toll fraud. This post explores the types of fraudulent calls and prevention measures to protect your business from criminal organizations.

International call fraud

International toll fraud is the best known type of toll fraud because the end user is typically the one who has to foot the bill. Criminals will gain access to an extension’s voicemail system and use the outcalling feature to dial international numbers, thus racking up thousands of dollars very quickly. It is important to use strong voicemail passcodes or disable the outcalling feature of voicemail completely.

Unfortunately, international call fraud is widespread, especially as criminals collaborate with corrupt foreign countries and termination service providers to share the stolen profit. International call fraud is more prevalent in certain destinations, such as the Middle East and Africa, so many carriers have started blocking calls to these countries altogether.

There are also two types of international call scams: 011 and NANP. Dialing 011 will allow you to make calls outside the US to foreign exchanges/countries. THE North American Numbering Plans (NANP), on the other hand, are areas outside the United States, but are not considered a foreign currency, such as the Caribbean, but are still very expensive to call and make up a significant portion of the fraud costs .

Domestic phone fraud

Man using a telephone headset looking at the phone bill.

If you’ve seen advertisements for « free » conference calling, that service is typically on « poison » call centers run by criminal organizations. End users using the teleconferencing service do not realize that they are part of a fraud scheme surrounding high frequency numbers. « Poison » and NPA-NXX rate centers are typically found in rural areas that have high rate networks. Rates are generally lower than international calls, but they can still generate a large number of toll frauds: $2.39 billion in 2022 alone.

Fraudulent toll-free number

Toll-free traffic pumping, also known as « number pumping » or « call pumping, » is a form of toll fraud that floods toll-free numbers with fake calls and racked up $4.54 billion in fraudulent calls in 2022 alone Criminals involved in pumping toll-free numbers set up fake telecom companies and charge the toll-call provider the carrier’s rates. This attack typically targets contact centers and IVRs, the caller will try to stay in the auto attendant/IVR as long as possible and release the call once an agent answers. Unfortunately, criminals start their attack gradually so that end users and providers don’t see a huge influx of free calls right from the start, rather the calls increase over time. One of the best ways to detect toll-free fraud is for agents to report callers who frequently hang up when the phone is answered. Many scammers will make calls out of hours, so it’s also important to check your call detail reports on a monthly basis.

Avoid fraud

Wangiri is a Japanese word for « one and size ». The wangiri fraud tactic makes outgoing calls to random numbers and hangs up after the first ring. The bad guys use high-cost destination numbers, so when someone answers the call, they try to keep them on the phone as long as possible to rack up costs.

Spoofing fraud

Spoofing Fraud involves criminals spoofing numbers or caller IDs so that the caller is appears be a legitimate company or person. Many times the spoofer will ask for money and use a sense of urgency to confuse victims. Spoofing is a huge problem in the telecom industry and unfortunately, many unsuspecting people have fallen victim to their schemes. It is important to report all occurrences of spoofing to the FCC as they can run tracebacks to try to determine the originator of the call. Learn more about spoofing here.

SMS fraud

SMS fraud is probably the easiest to detect as the text will come from a random number not listed in your contact list. The scammers will send a text message with a random link in the hope that you will click on it. The link could contain a virus, tracking software or a request for money. Scammers typically send the text message from a number that uses the same postcode (area code) as the end user, so it appears to be from a local individual. As always, don’t click on random links.

How to prevent toll fraud

As a system or service provider, it is important to always stay up to date on the latest fraud tactics, prevention measures and monitoring tools. For new service providers, we recommend always using strong hardware and software level passwords, not exposing MAC addresses, disabling web user interfaces, creating user-level credentials (versus administrator credentials), keeping equipment and software up-to-date , use modern VPNs (not port forwarding), restrict IPs or only allow certain IPs, register phones so it can authenticate the device with Nonce (one-time encryption key) and configure outbound NAT, and use a firewall that runs ‘Restricted Address’ or ‘Port Restricted Cone Nat.’

As a final user, it is important to restrict outgoing calls through voicemail systems, block international calls entirely if possible or implement a PIN code for international calls, use secure passwords and PIN codes, and not give your credit card number over the phone to anyone who contacts you first. Also make sure to implement software and security updates as they become available and never click on random links via SMS or email. Print and review Call Detail Reports (CDR) frequently to monitor traffic spikes and/or unknown international call costs.

If you think you may be a victim of toll fraud, contact your telecommunications provider immediately so they can take steps to protect your phone system and phone service.

This article was posted on Thursday, March 2, 2023 at 2:13pm. Both comments and pings are currently closed.