WHAT IS TELECOM FRAUD?
In the digital age, the use of mobile networks is the most proficient than other modes of communication and global interaction. Abusing this system fraudsters can penetrate mobile systems via the customer’s network or the telecommunications service operator. Once fraudsters have gained access, they have several options to cause damage and leave the customer with an exorbitant bill. In this blog, we will learn what telecom fraud is and discuss topics related to it.
What is Telecommunications Fraud?
Telecom fraud put into simple words is any kind of activity designed to abuse telecommunications products and services to gain an advantage over telecommunications companies through deception (fraudulent practices) or strategic attacks. Telecom fraud includes landlines, mobile phones, cloud systems and on-premise PBX systems.
This sort of fraud, also known as telco fraud or telecom fraud, can also include hacking or theft of service often resulting in consumers facing unexpected charges while the operators are levied with revenue losses. Telecommunications fraud is becoming increasingly prevalent, costing a total of USD 1.8 Trillion in revenue losses while fraud expenses alone are estimated to be 2.22% of revenues or $39.89 Billion in 2021.
How Does Telecommunications Fraud Work?
Since telco networks are the largest and oldest deployed data transmission modes in the world, these network system devices account for major worldwide consumer electronics revenue, which means that fraudsters also have developed a more mature set of tools and strategies to exploit telephony to extract value.
While fraud attacks evolve quickly, telco fraud is unique since it’s often expected to occur, and the losses are absorbed by the operator’s revenue, who usually do not incorporate complex fraud management systems into their architectures.
Additionally, telecom companies also distribute their services to be resold among local networks and carriers which in turn increases the challenge of fraud mitigation.
As the technology to operate mobile networks become more widely accessible, larger telecom operators are becoming targets of second-hand fraud, making it more difficult to identify. We often see two types of fraud aimed at the provider or the customer, let’s see how they work:
- Provider Frauds: This type of fraud is aimed to infiltrate the service provider and is often the most elaborate. Hackers enter the phone network via voicemail system or improperly discarded SIM cards and use the phone system to make unauthorized calls, often to high-cost locations.
Customer Frauds: This technique affects the customers directly that use telecommunications services. This fraud strategy includes creating a concealed fraudulent system that targets customer bills, it is always invisible to the telecommunications service provider and customers until it is too late and a large bill for the customer is generated.
Types of telecom fraud
Fraud management system is necessary for is telecom service operators as revenue losses caused by frequent unauthorized network access by fraudsters are avoidable and can be detected early with a robust fraud management system.
Here is a list of a few fraud attacks that are common in the telecommunications sector.
Meaning “one and cut” in Japanese, wangiri telecom fraud is baiting a call from the customer by calling them or grabbing their attention in some other way, causing the phone to ring once, and then hanging up is the most common lure for the customer to try and call back. The customer will often reach back, unreasonably dailing an expensive premium call that the fraudsters profit from.
An SMS type of the same fraud also exists, where fraudsters send a message encouraging customers to call back pleading deceptive reasons. The characteristic red flag for this sort of telecommunications fraud is an increase in calls to high-cost numbers or caller destinations, which telcos should be able to track with their internal systems.
Smishing, also called SMS phishing, in practice involves sending repeated SMSs to acquire personal info from the customer who receives these messages.
Mass spamming strategies are a plague to customers and telcos’ since they have become masterful at avoiding detection. They’re also known to use programs to verify customer numbers, set up shops to sell the stolen data, and even work with host phishing sites and marketplaces.
A straightforward approach to monitoring signups and transactions should be sufficient to ensure smishing-free telco operations.
SIM Jacking and SIM Swapping
In this type of fraud, scammers take possession of a customer’s SMS and calling access by swapping the phone number to another that they control.
As more and more companies opt for OTP (one-time passwords) based verification systems for 2FA (2-factor verification), usually sent via text messages or phone calls, fraudsters are trying to take control of people’s phone numbers to intercept them.
This is done via an account takeover, where the fraudster contacts the telco’s customer assistance and requests to transfer their number to a new SIM, which is then controlled by the fraudster. Once the transfer is finished, scammers receive all the OTPs and SMS verifications needed to hijack customer accounts, from social media to fintech apps. Systems are already set in place by the telecom to verify the legitimacy of the user requesting a number change.
International Revenue Sharing Fraud (IRSF)
International Revenue Sharing Fraud, or IRSF scam, misuses premium calls often dialled by uninformed users causing hefting damages.
IRSF is by far the greatest fraud challenge to telecom operators, and here is how it works:
- Disguised agents sign up customers to lease a premium phone number.
- They penetrate a business’s phone systems and make calls to that number.
- The business pays $1 a minute for the cal, of which 25% goes into the fraudster’s pockets.
Businesses discover increased phone bills for calls they do not recognize once they’re billed. The calls usually occur past working hours and with the lack of regulations, it is hard to monitor this type of fraud.
Interconnect Bypass Fraud
Interconnect bypass fraud, also called SIM box fraud, impels calls to something called termination rates, this makes regular phone calls cheaper. Here is how it usually works, a customer from one operator calls a customer of another operator both operators charge the customer for making the call as well as the other customer for taking the call.
That final cost rate, where the call terminates, is the termination rate. These rates are seen to vary largely depending on the contracts between the two operators. The fraudsters divert these international calls with a SIM box or GSM gateway, hence hijacking the network to achieve cheaper termination rates. This lets fraudsters pocket the difference in costs while forcing the telecom customer to use inferior quality international calls.
PBX hacking permits fraudsters to control phone lines by manipulating unsecured phone networks.
A PBX (private branch exchange) is a private phone network that links to transnational networks. Since most PBX is IP-based, it is easy prey for hackers. They use the system resources to manipulate cheaper rates, spam calls and extracts user data, among many others.
Subscription fraud in the telecom is when fraudsters sign up for services using misappropriated IDs and pilfered credit card numbers.
Since phone contracts require KYC checks, the need for stolen identity is high for this type of fraud case, usually acquired via phishing techniques, bought on the dark web, or rented out from ID mules.
These fraudsters use subscription fraud to also pick up phone contracts of expensive phones and sell them on the second-hand market before the repo gets wind of the fake identity.
Effectively a variety of credit card fraud and deposit fraud aims at telecom operators’ online stores using swiped credit card numbers. Fraudsters purchase prepaid SIMs, and other devices (smartphones, routers, etc.) to create their residential mobile network which allows fraudsters to launch more attacks by generating and controlling IP addresses.
What is involved in Telecom Fraud Prevention and Detection?
Telecommunications fraud detection and prevention is a comprehensive term that involves any kind of strategy or process set in action to minimise fraudulent schemes conceived to take advantage of telco operators.
Most new telecommunications fraud detection and prevention efforts are based on revolutionary technology, here is what it looks like in 2022:
Fraud management systems in telecoms
With a fraud management system, CSPs can secure networks and revenue with a significant advantage. Since it functions from the organization’s data and insights, it can very effectively prevent fraud. This type of system is also able to perform real-time actions to prevent fraud such as processing data, detecting potential or actual fraud, and providing suggestions on the validating decisions to be made. With an , fraud management can be truly functional since it enables detection and prevention to be instantaneous. And since telecom fraud is crucially based on the reacting times, only quick detection and prevention can reduce the potential damage.
The other benefit of a fraud management system is that it can save telecoms revenue used to develop systematic strategies and solutions to each type of fraud variant, experts also have more time to focus on decision making rather than following up on repeated tasks of validating fraud activities or user signups.
AI/ML-based fraud management
As AI/ML intelligence-based technologies take over the industry, they are also becoming quickly relevant in modern fraud management systems. Some of the most consequential systems that are used by telcos involve machine learning algorithms.
These ML algorithms can compute and understand complex relationships between attributes, which is difficult for rule-based systems to act on. Regular training of these models allows them to differentiate from fraudster behaviour. Utilizing machine learning models means that there is a significant reduction in manual actions involving humans.
How can Telecom Fraud be Detected and Prevented by the Customer?
Telecom fraud and further security infringements can be contained and minimised by enforcing a full end-to-end strategy. Telecom providers and carriers have alert systems in place to warn them of any violations. In addition to the measures that providers take, self-evaluating and staying informed of the device’s security and services can reinforce protection and avoid fraudulent action or threats.
Be vigilant while answering unfamiliar calls
Ignore inquiries from anybody who contacts you without your permission. The simplest approach is to be vigilant about unfamiliar phone calls. It may be tempting to answer every phone call, but putting some calls on voicemail might save you time and money. Many fraudsters are also capable of forging caller IDs. It is better to ignore unknown calls rather than engage with them if there is no way to validate who the person or organisation claims to be.
If the caller persists in speaking with you about your bank account, a family member, or utilities, tell them you will contact their agency directly. Some of these imposters will frequently provide you with a phone number to contact. Do not dial this number! For business, use the standard contact method. It is safer to perform a fast Google search and look up the number yourself rather than taking the caller’s word for it. If the caller claims to be phoning on behalf of a company with which you currently conduct business, you can find their phone number on an invoice or billing statement.
Understand Your Expenses
Knowing your expenses and keeping track of how much you spend each month will help you avoid phone fraudsters. Here’s an illustration: A representative purporting to be from your utility company contacts you and informs you that you are overdue on your payments and that your electricity will be turned off unless they get immediate payment. If you have a solid knowledge of your monthly utility spending and know it is not feasible that you are behind, you will detect the caller as a hoax.
This may sound obvious, yet many individuals do not budget or keep track of how much they should be paying each month. Along with being aware of your monthly payments, keep in mind that it is uncommon for genuine firms to want cash or payment on the spot. Most creditors and utility providers will work with you to set up payment plans or give you more time to pay. If someone asks you for money right away, they are most likely not who they claim to be.
Keep Your Personal Information Safe
This one may be challenging if you are a trusting person. Never hand out sensitive information to someone you don’t know, such as your bank account, credit card, or social security number. Inquire about the caller’s identity, phone number, and how they obtained your information. Raise a red flag if the caller claims to be from your electric, water, bank, or any other institution with whom you already have an account and requests personal information. Businesses will frequently ask you to verify your identification, although the majority of your information should already be on file.
If someone calls you seeking information and claims to be from a company you currently do business with, they are most certainly not authentic. These telephonic con artists are looking for information. And once they have it (or know you are vulnerable to scams), you are more likely to be attacked by other con artists. Any information you provide to fraudsters might be used to defraud you of your money. And, never (ever!) transfer or transmit money to an unknown caller or organisation. These transactions are almost hard to trace, and once the cash leaves your account, your bank has little recourse.
Participate in the Registry
Scammers have also devised novel ways to profit from the remote work culture. Scammers acting as an employee’s manager will text or email an employee asking them to purchase gift cards, which is another popular hoax. Once acquired, the employee will send the gift card numbers to their “boss,” and before the text reads “read,” whoosh! Several hundred bucks have vanished.
Many telephony scammers will call and offer you a loan or credit card in exchange for an advance payment to open the account. Payment in advance in order to receive a loan or credit card is illegal under federal law. Another popular telecom scam involves lottery tickets. It is prohibited to sell lottery tickets over the phone or via mail. Signing up for the Do Not Call Registry to limit the multitude of telemarketing sales calls is a fantastic strategy to prevent the continual bombardment of telecom crooks. Once you are on the registry, the majority of telemarketers that phone you are most likely scammers.
Trends in Telecommunications Fraud in 2022
Telecommunications fraud is constantly evolving. However, here is a list of notable trends we observed in telecom fraud which are on the rise in 2022 :
- Fake and synthetic IDs: Fraudsters manipulate ID documents by combining information with a decoy identity to create a synthetic ID to bypass detection systems. Detection of these IDs is more formidable since parts of synthetic IDs are legitimate.
- Virtual SIM cards: Even though eSIMs – virtual SIM cards – are better protected from cloning or stealing, virtual SIMs are still prone to malware and social engineering attacks.
- Social engineering attacks: With the pandemic greatly amplifying the volume and complexity of phishing attacks, more personalized instances such as CEO fraud and spear-phishing attempts are on the rise. Be it via SMS, calls, social engineering, or even using deep fake technology, social engineering attacks are on the rise to steal and misuse secure data.
One stop solution to address all types of telecom frauds across Voice, Data and Digital Services