menu-close
search-icon
banner

All posts by Vijay Amirthraj

Account Takeover – Fraudster Intelligence

Account takeover fraud is one of the most common fraud types across the world. Fraudsters use the various methods to takeover an existing open account within the mobile operator or the banking instrument. The commonly used method of committing this type of fraud is vishing or smishing. As per CFCA fraud survey, account takeover accounted for an estimated fraud loss of 1.7 Billion US Dollars in the year 2017.

In all these scenarios, the primary goals of the fraudster are to gain access to the account and (by-) pass the validation steps. In many situations, such validation may only require low-level knowledge-based authentication, so basic information obtained by the fraudster is used to validate and by-pass controls in place and to takeover the targeted account.

I was investigating an Account takeover fraud case for one of the leading telecom operator in the APAC region wherein the fraudster used a different type of methods to commit this fraud. Many customers lost millions of dollars from their bank accounts without the knowledge after their account was taken over by the fraudster. On investigation, we identified that the fraudster’s primary motive was to takeover both mobile and banking account and then initiate multiple fraud transactions. He used Social Engineering, CLI spoofing, Spoofed website & Malware to commit the fraud.

The Fraudster sequentially executed his schemes. He targeted only the high-profile subscribers in a region. He acquired all the information of the subscribers using social engineering methodology and called up the subscribers pretending to be a Bank executive and Mobile operator security officer. He asked the subscribers to download a malware-infested application from a spoofed website, following which he gained remote access to their mobile phones.

The malware would read the SMS’s & call logs from the subscriber’s mobile and forward the details to fraudulent server. It also deleted the SMS & call logs from the mobile handset before the subscriber knew the same. The intention behind the reading of the SMS & Call log is to Bypass the second level authentication for completing the banking transactions. With this method in place, he was able the execute multiple transactions without the knowledge of the subscribers.

Impact to Telcos?

When subscribers approached law enforcement agency, the Law penalized both Telco and the bank and recovered from them, the amount lost by the subscriber. The Law took this action to protect the interest of the customers and secondly it was negligence from the service provider that led to the revenue losses of the subscribers.

Telecom & banking service need to protect the subscribers from such fraud attacks by providing awareness to subscribers. Fraud management systems need have intelligence built into them to detect the fraud attack and control damages at an early stage.

Dealing with Bypass Fraud : Think beyond the boundaries

Amid the fierce competition facing the telecom industry, sometimes we listen to stories how lack of forethought of one Telco brings on illegal traffic on the network, leading to aggressive open wars and blame games among the operators affected by the fraud. The Telecom Regulatory Authority could intervene in such scenarios and encourage a competitor to block suspicious outgoing traffic if it finds out that not enough care is being taken to avert the fraud.

Interconnect Bypass fraud is one such telecom scam costing the industry several billion dollars every year. It brings collateral damage to the networks involved, and the impact will be huge. The Telco could be imposed hefty penalty for its failure to detect and resolve the issue on time. Further, it could bring serious business implications for all participating telcos. In the process of rampant blocking of suspicious traffic, sometimes traffic of genuine customers could get blocked, leading to customer dissonance and dissatisfaction along with loss of other business opportunities.

Here’s an example of a West African Telco who suffered massively due to Bypass fraud.

Why did this happen?

The West African telecom operator had been massively impacted by off-net Bypass fraud where the network of the operator was being misused to land fraudulent calls on the competitor’s network. Over time, the problem became so grave that the Regulatory Authority of the country had to step in and take charge of things. This eventually ended with the competitors blocking both fraudulent and genuine traffic from the Telco affected by the interconnection fraud.

Investigations conducted confirmed that the huge differences between the International termination rates and local termination rates made the environment suitable for fraudsters to run their schemes. There aren’t enough KYC controls in the country to facilitate certain onboarding checks which distinguish a genuine customer from a fraudulent one.

Impact on business

There were multiple warnings and memos issued to the operator from the Regulator, indicating that the operator would have to face penalties if amendments are not made in time.

Customers flooded the operator with complaints saying that their off-net calls were being barred without prior notice and for no fault of theirs and threatened that they would eventually churn out of the network if their services weren’t restored.

The atmosphere grew so tense that instead of cooperating, the operators became more aggressive and indulged in a rat-race in trying to prove a point to the Regulator as to how better and efficient they were from the rivals in terms of detecting Bypass fraud cases.

The solution

With the understanding that Bypass scams are rampant, Telcos need to direct their efforts towards building knowledge-sharing forums where they can share insights on fraudster behavior and geographical locations from where most of the fraudulent calls are generated and what kind of products tend to get misused by these fraudsters to nip things in the bud.

Telcos should understand that indulging in rat race or blaming each other will not help solve issues arising from such frauds; rather they should adopt a proactive approach to identify and prevent such scenarios in future. Instead of the Regulatory authority dictating terms to the operators, the operators must drive the authority to create nationalized framework for user identity governance.

Get Started with Subex