International Revenue Share Fraud: The newest trends

Posted on January 9, 2020

The GSMA, which is the trade body which represents the interests of mobile network operators worldwide, defines International Revenue Share Fraud (IRSF) is a form of fraud where the perpetrator artificially inflates traffic with no intention to pay for the calls. They do this by generating calls to certain portions of international number ranges.

Historically, IRSF targeted conferencing platforms and customer PBXs. They would find a way in and then make as many dial-outs to high cost revenue share numbers as they could before they got caught.
In these historical fraud scenarios either they were making money off the call or they were hired by someone to make the calls and that person or organization was making money off the calls.

How has IRSF changed?

PBXs and conference bridges are still targets of IRSF perpetrators going into 2020. However, In the past the bad actors would leverage predictive dialers or IVR systems. Now we are seeing a trend that uses IOS devices to find an open port/line and make the attempt.

The device is not the only change in the IRSF trend. We are also seeing the testing and logic rules of the fraudsters change as well. In the past they would dial sequential numbers and make as many calls as they could. Today’s IRSF fraudsters bounce around a number range and change what number they are calling every 10 or so calls to stay under the radar of alerts.

Does IRSF apply to you? 

Use Case: A collaboration supplier didn’t block IP addresses. There is no matching of IP origination with destination call out within the same call string. In this case, the platform could be leveraged for IRSF.

What is needed to mitigate the new bad behavior?

One requirement to stay ahead of the IRSF perpetrators is to inspect every SIP invite. Knowing where the IP came from and if it’s an IP range that is flagged as suspect are a couple of more things to know. Take a look at the checklist below to review some best practices for reducing IRSF.

Remember that IRSF has not gone away. The ways that fraudsters are attacking are different but IRSF is still here. Their tools and processes are more advanced than before, but they are still making money so their motivation to keep evolving their hacks is alive and well going into 2020.

Here’s a checklist of fraud prevention best practices to help reduce IRSF:

  • Inspect every SIP invite
  • Know where IP came from
  • Is IP range that is flagged as suspect
  • Where are calls attempting to go
  • Hot list/ Flagged numbers
  • Countries with known activity
  • New traffic patterns

We have updated our Privacy Policy found here. By continuing to use our website, you agree that you understand these policies.

Got it!