Each November, we’re reminded of the global efforts to protect against telecom fraud during International Fraud Awareness Week. As a refresher, telecom fraud includes any activity designed to abuse and gain an advantage over telecom companies, businesses and individuals by using deceptive or fraudulent practices. It is important to revisit the topic of telecom fraud and continue raising awareness around ways to fight fraudsters. Outlined below are five common types of telecom fraud.
Five Common Types of Telecom Fraud
1. PBX Hacking
PBX systems are a relatively easy way for hackers to break into telecom networks and wreak havoc. When a fraudster breaches a PBX business phone, they can significantly inflate traffic levels, which has negative financial impacts on the system owner. A common reason PBX hacking occurs so often is because of weak passwords. That’s why modern PBX systems offer fraud prevention mechanisms such as voice recognition technology and regular password update requirements.
2. Interconnect Bypass
Interconnect bypass fraud exploits termination rates to make a profit. For reference, a termination rate is the cost charged by a telecom operator for completing outgoing calls on its network. Termination rates can vary tremendously due to minimal government regulation. High termination costs create an opportunity for bad actors to abuse traffic routes for their own financial gain. In interconnect bypass schemes, fraudsters will reroute incoming traffic via a SIM box (a device containing several SIM cards). They will pass traffic to another fraudster via a cheaper channel (i.e. disguising it as on-network traffic). The bad actors essentially make long-distance calls much cheaper for the callers and take money out of the pockets of telco operators.
3. Message Phishing
Another common fraud is SMS phishing, which occurs when bad actors send mass SMS messages to steal personal information from the person who receives the messages. SMS phishing rings often target mobile phones and gather personal information (i.e., social security numbers, credit card numbers, etc.) that they then use to their advantage or sell to other fraudsters for a profit.
4. Number Hijacking
Number hijacking is when a caller doesn’t get connected to the other party. Instead, the number hijacker or fraudulent operator uses various techniques to keep the customer waiting for the connection for as long as possible. They might play ringback tones, on-hold jingles or fake interactive voice response sounds to keep the caller active for as long as possible and hike up the bill.
5. International Revenue Sharing Fraud (IRSF)
IRSF takes advantage of premium phone rates, often international call paths. Fraud agents will sign up to lease a premium phone number, break into a business’ phone system and make calls to that number. The company gets hit with the financial burden of an astronomical phone bill for calls they don’t recognize. To make matters worse, these calls often happen outside of working hours, which helps this fraud go undetected until it’s time to pay the bill.
Telecom Fraud Prevention Tips
Once decision makers know what type of fraud to look out for, they are better equipped to prevent bad actors from breaching their telecom systems. The first step to mitigating damages from telecom fraud is detection. Voice fraud detection apps are beneficial for phone calls and automatically monitor phone number databases and create “blacklist” callers and irregular calling activities. Then, when a call matches the blocked criteria, the app detects and flags the activity.
In addition to monitoring telecom systems for anomalous or suspicious activity, businesses can implement a few best practices to prevent telecom fraud:
- Always change the default passwords for voicemail boxes and ensure they’re complex and unique.
- Change PINs and passwords on a regular basis.
- Regularly update all software systems.
- Implement access control measures.
- Check your voicemail greeting periodically to ensure that it is indeed yours.
- Disable auto-attendant, call-forwarding, remote notifications and out-paging features if you don’t use them.
How Flowroute Prioritizes Security
Flowroute is the first pure SIP trunking provider certified by the FCC as a competitive local exchange carrier (CLEC) in the U.S. As such, we can equip developers and businesses alike with direct control over telephony resources, including phone numbers, inbound and outbound calling, messaging and fraud controls.
Our easy-to-use fraud prevention features streamline security for customers and partners. Features include:
- A maximum default rate for outbound calls: Customers can set up a maximum outbound rate that will block any call to a destination that exceeds what the company sets as its predefined rate.
- Destination whitelist: A destination whitelist is a list of countries that the company will always be able to call, regardless of if a maximum outbound rate has been set up. To further secure the account, users can also create a strict destination safelist. With this option, users can only call countries in the approved list, regardless of whether or not IT teams have set a maximum outbound rate or any outbound call rate charge.
- IP-based authentication for outbound calls: This feature allows customers to tailor security settings. Specifically, IT teams can ensure that only authorized individuals within the company’s network can place calls.
Not only do we provide our customers with the ability to secure their businesses from fraudulent attacks and scams, but we also monitor the IP network for unusual traffic patterns. If our team detects something out of the ordinary, we automatically disable accounts to reduce the financial impact of fraudulent calls. After helping the business resolve potential vulnerabilities, we bring their communications services back online and re-enable the affected accounts.
Combating telecom fraud is not always easy. Fraudsters continually evolve their tactics. However, by applying the right prevention and detection techniques, businesses can minimize the occurrence and impact of fraud across communications.