In 2022, The Communications Fraud Control Association reported a massive $39.89 billion in telecom related fraud occurrences. This number includes fraud to telecom providers, subscribers, and general call fraud. This post explores the types of call fraud and prevention measures to keep your business safe from criminal organizations.
International Call Fraud
International calling fraud is the most well-known type of call fraud because the end user is typically the one that has to foot the bill. Criminals will gain access to an extension’s voicemail system and use the dial-out feature to dial international numbers–thus racking up thousands of dollars very quickly. It’s important to use strong voicemail passcodes, or disable the voicemail dial-out feature completely.
Unfortunately, international call fraud is very prevalent, mostly because criminals partner with corrupt foreign countries and termination providers to share in the stolen profit. International call fraud is more prevalent in particular destinations, such as the middle east and Africa, so many carriers have started blocking calls to these countries altogether.
There are also two types of international call fraud- 011 and NANP. Dialing 011 will allow you to dial outside the USA to foreign exchanges/countries. The North American Numbering Plan (NANP) on the other hand, are areas outside of the United States, but are not considered a foreign exchange, such as the Caribbean, but are still very expensive to call and make up a significant chunk of fraud-related costs.
Domestic Call Fraud
If you’ve seen advertisements for “free” conference calling, that service is typically on “poisoned” rate centers run by criminal organizations. End users using the conference calling service do not realize they are part of a fraud scheme surrounding high-rate numbers. ‘Poisoned’ rate centers and NPA-NXX are typically located in rural areas that have high rate networks. Rates are generally lower then international calling rates, but can still generate a high amount of call fraud—$2.39 billion in 2022 alone.
Toll-free traffic pumping, also known as “number pumping” or “call pumping” is a form of call fraud which floods toll-free numbers with bogus calls–and racked up $4.54 billion in fraudulent calls in 2022 alone. Criminals involved with toll-free number pumping create fake telecom companies and bill the toll call provider for carrier fees. This attack typically targets contact centers and IVRs, the caller will try to hang out in the Auto Attendant/IVR as long as possible and release the call once an agent answers. Unfortunately, criminals gradually start their attack so the end users and providers don’t see a huge influx of toll-free calls right from the start, rather the calls increase over time. One of the best ways to catch toll-free fraud is for agents to report callers that hang up often when the phone is answered. Many fraudsters will place calls after hours, so checking your Call Detail Reports monthly is important too.
Wangiri is a Japanese word for “one and cut.” The wangiri fraud tactic places outbound calls to random numbers and hangs up after the first ring. The bad actors use numbers from high-cost destinations so when someone returns the call, the bad actors try to keep them on the phone as long as possible to rack up the costs.
Spoofing Fraud involves criminals spoofing numbers or caller IDs so the caller appears to be a legitimate business or person. Many times the spoofer will ask for money and use a sense of urgency to confuse victims. Spoofing is a massive problem in the telecom section and unfortunately, many unsuspecting individuals have fallen victim to their schemes. It’s important to report all spoofing occurrences to the FCC as they can perform tracebacks to try and determine the originator of the call. Learn more about spoofing here.
SMS Fraud is probably the easiest to detect since the text will come from a random number not listed in your contact list. Fraudsters will send a text message with a random link in hopes that you will click on it. The link could contain a virus, tracking software, or request for money. Fraudsters will typically send the text message from a number that uses the same NPA (area code) as the end user so it appears to be from a local individual. As always, do not click on random links.
How to Prevent Call Fraud
As a service or system provider, it is important to always be current on the latest fraud tactics, prevention measures, and monitoring tools. For new service providers, we recommend always using strong passwords at the hardware and software level, do not expose MAC addresses, turn off Web UI’s, create user-level credentials (vs admin credentials), keep equipment and software updated, use modern VPNs (not port forwarding), restrict IPs or only allow certain IPs, register phones so it can authenticate the device with Nonce (one-time encryption key) and sets up the outbound NAT, and use a firewall that does ‘Address Restricted,’ or ‘Port Restricted Cone Nat.’
As an end user, it is important to restrict dial out through voicemail systems, block international calling completely if you can, or implement an international calling PIN code, use secure passwords and PIN codes, and don’t provide your credit card number over the phone to someone that contacts you first. Also be sure to implement software & security updates as they become available, and never click on random links via SMS or email. Print and review Call Detail Reports (CDRs) often to monitor spikes in traffic and/or unknown international calling charges.
If you feel that you may be a victim of call fraud, contact your telecommunications provider immediately so they can take steps to secure your phone system and phone service.