Have you ever gotten a call from your bank informing you of peculiar charges or uncharacteristic actions that have recently been made to your credit card? Like many of us, maybe you’ve been victim of credit card fraud. As it’s a fairly regular occurrence, most banks have checks and measures built in to help prevent or reduce the threat of this particular kind of fraud.
What may be surprising is that there is another type of fraud that brings in at least twice as much revenue annually as fraud derived from credit card abuse. Telecom fraud brings in billions of dollars every year, and it doesn’t seem to be slowing down anytime in the near future.
While credit companies are currently entrenched in the war against credit card fraud, the telecom industry is failing to follow their lead, leaving millions of subscribers and businesses at risk.
One of the reasons telecom fraud is so profitable is the multi-faceted nature of the business. Opportunities for fraudulent behavior present themselves at a variety of levels within the telecom industry. With each opportunity, different people within and outside the industry profit.
But why is the telecom industry at such risk? The answer can be found by examining the evolution of tech in the last twenty years. With the explosion of the internet in the 1990’s as a popular way to communicate, the way we view telecommunications has changed permanently.
Since that time, as more methods, modes, and devices in we use to communicate fall under the telecom umbrella, protecting those methods, modes, and devices from fraudsters have become increasingly difficult.
We are currently riding a wave of smart technology innovation that does not appear to be slowing down anytime soon. In the last two decades, the way we communicate with each other seems to have found no limits, whether it be via email, text, chat, voip, ecommerce, social media, etc.
All of these different means of communication can be accessed via different devices, across various networks, with different protocols. Integrating and protecting all of these forms of communication is incredibly complicated and often neglected. Hence, the opportunity for fraudsters to do their work presents itself.
Moreover, the trend in telecom fraud does not seem to be slowing. The most recent wave of smart technology integration can be found in our home and personal appliances.
Manufacturers of these appliances are working hard to offer some type of intelligence in their product, whether it be smart refrigerators that can send grocery lists to the local market, smart washers and dryers that can communicate energy efficiency stats back to the manufacturer, or home mesh networks that allow you to set the thermostat, close the garage door, and lock the front door remotely.
As these manufacturers race to offer the best and brightest smart appliances for your purchasing pleasure, they may be somewhat negligent in instilling measures to keep methods of communication from those appliances safe, thus exposing you to penetration by fraudsters into the your larger telecom network.
So, what are the most common types of telecom fraud? We can look at the issue by identifying two major divisions within telecom fraud: traditional and non-traditional.
Under the large umbrella of traditional telecom fraud, a particular act can most likely be categorized under three telecom fraud subtypes depending on who is being defrauded: the telecom service providers, the subscribers, or fraud conducted via phone.
Examples of this kind of fraud are numerous. The most common are call transfer fraud, subscription fraud, internal fraud, false answer supervision, call forwarding fraud, and traffic pumping.
Call Transfer Fraud
Call transfer fraud is very popular and easy to do for fraudsters with the proper knowledge. This kind of fraud involves penetrating a PBX (Private Branch Exchange), and then commandeering the services, transferring calls onto the hacker’s own phone service to place free long distance connections. The operator of the soft switch is completely unable to bill the fraudster’s phone service, and the charges fall back onto the telephone system the PBX belongs to.
Subscription fraud is another frequently used form of telecom fraud. It’s accounts for up to 8% of annual revenue accrued through telecom abuse committed by fraudsters. First hackers obtain stolen or made up data. They use this data to acquire telecom goods and services for free essentially. Eventually they can build up identity to obtain credit cards, bank accounts, and other lines of credit.
Internal fraud involves actual telecom employees abusing their own internal positions and access to accounts. False answer supervision occurs when fraudsters make uncompleted calls look like completed calls, therefore incurring a charge. Call forwarding fraud involves fake call forwarding to phone numbers that accrue charges.
Traffic pumping involves access fees paid to local exchange carriers by long distance carriers. Access fees through rural exchange carriers are significantly higher, so some rural carriers will work to get an extraordinary amount of calls routed through them to make extra money through unnecessary charges.
Nontraditional telecom fraud involves IoT (Internet of Things) in which smart device networks are attacked and then exploited to retrieve sensitive data such as usernames/passwords, account numbers, and credit card information.
This usually begins with a DDoS (Distributed Denial of Service) attack against smart device networks attached to the internet. While the network is distracted and overwhelmed by the denial of service, fraudsters can look for sensitive information that they can use to conduct identity theft.
While the expansiveness of telecom fraud can be complicated and overwhelming, the more attention that’s paid to suring up and protecting all forms of access into telecom networks, whether it be internal or external access, will begin to close vulnerabilities that needlessly expose subscribers to fraudulent activity.
It’s up to not only the telecom service providers, smart appliance and device manufacturers, and subscribers to conduct due diligence in protecting themselves from fraud; but also the telecom community as a whole to design standards and agreements regarding how best to protect the consumer against telecom fraud.