WHAT THE FRAUD?

WHAT
THE
FRAUD?
A Look at Telecommunications Fraud and Its Impacts
OUTLINE
Overview................................................................................................................3
What is Telecom Fraud������������������������������������������������������������������������������������������4
Different Types of Fraud���������������������������������������������������������������������������������������5
A Look at the Top 5������������������������������������������������������������������������������������������������6
What is a PBX������������������������������������������������������������������������������������������������������ 10
PBX Hacking – A Big Problem�������������������������������������������������������������������������������11
PBX Hacking������������������������������������������������������������������������������������������������������� 12
How is it Done............................................................................................................... 13
It Can Happen to You.................................................................................................... 14
How to Prevent............................................................................................................. 15
Summary..............................................................................................................17
Page 2
Outline
OVERVIEW
Telecommunications fraud continues to be a big problem in the industry today.
Advancements in technology have made life easier and more convenient for most
people today, but not without a price. These advancements not only bring innovation
for good, but they also bring about increasingly sophisticated practices in which
fraudsters can infiltrate a company.
Communication Service providers are faced with enough challenges from
competition, declining ARPU, lower margins and other growth-related challenges.
While paying more attention to these other areas, it can leave them vulnerable to
unsuspecting attacks.
With fraud continuing to be a big problem, fraud management has evolved from a
defensive and reactive strategy focused on prevention to a more proactive, revenue
generating and innovative approach. Goals have shifted from simply detecting fraud
to achieving higher customer satisfaction and creating new revenue streams.
In this e-book, we will not only outline the top types of fraud effecting the industry
today, but we will also recommend best practices to help fight fraud and try to
prevent it before it occurs.
Page 3
Overview
WHAT IS TELECOM FRAUD
Telecommunication fraud is defined as the theft of telecommunication services or the
use of telecommunication service to commit other forms of fraud. This type of fraud
happens on a daily basis, sometimes without anyone knowing until the damage has
already been done.
Fraud primarily occurs to a company with a weak defense system. Billing systems
and network vulnerabilities are easily exploited to gain access, when if proper
procedures were put in place, could have easily been prevented.
With new voice technologies becoming more attractive, improperly installed systems
can be infiltrated easily and put a small company out of business in mere minutes.
For example, a technology such as Voice over Internet Protocol (VoIP) uses the
Internet to make and receive phone calls, and not infrastructure owned by the
traditional telephone networks. Because of it’s affordability, some businesses try to
install their own PBX systems using an under qualified individual which can result in
security leaks and cracks that can be easily exploited.
Page 4
What is Telecom Fraud
DIFFERENT TYPES OF FRAUD
According to the Communications Fraud Control Association (CFCA) 2011 Global
Fraud Loss Survey, the CFCA estimates that Telecom Fraud costs the industry over
$40 Billion(USD) annually. This equates to almost 2% of telecom revenues that cannot
be reported on a companies income statement.
The survey also outlines the Top 5 Fraud Types as follows:
1. PBX/Voice mail systems – $4.96B
2. Subscription/Identity(ID)Theft – $4.32B
3. International Revenue Share Fraud (IRSF) – $3.84B
4. By-Pass Fraud – $2.88B
5. Credit Card Fraud – $2.40B
For more information on this survey, please visit:
www.cfca.org/fraudlosssurvey
With PBX Fraud being the most costly, we’ll dig a little deeper into the types
and issues Communications Service Providers face. But before we go into detail
pertaining to PBX Fraud, let’s take a look at some of the other types of fraud that
made the top 5 list and are top of mind for revenue assurance managers around
the world.
Page 5
Different Types of Fraud
A LOOK AT THE TOP 5
SUBSCRIPTION IDENTITY THEFT
Subscription ID Theft occurs when a subscriber uses false identification or uses
an unsuspecting victims ID to obtain service. The Internet is a virtual goldmine
of personal information that fraudsters can easily access and use to create false
identities. Once these identities are created, they can use it to obtain all kinds of
products and services.
Communication Service Providers should ensure they have a system in place capable
of detecting and combating fraud. Some service providers currently maintain their
own fraud databases. Others have begun implementing personal verification and
prepaid systems.
Page 6
A Look at the Top 5 – Subscription Identity Theft
A LOOK AT THE TOP 5
INTERNATIONAL REVENUE SHARE FRAUD
International Revenue Share Fraud (IRSF) occurs when hackers obtain Subscriber
Identity Management numbers (SIMs) from a Communication Service Providers home
network and connect them to gain international roaming status to begin placing
outgoing international calls.
The opportunity for fraudsters to exploit some countries high termination rates, or
inflate traffic into other high value numbers with the intention of sharing any revenue
generated from this activity, has been a problem for CSP’s for some years now. Many
of these opportunities are created through number aggregator websites who openly
advertise revenue share offerings to many countries, and invite visitors to their
websites to register on-line and immediately start generating revenue.
Fraudsters are constantly searching for a weak link. Service Providers should ensure
that they have sufficiently secure controls in place to prevent any outsiders from
using their network as an enabler for Revenue Share Fraud.
Page 7
A Look at the Top 5 – International Revenue Share Fraud
A LOOK AT THE TOP 5
BY-PASS FRAUD
By-Pass Fraud occurs when in-bound off-net traffic is disguised as on-net traffic
(By-Pass) to avoid high costs of terminating traffic.
Most By-Pass operations are performed on a large scale utilizing advanced SIMBoxes that can be managed from anywhere. Content Service Providers attacked
can experience significant losses in their in-bound interconnect revenues.
Service
providers should constantly monitor in-bound and on-net traffic in order to detect
any indications associated with By-Pass Fraud, such as suspected calling numbers
or suspicious call pattern tendencies.
Page 8
A Look at the Top 5 – By-Pass Fraud
A LOOK AT THE TOP 5
CREDIT CARD FRAUD
Credit Card Fraud occurs when someone uses a credit card as a fraudulent source of
funds in a transaction to obtain goods without paying or to obtain unauthorized funds
from an account.
Today, many Communications Service Providers accept credit card and e-payments
for services. A fraudster will try to make payment for those services using a third
party credit card number. When the original card holder receives their bill and notices
the charges, they’ll typically dispute the charges and refuse to pay.
Service providers should make sure safeguards are in place that limit the amount of
payment which can be made through a credit card, as well as monitor the payments
of multiple bills using the same credit card number.
Page 9
A Look at the Top 5 – Credit Card Fraud
WHAT IS A PBX?
PBX (Private Branch Exchange) systems started out as an internal company
switchboards where operators manually directed calls from one person to the next.
By the time the 80’s rolled around, manual switchboards had been thrown aside,
replaced with automatic switchboards that could route the call by itself.
Fast forward to today, where PBX technology is taking on a whole new realm, the
Internet world. Instead of routing calls through old switchboards and circuits, today’s
solutions use Internet protocol to exchange information.
This new world also enables users to work from virtually anywhere while still
experiencing the full benefit of their networks PBX features.
But, as we’ve stated previously, there’s sometimes a cost associated with
advancements in technology. For every worker able to telecommute from the beach,
you can bet there’s some hacker on that beach right next to him trying to see how
they can gain access to that same network.
Page 10
What is a PBX?
PBX HACKING
A BIG PROBLEM
PBX hacking – the act of breaking into and accessing a company’s PBX system and
selling long distance/international telephone time to third parties – remains one of
the leading types of fraud around the world. It’s also nothing new, having first been
reported in 2005. Since then, it has consistently been one of the main computer
crimes reported to Fraud investigators all over the world.
Telephone hackers can take over insecure PBX systems to make international and
long distance calls, listen to voice mail or monitor conversations.
The main economic reason fraudsters hack PBX systems is to gain access to the trunk
lines after which they begin generating as many calls as possible to international
premium rate numbers that they own off which the criminal collects 90% revenue.
Many businesses are unaware that they are responsible for all calls made from
their phone system, including any fraudulent calls. More so, victims of hacked PBX
systems are typically unaware of any unauthorized use and unwittingly allow the
hackers to “sell” the use of their telephone system to others or, far worse give the
hackers the opportunity to maliciously reprogram the system.
Page 11
PBX Hacking – A Big Problem
PBX HACKING
WHY SHOULD I CARE?
There are many issues and headaches surrounding PBX Fraud, but the main reason
Communication Service Providers and businesses in general need to realize the
importance of preventing PBX attacks is economics. With close to $5B in revenue lost
to PBX Hacking, it’s surprising that some companies still choose to not put effective
counter measures in place.
With PBX technology having been around for so long, phone hackers (also known as
phreakers) have had decades to look for potential vulnerabilities to exploit. Couple
that with the fact that there are a relatively small number of companies in the PBX
equipment arena, an attacker that takes the time to learn two or three brands of PBX
systems can have critical knowledge to attack over 70% of the possible targets.
While new data and Internet products are being touted as the next big thing, often
receiving big budgets and headcount, PBX technology is often viewed as only needing
regular maintenance to keep it running. This lack of attention and focus can enable
hackers to have a field day on unsuspecting victims.
Page 12
PBX Hacking – Why Should I Care?
HOW IS IT DONE?
Phreakers can identify target systems either by searching phone directories for
phone numbers of organizations that use a PBX, or by using a “war dialer” program on
a computer that walks through sequences of phone numbers.
Most PBXs today are software driven. When not properly configured, hackers can
gain access to the system remotely by accessing remote features intended to make
the users life easier and more efficient. Those remote features include:
Voice Mail – Some voicemail systems can be accessed remotely and programmed
to make outbound voice calls. Hackers make use of this feature to forward calls to
a “phantom” mail box that will give a dial tone, allowing them to make calls from
anywhere, on the hacked business account. Hackers can also gain access to a
mailbox to listen to messages, change greetings or delete messages entirely.
Maintenance Port – PBX administrators usually manage their PBX system via a
maintenance port, by connecting remotely into their system. By controlling this PBX
maintenance port, hackers can change the call routing configuration, passwords and
can delete or add extensions or shut down a PBX, all of which can have a negative
impact on business operations.
DISA – DISA is a feature that enables remote users to access an outside line via a
PBX with authorization codes. This is a very useful feature for employees who are
on the road a lot or who frequently make long distance calls or need to access an
international call conference after business hours. By gaining access to this, hackers
can access an outside line and make calls at the cost of the business.
Page 13
How is It Done?
IT CAN HAPPEN TO YOU
Typically, phreakers are highly skilled phone engineers that can strike anywhere at
anytime. Most attacks typically occur after normal business hours or on holidays
when intrusions are least likely to be detected.
In 2011, a quartet of hackers based in the Philippines were arrested for hacking into
AT&T and other telecommunications companies for millions, which they channeled to
their own bank accounts and to accounts associated with a terrorist organization.
Working from the Philippines during the day, these phreakers would dial numbers
of US businesses after hours to attempt to gain access to phone systems through
unused extensions on the system or other extensions with default passwords in
place. Using a “brute force” approach where they systematically worked through
phone extensions and pass codes with the aid of dialing software, the phreakers
would gain access to extensions, change their passwords and then use the hacked
extension to make outbound calls using the DISA number.
While many hackers do it for the thrill of it, these phreakers conducted phone fraud
on an epic level, turning exploited PBXs into their very own long-distance service.
They also used their access to place calls to high-rate international “premium-rate”
services – the equivalent of 900 numbers in the US, where customers are assessed
a per-minute fee on their phone bill for services. At least some of the revenue
generated from the calls was reported to be $2 million through AT&T alone.
Page 14
It Can Happen to You
HOW TO PREVENT IT
Putting secure measures in place to fully secure your system is the first step to
prevent hackers from gaining access and limit the potential damage and revenue
implications that could effect your business as a result.
The following are some recommended industry best practice guidelines that, if
followed could help reduce the risk of telephone hacking.
Knowledge and Awareness
Knowledge is power. Everyone in your organization should understand and recognize
the dangers and implications telephone hacking can have on your business. Key
Measures should be taken to:
• Educate staff on security procedures and ensure they understand the
potential ramifications
• Ensure procedures s are in place in case of any attack or red flags
• Familiarize yourself with your business’ call patterns and monitor them regularly
The more you and your employees know, the more empowered you’ll be if and when
an attack does occur.
Page 15
How to Prevent It
HOW TO PREVENT IT
GENERAL SECURITY
Security is of the utmost importance in all areas of business. Hackers are armed
with the same information you are, and typically, are one step ahead. Ensuring
that your system is secure can make the difference between a good day and
being out of business.
Passwords – they hold the key to your castle and should be impenetrable
• Restrict use of default system codes and enforce rules to ensure
passwords are secure
• Enforce password expiration dates to regulate frequent change
• Passwords should be lengthy, random and include characters, numbers
and letters
Know Your Business – attention to detail can make you proactively detect
any irregularities or issues
• Remove any inactive mailboxes or extensions
• Monitor your system frequently to easily identify irregularities and look for
suspicious activity
• Evaluate your current settings and disable any features that are not in use
Restricted Access – keep certain passwords and features under a tight leash
to ensure no issues arise
• Disable the external call forwarding feature in voice mail, unless it is
absolutely required
• Restrict access to international or long distance destinations to which your
company does not require access. Restrictions should include 1-900 calls
• Limit the DISA access number and authorization codes to only employees that
have a real need for such a feature
Page 16
How to Prevent It – General Security
SUMMARY
Telecom Fraud is a big business. It can not only put companies out of business, it can
enrich and enable criminals to inflict much more than monetary harm.
The better educated and informed you are, the better you will be protected from all
the risks. By staying on top of the current threats and security measures, you can
secure your network and ensure that your business is not taken by surprise.
Phone Hackers look for the easiest targets and tend to not focus on systems with
properly implemented security in place. As with many crimes of opportunity some
hackers may be lazy and look for an easier target once they realize they can’t
penetrate a system. Since their end goal is to find any vulnerable system that would
allow them to make international calls rather than access data, they will have no
reason to invest their time in cracking your security.
Until businesses realize the seriousness of security threats and invest the time to
make sure their telecom services are safe and secure, telecommunications fraud will
continue to be a big business that continues to put people out of business.
Page 17
Summary
INTRODUCING
NEUSTAR COMMUNICATIONS ANALYTICS
Neustar provides expert insight and analytics that allow businesses to take their
data and create valuable information assets that can be specifically used to improve
business efficiency, minimize risk and drive revenues.
Often one fraud problem is linked to other issues of fraud, revenue offer and cost
management. Content Service Providers need to be sure that all systems are in sync
and shared amongst functional groups.
Neustar’s Communications Analytics Services are a completely managed business
assurance solution that looks across your entire organization to identify problems
and implement results. Our experts can do the work for you, lightening your work load
and saving you money in the process that can pay for the solution itself in months.
PBX fraud prevention is only one part of a suite of integrated solutions offered by
Neustar. The full service suite includes: Revenue Assurance, Risk Management,
Margin Management and Sales Performance Management. All in a completely
managed service offering.
Let us help you find the right combination of solutions for your business.
Page 18
Introducing – Neustar Communications Analytics
NEUSTAR
COMMUNICATION ANALYTICS
For more information, visit us on the web at:
www.neustar.biz/carrier-services/networking-solutions/leverage-data-assets
Page 19
Neustar – Communication Analytics
V1-05/09/2013-27