What exactly is telco fraud?
To begin, let us define the concept of telco fraud:
Telecommunications fraud includes any kind of activity designed to abuse and gain an advantage over telecommunications companies using deception (fraudulent practices). Based on this definition, we can classify around 10 types of traditional fraud, that dominate today’s telco market, posing challenges for carriers of all sizes. However, further new ones are on the rise.
What types of telco fraud are there? Which types should we be most concerned about?
1. International Revenue Sharing Fraud (IRSF)
The first and unfortunately most predominant form of fraud is IRSF. Having summed up to $7 billion in losses in 2021, alone, IRSF takes advantage of expensive destinations or even premium rates, that are then dialled at customer’s expense without his knowledge, generating revenues for fraudsters. This fraud accrues in many forms of traffic generation on one side and traffic high jacking on the other. Causing increased expenditures for customers and enormous profits for the fraudsters. There are several methods to exploit the higher call rates of carriers; which, however, all boil down to a few simple steps:
- Break into a third party’s phone systems (hacking, extortion, exploit…)
- Generate artificial traffic to a specific destination (at customer's expense)
- Make a deal with the owner of the terminating party (revenue share), or
- High jack the originating traffic in the transit (zero cost).
- Charge for the termination of the generated traffic.
2. Wangiri
WANGIRI CALLS-
Wangiri fraud involves calling a customer once, allowing the phone to ring briefly and then hanging up. As the name, which means ‘once and cut’ in Japanese, suggests, this one ring and cut awakes interest in the customer, incentivizing them to call back then number. Often, these numbers are expensive premium numbers that the fraudsters run, to generate the absolute maximum revenues per wangiri call-back.
This form of fraud is greatly growing, and already accounts for the second largest revenue losses, of around $2.2 billion annually. It is specifically detectable when spikes in traffic to high-cost lines occur, although it is getting increasingly more challenging to note these spikes, due to its increase in variety and complexity. However, modern Anti-fraud solutions are the best answer to prevent this form of fraud; which is discussed further in this article: Wangiri Fraud and Flash Calls
WANGIRI SMS-
Wangiri fraud also occurs via SMS, in which fraudsters prompt a compelling message, incentivising users to call or reply to a given premium number. While less typical, this form of fraud generation has also accredited a great share of losses for operators worldwide, which can be minimised greatly through solutions like Sinapsio.
3. Interconnect Bypass Fraud
The next, also advantage-taking, form of fraud is Interconnect Bypass fraud also known as SIM Box Fraud. Especially vulnerable are MNOs with low-cost local retail tariffs and expensive international termination rates. This method takes advantage of the cheap local tariffs to terminate expensive international calls, by the usage of the so-called SIM-Boxes.
This technology was originally intended to decease the price of phone calls but has ultimately caused the industry a loss of around $3 billion, in 2021, due to SIM Box Fraud.
By rerouting calls to a SIM Box, fraudsters are able to avoid the higher termination rates but still charge the high prices. Thereby, fraudsters harvesting a large part of the margin, while often ruining the quality of these international calls (false CLI (caller ID), lower voice quality, longer PDD etc.). Thus, this form of fraud often decreases customer satisfaction and brand image or loyalty, making a key fraud type to invest in preventing.
4. CLI manipulation
CLI manipulation, also known as Caller ID spoofing, is a prevalent form of telco fraud. It involves scammers falsifying the information transmitted to a victim’s caller ID, to disguise their identity. This deceit makes it seem as if the incoming call is from a local number or a trusted member, enabling scammers to use scripts to steal personal information without the victim’s knowledge.
This fraud method has escalated, particularly in the European Union, following the introduction of origin-based surcharges. This motivates fraudsters to enter this window and commit fraud.
Traditional fraud protection systems have struggled to effectively tackle CLI spoofing, as they are typically reactive, relying on post-event sampling and analysis, allowing some fraudulent calls to slip through. To counteract CLI spoofing, we must implement technologies like those at Sinapsio.
Our innovative approach involves a community of operators using a common validation process for every call, effectively rendering networks “spoof-proof.” When a call is made, the originating operator sends a verification request to the terminating operator. If the call is not verified as legitimate by both operators, it is automatically identified as fraudulent in real-time and either blocked or flagged. This method benefits operators by avoiding unverifiable traffic and protects customers from nuisance and privacy violations.
5. Pumping Traffic
Traffic pumping involves increasing local exchanges in domestic networks, to profit from compensation fees that are set by governmental agencies.
Given certain international laws, big telcos often have to pay special fees to local providers; ultimately meaning that increased numbers of calls result in increased payouts to local providers. While this form of fraud is greatly specific to national and international regulations, certain anti-fraud solutions are able to monitor and recognize these pumped traffic rates.
6. Subscription Fraud
Subscription fraud in the telecommunication sector involves criminals using stolen identities and credit card information to sign up for phone contracts. While these contracts usually require Know Your Customer (KYC) verification, fraudsters easily circumvent this using fake IDs. They particularly target high-end smartphones, which they jailbreak and sell in second-hand markets. By the time the repossession company arrives, they discover that the contract holder doesn’t exist. The pace of fraudsters has notably increased, making the ‘game of catch’, next to impossible without autonomous antifraud software. Fraudsters typically obtain stolen identities through phishing, dark web purchases, or by renting them from ID mules. Interestingly, in-store purchases present a higher risk than shipments, as fraudsters can easily walk in and pick up devices in person. Here, carriers must set financial limits to limit mitigate the damage. Once again, although simple, this idea can come with complicated implications.
7. SMS ATP - AGT (Artificially Generated Traffic)
SMS A2P AGT, or Artificially Generated Traffic, refers to the mass production and dissemination of SMS messages via automated systems. This practice, especially prevalent in Application 2 Person (A2P) messaging, poses several risks. Companies can find themselves inadvertently involved in disputes over such traffic, risking substantial financial losses in high-value disagreements.
The competitiveness of the SMS market further exacerbates this issue, as it creates a breeding ground for potential manipulation of message traffic. Often, this form of fraud is dominated by major industry players, making it a challenging landscape for smaller companies to ensure that it does not pass through their system.
To safeguard against these risks, it is crucial for businesses to thoroughly review and align the terms in their customer and vendor contracts. Regular monitoring of message traffic, employing advanced SMS fraud prevention systems to identify and potentially block anomalies, is essential. This can be done easily, using autonomous learning models; as we offer at Sinapsio.
We believe companies must adopt a proactive stance in their approach to these challenges, focusing on prevention rather than reaction and we warn that companies must be wary of the pitfalls of greed in such a high-stakes environment.
8. Phishing & Smishing
As discussed in subscription fraud, fraudsters often use phishing to steal user identities. SMS phishing in particular is done by mass sending SMSs prompting the delivery of personal information. The campaigns are major risks to telcos as well as customers, especially in rise of software that allow fraudsters to go undetected. Today, fraudsters are capable to specify their mass messaging only to mobile numbers whom they can specifically identify, they can create auto-shops to market their stolen information and have even developed their own hosting sites and marketplaces. Regardless, in most regulatory systems of today, MNOs are not allowed to read SMS content without court orders, making it hard to effectively scan and monitor phishing. To truly find the risk, MNOs would have to read the content of the messages, to truly be able to find patterns and irregularities.
This form of fraud is considered social engineering, which has seen a major rise since the start of the COVD-19 pandemic. Since smishing and phishing have almost tripled, telcos have seen a major decline in customer trust and safety and have chosen to invest increasingly more in anti-fraud solutions, to keep this risk in limits.
Solutions: limit each number and how many calls it can do, and how much u can spend
9. Telco Arbitrage
Arbitrage, or the method of capitalising on the differences in market prices, involves manipulating long-distance rates between nations. Similarly to bypass fraud, this method involves lowering the cost for international calls, by going through cheaper–rate nations, instead of the supposed direct connection from calling to receiving network. This also often includes decreased call quality and can thus cause lower customer satisfaction for operators.
What will the future landscape of fraud look like? Should we be more scared?
Several innovations have changed the market for telco operators but have also broadened the playing field for fraudsters. Current market trends are shaped by the rise of virtual or e-SIM cards, an increase in A2P authentication messaging and calls, the rise of synthetic IDs, and the increased use and advancement of AI. In brief:
- Virtual SIM Cards (eSIM): are harder to lose or get stolen, but more prone to social engineering attacks than regular SIM cards. As this is a new product, eSIMs have posed additional risks and uncertainties in the market due to their low degree of boundaries.
- A2P Authentication Messaging and Calls: are deployed at increasing rates, prompting the increase in social engineering attacks and smishing.
- Synthetic / Fake IDs: Fraudsters are using a variety of methods to acquire fake or synthetic IDs, including phishing. Detecting synthetic ID fraud has become more challenging because these IDs often contain some legitimate components but is becoming increasingly more feasible using detective AI.
- AI-generated Telco Fraud: In 2023, while artificial intelligence and machine learning continue to play a crucial role in fraud detection, researchers have raised concerns about these technologies aiding fraudsters. We have discussed this increase previous articles here. Here, we see an ever increase in speed both in terms of the expansion of fraud and in the variation and pace of change. This is largely due to the abilities of AI to make complex models that are adaptive to antifraud technologies.
- Fake A-Numbers and the Power of Voice Deepfakes: With the power of AI voice deep faking and the simplicity of using Fake-A numbers, fraudsters can create reality-like schemes to customers, thereby posing a major risk.
In conclusions, we must not be scared, we must be prepared. The key is to be adaptable and willing to change our strategies and tactics to stay ahead of fraudsters who are continuously evolving their methods.
What do other industry professionals think?
According to the GLF Fraud Report, 61% of carriers say that the importance of anti-fraud and fraud management has increased in 2023. The report directly quotes ‘if we don’t do enough to prevent fraud, we {the carrier community} will disappear. No one will place a call or send an SMS because the trust won’t be there, and the customers will switch to some other ways of communication’.
In fact, this is the third year in which more than ⅔ of the global operators are increasing their investments in anti-fraud, but unfortunately not all investments are efficient to the modern levels and types of fraud.
How Can Sinapsio prevent Fraud?
Facing complex challenges, operators must use comprehensive and preventative antifraud solutions. Sinapsio offers autonomous and all-encompassing solutions. And better yet, we offer free trials of our products.
Contact Us and Arrange a Free
In depth traffic inspection and analysis
You will get a clear insight about the fraudulent activity in your voice and sms services.
Trial Period
Explore how simply it is to gain a full control
