11 Types of Telecommunications Fraud: How to Detect & Prevent it

11 Types of Telecommunications Fraud: How to Detect & Prevent it

Author avatar

August 6, 2021 by Tamas Kadar

Historically, telecommunications companies have been slow to deploy RiskOps departments. Losses were either absorbed or passed on to the repo business. 

But telecom operators are increasingly inclined to meet their unique fraud challenges head-on.

Let’s examine them in detail here and let’s see what kind of tools can help.

What is Telecommunications Fraud?

Telecommunications fraud, also known as Telco fraud, or Telecom fraud, includes any kind of activity designed to abuse and gain an advantage over telecom companies by using deception (fraudulent practices). This includes IRSF fraud (International Revenue Sharing Fraud), where fraudsters abuse premium phone rates, and Interconnect Bypass fraud, a form of arbitrage between operators’ call rates.

How does Telecommunications Fraud Work?

Because telephony is the largest and oldest deployed network in the world, accounting for 48% of the worldwide consumer electronics revenue, fraudsters have long developed tools and practices to exploit it to extract value.

And while fraud attacks usually evolve quickly over time as companies squash them, Telco fraud is unique as it’s often taken as a given. Its costs are absorbed by telecom companies, who would rather not embark on integrating complex risk management systems into their architectures.

Adding to the challenge is the fact that telecom companies also break down their services to resell them to local networks and carriers (a £4B industry in the UK alone).

As the technology to run your own mobile network becomes more widely available, for instance, large telecom operators may become targets of fraud indirectly, making it harder to identify.

11 Types of telecommunications Fraud

Let’s now look at the most common types of attacks telco fraud operators should know about.

1. International Revenue Sharing Fraud (IRSF)

International Revenue Sharing Fraud, or IRSF fraud, takes advantage of premium phone rates, which are then dialed unwittingly by users.

It is by far the biggest fraud challenge for telecom operators, costing the industry an estimated $4 to $6.1B a year. This is how it works:

  1. Bad agents sign up to lease a premium phone number.
  2. They break into a business’s phone systems and make calls to that number.
  3. The business pays as much as $1 a minute, 25% of which goes into the fraudster’s pockets.

Businesses may suddenly find themselves with astronomical phone bills for calls they do not recognize. The calls often happen outside of working hours and businesses only realize they’ve been made when it’s time to foot the bill.

It doesn’t help that regulation is lacking. Unlike with card payments, where the chargeback process can protect the person whose credit card was stolen, there is no such thing in the telephony world. 

2. Interconnect Bypass Fraud

Interconnect bypass fraud, also known as SIM box fraud, takes advantage of something called a termination rate to make cheaper phone calls. It is estimated to cost telecom operators $2.7B in lost revenue per year.

To understand it, let’s look at a scenario with two operators in different countries.

  • A customer of Operator A calls a customer of Operator B. 
  • Operator A charges their customer a fee per minute. 
  • Operator B charges Operator A a fee for providing the call to its customer.

That last charge, where the call terminates is the termination rate. The issue? These rates vary wildly depending on the contracts between the two operators. Some of them are expensive, others are close to 0. 

This is where telco fraud experts come in. They use SIM cards from a local carrier and reroute international calls using a SIM box or GSM gateway. They are essentially making long-distance calls much cheaper for the callers and taking money out of the pockets of telco operators.

This also impacts customer satisfaction. More often than not, the quality of these calls will be inferior to standard international calls. 

3. Telecom Arbitrage Fraud

Arbitrage is the general practice of capitalizing on price differences. In the telco world, these differences appear in the long-distance rates between countries.

Just like with International Bypass fraud, it can lower the international cost for customers, but also open the door to fraudulent companies who insert themselves between operators. They claim to connect directly from country A to B, whereas, in fact, they go through a cheaper rate country to connect the call.

4. PBX Hacking

PBX Hacking allows fraudsters to take control of phone lines by exploiting unsecured phone networks.

A PBX or Private Branch Exchange is a private phone network that connects to external networks. It’s what allows companies to share lines and to reduce the number of numbers needed in an office, for instance. 

Because a lot of these PBX are IP-based, they can be an easy target for hackers. They will log into the system and use it to their advantage, for instance for the IRSF fraud mentioned above. This is a cybersecurity and IT issue that can be avoided with better internal controls and password security.

5. Traffic Pumping

Traffic pumping, also known as access stimulation, is a practice where unscrupulous local exchanges cook the numbers of calls to their networks to benefit from compensation fees set up by the U.S. FCC.

Under the Telecommunications Act of 1996, big telcos such as Sprint, Verizon, and AT&T have to pay fees to rural carriers. These carriers do everything in their power to boost the number of calls to get larger payouts.

6. Deposit Fraud

Deposit fraud targets telecom operators’ online stores using stolen credit card numbers. Fraudsters usually purchase prepaid SIMs, but the same technique applies to devices (smartphones, routers, etc..).

The problem, of course, is that telecom online stores are responsible for refunding the fees in the form of chargebacks. You could, of course, rely on your payment processor to reduce these rates or deploy chargeback-guarantee fraud prevention tools. This does make your company vulnerable to high rates of false positives when legitimate customers are blocked. 

There’s also a growing threat in the form of 4G proxy networks, a practice that’s been booming in recent years, both for legitimate business and residential use cases. 

Unfortunately, fraudsters also purchase SIM cards and USB dongles en masse to create their own residential-mobile network. While services like Proxidize claim to cut costs and offer higher speeds, they also allow fraudsters to launch more attacks by generating and controlling IP addresses. 

7. Subscription Fraud

Subscription fraud in the telephony world sees criminals sign up for contracts using stolen IDs and stolen credit card numbers.

Phone contracts are harder for fraudsters to purchase than items because they involve a form of KYC check (Know Your Customer). That is to say, you need to verify the user’s identity before they can subscribe. Fraudsters love high-end smartphones they can acquire through contracts. It’s a simple case of submitting fake IDs, jailbreaking the device, and reselling it on second-hand markets. By the time the repo company comes, it realizes the person does not exist.

So how do they pass the KYC checks? That’s barely an inconvenience for identity fraud experts. They have a large pool of stolen identities to choose from, either acquired via phishing techniques, bought on the dark web, or rented out from ID mules. 

It should be noted that in-store purchases tend to have a higher risk rate than shipping. While fraudsters have plenty of options for acquiring address drops (where they receive items not tied to their real identities), it’s much easier for them to walk in and pick up the devices in person.

8. Account Takeover

Telecom companies who offer online user accounts can be victims of ATO attacks (account takeover), where fraudsters find the login and password details of other users, and sign in in their place.

If your online store lets users create accounts, chances are fraudsters are ready to steal them – regardless of what you sell. It is expensive for users, as Javelin estimates it costs them $263 to recover the account, not to mention how it can damage your business reputation.

The point is that you need to have systems in place to authenticate user logins to ensure you are indeed allowing the right people into your store. 

Read this ebook for more information on account takeover attacks and how to prevent them.

9. Smishing / SMS Phishing

Smishing, also known as SMS Phishing, is the practice of sending mass SMS in order to obtain personal information from the person who receives the messages.

Mass spam campaigns are the bane of customers and telco’s existence. This is why SMS phishing rings have become adept at avoiding detection. They’ve been known to use software to confirm the numbers they target are mobiles and not landlines (so telcos don’t notice red flags), create auto-shops to resell the stolen details, and even provide their own hosting services to host phishing sites and marketplaces. 

The point is that the volume of SMS-based phishing attacks skyrocketed by more than 328% in 2020 and that while telco operators don’t always take the fall for it, they should feel uncomfortable knowing that their companies are accidentally complicit in the practice. A simple system for monitoring signups and transactions coming from the B2B service should be enough to ensure your telco company isn’t helping a smishing business.  

10. Wangiri Fraud

From the Japanese meaning “one and cut”, Wangiri telecommunications fraud involves striking curiosity in customers by calling them, letting the phone ring once, and hanging up. The customer will ring back, unwillingly calling an expensive premium number that the fraudsters control. 

An SMS variant also exists, where fraudsters send a message prompting customers to call back a certain number. The typical red flags for this kind of telecommunications fraud are spikes in traffic to high-cost destinations, which telcos should be able to monitor with their internal systems.

The key here is to know that, as a business, you should keep an eye on which numbers are automatically dialled. This isn’t only for telcos, by the way, any company where phone calls are an important part of finding leads or customer service could do well to deploy a simple reverse phone lookup tool to protect themselves. 

11. SIM Jacking / SIM Swapping

SIM Jacking, a.k.a SIM Swapping, sees fraudsters take control of a person’s SMS and phone calls by switching a phone number to another they are in control of.

As more and more online services use OTP (one-time passwords) and 2FA (2 Factor Verification) going through SMS and phone calls, fraudsters are attempting to take control of people’s phone numbers.

The way they do it is via a form of account takeover called SIM Jacking or SIM Swapping (which you can read more about in our fraud trends 2021 post) They contact the telco’s customer service and ask to transfer their number to a new SIM, which they control. When the procedure is complete, they can receive all the OTPs and SMS verifications needed to hijack customer accounts, from social media to banking.

Telco operators have become much better at mitigating this kind of risk in the last few years, simply by deploying their own 2FA or MFA multi-factor authentication) systems to confirm if the user legitimately requested a number change.

What is Telecommunications Fraud Detection and Prevention?

Telecommunications fraud detection and prevention is a broad term that covers any kind of technique or strategy put in place to reduce criminal actions designed to take advantage of telco operators.

Telecommunications fraud detection and prevention should target three key areas:

  • Vetting and filtering out bad resellers
  • Protecting business revenue
  • Ensuring users and customers are really who they say they are

It is with the third area that SEON can help, thanks in part to technology such as data enrichment, device fingerprinting, and machine-learning suggestions.

What to Look out for in Telecommunications Fraud in 2021 & Beyond?

Telecommunications fraud is always evolving. However, we have witnessed a rise in key attack vectors, including:

  • Fake and synthetic IDs: fraudsters have access to an increasingly wide range of options to source ID documents, either via phishing or Rent-an-ID service. This makes detection a lot more challenging, because parts of the IDs are legitimate.
  • Virtual SIM cards: while eSIMs, or virtual SIM cards are more secure by being less easy to clone or steal, virtual SIMs are noneteheless prone to malware and social engineering attacks. You can read more about virtual SIM card detection here.
  • Social engineering attacks: the pandemic has greatly amplified the frequency and sophistication of phishing attacks, either via SMS, calls, social engineering, or even using deepfake technology.

Solutions for Telecommunications Fraud

Fraudsters are adept at evading identification. They will use stolen IDs and card numbers and deploy every possible tactic possible to hide their real-life identities. This is true whether your telecommunications business is dealing with an online store customer or a local carrier. 

With SEON, you can learn as much as possible about who you’re dealing with – with as little friction as possible.

In the context of telecommunications fraud prevention that means deploying frictionless, invisible, and efficient tools to aggregate info without disturbing the customer experience of your telco business customers.

The results? Smoother business operations, and reduced rates of account takeover, transaction fraud, and ID fraud – all thanks to a powerful machine-learning driven engine and full risk management control.

Try a Fraud Product Demo

FAQ (Frequently Asked Questions) About Telecommunications Fraud

What are the major categories of telecommunication fraud?

The most costly fraud attacks for telecommunication companies include IRSF (International Revenue Share Fraud), Bypass Fraud and Traffic Pumping.

How is telecommunications fraud detected?

Fraudulent attacks such as account takeover, transaction fraud and subscription fraud targeting telecommunications operators can be detected with data enrichment. It allows companies to learn more about users in order to accept or decline their actions, such as a payment or login.

You might also be interested in reading about:

Learn more about:

Data Enrichment | Browser Fingerprinting | Device Fingerprinting | Fraud Detection API | Machine Learning Fraud

Sources used for this article:

  • Telephony Report 2020:  Telephony segment accounts for 48% of the worldwide Consumer Electronics’ revenue.
  • IBISWorld: Telecommunications resellers in the UK industry statistics
  • ZDNet: Estimated IRSF damages range between $4 billion and $6.1 billion.
  • Javelin: every victim of an account takeover attack ends up paying roughly $263 out of their own pocket
  • Proofpoint: SMS-based phishing attacks skyrocketed by more than 328% in 2020
  • Infosys BPM Podcast: Emerging Telecom Fraud Trends

Share article

See a live demo of our product

Click here

Author avatar
Tamas Kadar

Tamas is the founder and CEO of SEON and an expert in all the technological aspects of fraud prevention.

Sign up to our newsletter