Whitepaper: What the Fraud? A Look at Telecommunications Fraud and Its Impacts


Telecommunications fraud continues to be a big problem in the industry today. Advancements in technology have made life easier and more convenient for most people today, but not without a price. These advancements not only bring innovation for good, but they also bring about increasingly sophisticated practices in which fraudsters can infiltrate a company.

Communication Service Providers are faced with enough challenges from competition, declining ARPU, lower margins and other growth-related challenges. While paying more attention to these other areas, it can leave them vulnerable to unsuspecting attacks.

With fraud continuing to be a big problem, fraud management has evolved from a defensive and reactive strategy focused on prevention to a more proactive, revenue generating and innovative approach. Goals have shifted from simply detecting fraud to achieving higher customer satisfaction and creating new revenue streams.

In this e-book, we will not only outline the top types of fraud effecting the industry today, but we will also recommend best practices to help fight fraud and try to prevent it before it occurs.

What is Telecom Fraud

Telecommunication fraud is defined as the theft of telecommunication services or the use of telecommunication service to commit other forms of fraud. This type of fraud happens on a daily basis, sometimes without anyone knowing until the damage has already been done.

Fraud primarily occurs to a company with a weak defense system. Billing systems and network vulnerabilities are easily exploited to gain access, when if proper procedures were put in place, could have easily been prevented.

With new voice technologies becoming more attractive, improperly installed systems can be infiltrated easily and put a small company out of business in mere minutes.

For example, a technology such as Voice over Internet Protocol (VoIP) uses the Internet to make and receive phone calls, and not infrastructure owned by the traditional telephone networks. Because of it’s affordability, some businesses try to install their own PBX systems using an under qualified individual which can result in security leaks and cracks that can be easily exploited.

Different Types of Fraud

According to the Communications Fraud Control Association (CFCA) 2011 Global Fraud Loss Survey, the CFCA estimates that Telecom Fraud costs the industry over $40 Billion(USD) annually. This equates to almost 2% of telecom revenues that cannot be reported on a companies income statement.

The survey also outlines the Top 5 Fraud Types as follows:

  1. PBX/Voice mail systems – $4.96B
  2. Subscription/Identity(ID)Theft – $4.32B
  3. International Revenue Share Fraud (IRSF) – $3.84B
  4. By-Pass Fraud – $2.88B
  5. Credit Card Fraud – $2.40B

For more information on this survey, please visit: www.cfca.org/fraudlosssurvey

With PBX Fraud being the most costly, we’ll dig a little deeper into the types and issues Communications Service Providers face. But before we go into detail pertaining to PBX Fraud, let’s take a look at some of the other types of fraud that made the top 5 list and are top of mind for revenue assurance managers around the world.

A Look at the Top 4

Subscription Identity Theft

Subscription ID Theft occurs when a subscriber uses false identification or uses an unsuspecting victims ID to obtain service. The Internet is a virtual goldmine of personal information that fraudsters can easily access and use to create false identities. Once these identities are created, they can use it to obtain all kinds of products and services.

Communication Service Providers should ensure they have a system in place capable of detecting and combating fraud. Some service providers currently maintain their own fraud databases. Others have begun implementing personal verification and prepaid systems.

A Look at the Top 4

International Revenue Share Fraud

International Revenue Share Fraud (IRSF) occurs when hackers obtain Subscriber Identity Management numbers (SIMs) from a Communication Service Providers home network and connect them to gain international roaming status to begin placing outgoing international calls.

The opportunity for fraudsters to exploit some countries high termination rates, or inflate traffic into other high value numbers with the intention of sharing any revenue generated from this activity, has been a problem for CSP’s for some years now. Many of these opportunities are created through number aggregator websites who openly advertise revenue share offerings to many countries, and invite visitors to their websites to register on-line and immediately start generating revenue.

Fraudsters are constantly searching for a weak link. Service Providers should ensure that they have sufficiently secure controls in place to prevent any outsiders from using their network as an enabler for Revenue Share Fraud.

By-Pass Fraud

By-Pass Fraud occurs when in-bound off-net traffic is disguised as on-net traffic (By-Pass) to avoid high costs of terminating traffic.

Most By-Pass operations are performed on a large scale utilizing advanced SIM- Boxes that can be managed from anywhere. Content Service Providers attacked can experience significant losses in their in-bound interconnect revenues. Service providers should constantly monitor in-bound and on-net traffic in order to detect any indications associated with By-Pass Fraud, such as suspected calling numbers or suspicious call pattern tendencies.

Credit Card Fraud

Credit Card Fraud occurs when someone uses a credit card as a fraudulent source of funds in a transaction to obtain goods without paying or to obtain unauthorized funds from an account.

Today, many Communications Service Providers accept credit card and e-payments for services. A fraudster will try to make payment for those services using a third party credit card number. When the original card holder receives their bill and notices the charges, they’ll typically dispute the charges and refuse to pay.

Service providers should make sure safeguards are in place that limit the amount of payment which can be made through a credit card, as well as monitor the payments of multiple bills using the same credit card number.

What is a PBX?

PBX (Private Branch Exchange) systems started out as an internal company switchboards where operators manually directed calls from one person to the next. By the time the 80’s rolled around, manual switchboards had been thrown aside, replaced with automatic switchboards that could route the call by itself.

Fast forward to today, where PBX technology is taking on a whole new realm, the Internet world. Instead of routing calls through old switchboards and circuits, today’s solutions use Internet protocol to exchange information.

This new world also enables users to work from virtually anywhere while still experiencing the full benefit of their networks PBX features.

But, as we’ve stated previously, there’s sometimes a cost associated with advancements in technology. For every worker able to telecommute from the beach, you can bet there’s some hacker on that beach right next to him trying to see how they can gain access to that same network.

PBX Hacking: A Big Problem

PBX hacking – the act of breaking into and accessing a company’s PBX system and selling long distance/international telephone time to third parties – remains one of the leading types of fraud around the world. It’s also nothing new, having first been reported in 2005. Since then, it has consistently been one of the main computer crimes reported to Fraud investigators all over the world.

Telephone hackers can take over insecure PBX systems to make international and long distance calls, listen to voice mail or monitor conversations.

The main economic reason fraudsters hack PBX systems is to gain access to the trunk lines after which they begin generating as many calls as possible to international premium rate numbers that they own off which the criminal collects 90% revenue.

Many businesses are unaware that they are responsible for all calls made from their phone system, including any fraudulent calls. More so, victims of hacked PBX systems are typically unaware of any unauthorized use and unwittingly allow the hackers to “sell” the use of their telephone system to others or, far worse give the hackers the opportunity to maliciously reprogram the system.

PBX Hacking: Why Should I Care?

There are many issues and headaches surrounding PBX Fraud, but the main reason Communication Service Providers and businesses in general need to realize the importance of preventing PBX attacks is economics. With close to $5B in revenue lost to PBX Hacking, it’s surprising that some companies still choose to not put effective counter measures in place.

With PBX technology having been around for so long, phone hackers (also known as phreakers) have had decades to look for potential vulnerabilities to exploit. Couple that with the fact that there are a relatively small number of companies in the PBX equipment arena, an attacker that takes the time to learn two or three brands of PBX systems can have critical knowledge to attack over 70% of the possible targets.

While new data and Internet products are being touted as the next big thing, often receiving big budgets and headcount, PBX technology is often viewed as only needing regular maintenance to keep it running. This lack of attention and focus can enable hackers to have a field day on unsuspecting victims.

How is it Done?

Phreakers can identify target systems either by searching phone directories for phone numbers of organizations that use a PBX, or by using a “war dialer” program on a computer that walks through sequences of phone numbers.

Most PBXs today are software driven. When not properly configured, hackers can gain access to the system remotely by accessing remote features intended to make the users life easier and more efficient. Those remote features include:

Voice Mail – Some voicemail systems can be accessed remotely and programmed to make outbound voice calls. Hackers make use of this feature to forward calls to a “phantom” mail box that will give a dial tone, allowing them to make calls from anywhere, on the hacked business account. Hackers can also gain access to a mailbox to listen to messages, change greetings or delete messages entirely.

Maintenance Port – PBX administrators usually manage their PBX system via a maintenance port, by connecting remotely into their system. By controlling this PBX maintenance port, hackers can change the call routing configuration, passwords and can delete or add extensions or shut down a PBX, all of which can have a negative impact on business operations.

DISA – DISA is a feature that enables remote users to access an outside line via a PBX with authorization codes. This is a very useful feature for employees who are on the road a lot or who frequently make long distance calls or need to access an international call conference after business hours. By gaining access to this, hackers can access an outside line and make calls at the cost of the business.

It Can Happen to You

Typically, phreakers are highly skilled phone engineers that can strike anywhere at anytime. Most attacks typically occur after normal business hours or on holidays when intrusions are least likely to be detected.

In 2011, a quartet of hackers based in the Philippines were arrested for hacking into AT&T and other telecommunications companies for millions, which they channeled to their own bank accounts and to accounts associated with a terrorist organization.

Working from the Philippines during the day, these phreakers would dial numbers of US businesses after hours to attempt to gain access to phone systems through unused extensions on the system or other extensions with default passwords in place. Using a “brute force” approach where they systematically worked through phone extensions and pass codes with the aid of dialing software, the phreakers would gain access to extensions, change their passwords and then use the hacked extension to make outbound calls using the DISA number.

While many hackers do it for the thrill of it, these phreakers conducted phone fraud on an epic level, turning exploited PBXs into their very own long-distance service.

They also used their access to place calls to high-rate international “premium-rate” services – the equivalent of 900 numbers in the US, where customers are assessed a per-minute fee on their phone bill for services. At least some of the revenue generated from the calls was reported to be $2 million through AT&T alone.

How to Prevent It

Putting secure measures in place to fully secure your system is the first step to prevent hackers from gaining access and limit the potential damage and revenue implications that could effect your business as a result.

The following are some recommended industry best practice guidelines that, if followed could help reduce the risk of telephone hacking.

Knowledge and Awareness

Knowledge is power. Everyone in your organization should understand and recognize the dangers and implications telephone hacking can have on your business. Key Measures should be taken to:

  • Educate staff on security procedures and ensure they understand the potential ramifications
  • Ensure procedures s are in place in case of any attack or red flags
  • Familiarize yourself with your business’ call patterns and monitor them regularly

The more you and your employees know, the more empowered you’ll be if and when an attack does occur.

How to Prevent It: General Security

Security is of the utmost importance in all areas of business. Hackers are armed with the same information you are, and typically, are one step ahead. Ensuring that your system is secure can make the difference between a good day and being out of business.

Passwords – they hold the key to your castle and should be impenetrable

  • Restrict use of default system codes and enforce rules to ensure passwords are secure
  • Enforce password expiration dates to regulate frequent change
  • Passwords should be lengthy, random and include characters, numbers and letters

Know Your Business – attention to detail can make you proactively detect any irregularities or issues

  • Remove any inactive mailboxes or extensions
  • Monitor your system frequently to easily identify irregularities and look for suspicious activity
  • Evaluate your current settings and disable any features that are not in use

Restricted Access – keep certain passwords and features under a tight leash to ensure no issues arise

  • Disable the external call forwarding feature in voice mail, unless it is absolutely required
  • Restrict access to international or long distance destinations to which your company does not require access. Restrictions should include 1-900 calls
  • Limit the DISA access number and authorization codes to only employees that have a real need for such a feature


Telecom Fraud is a big business. It can not only put companies out of business, it can enrich and enable criminals to inflict much more than monetary harm.

The better educated and informed you are, the better you will be protected from all the risks. By staying on top of the current threats and security measures, you can secure your network and ensure that your business is not taken by surprise.

Phone Hackers look for the easiest targets and tend to not focus on systems with properly implemented security in place. As with many crimes of opportunity some hackers may be lazy and look for an easier target once they realize they can’t penetrate a system. Since their end goal is to find any vulnerable system that would allow them to make international calls rather than access data, they will have no reason to invest their time in cracking your security.

Until businesses realize the seriousness of security threats and invest the time to make sure their telecom services are safe and secure, telecommunications fraud will continue to be a big business that continues to put people out of business.

Introducing: Neustar Communications Analytics

Neustar provides expert insight and analytics that allow businesses to take their data and create valuable information assets that can be specifically used to improve business efficiency, minimize risk and drive revenues.

Often one fraud problem is linked to other issues of fraud, revenue offer and cost management. Content Service Providers need to be sure that all systems are in sync and shared amongst functional groups.

Neustar’s Communications Analytics Services are a completely managed business assurance solution that looks across your entire organization to identify problems and implement results. Our experts can do the work for you, lightening your work load and saving you money in the process that can pay for the solution itself in months.

PBX fraud prevention is only one part of a suite of integrated solutions offered by Neustar. The full service suite includes: Revenue Assurance, Risk Management, Margin Management and Sales Performance Management. All in a completely managed service offering.

Let us help you find the right combination of solutions for your business.

Download Full Document