20 weeks, one article a week, and three minutes per article – that’s all you need to get the basics of voice security in place. In Week 3, we talk about toll fraud – what’s so difficult about it to catch or prevent. And some tips on how to prevent it.
In my article last week, I mentioned that toll fraud is a major hidden issue – many organizations don’t even know they are being defrauded. In this article, we discuss – why companies struggle to identify toll fraud attacks, some tell-tale signs, and some techniques to prevent it or fight it.
One of the small but nice things about being employed at Assertion is that we give employees a tax deduction for health checkups. Get yourself checked, submit the bill, and get a tax break on the expense. And this time when I did – I was surprised to know that I have higher than normal cholesterol levels. I last had a health checkup almost 9 years ago – sometime in the last 9 years, cholesterol deposits in my circulatory system started building up, but since there was no regular checking going on, I had no way to find out. Now that I know, I can take measures to get back to good health. On the other hand, I am aware at almost all points of my heart rate – I have one of those smartwatches that constantly track my heart rate, so if there is any irregularity, I’d know almost immediately.
The parallels with toll fraud identification, tracking, and prevention are straightforward – companies have real-time tools to deal with data theft, viruses, malware, and a whole bunch of other Internet-related risks, but they have no way to track toll fraud attacks.
In my previous article, I talked about two options that fraudsters choose from when they manage to break into an extension: the Big Squeeze versus the Slow and Steady.
When a fraudster opts for a Big Squeeze, they make tons of calls in a short period of time leading to a spike in phone bills. So customers find out through rude shocks – just like ‘cardiac infarctions’ are often indicative of high cholesterol, a telephone billing spike is often indicative of toll fraud. But just like no one wants cardiac infarctions as a method of identifying high cholesterol, no one wants to know about toll fraud through paying a super-high bill.
Canny fraudsters often opt for Slow and Steady as an approach for toll fraud, only a few calls a day, steadily increasing the billing over many months – these can be very difficult to catch.
A blood pressure monitor lets you know if you have hypertension, which can be caused by high cholesterol or by a whole bunch of other reasons. Similarly, having financial controls in your organization may help you identify that something might be off – has someone been noticing a small increase in phone bills – maybe a percentage point or two, steadily going up?
But what if you work for large corporations that are constantly merging departments, moving around cost centers, acquiring companies, and spinning off divisions? Would you be able to track that someone has walked into your network, and is slowly leaking out your company’s money, laughing his way to the bank at your expense? If you are like most corporations, the sad answer is – Probably not.
In most cases, companies simply do not have the tools to identify toll fraud and a smart fraudster will easily milk them for months at a time, maybe even years!
Now, imagine that you decide to do something about the problem – you ask for the CDRs and decide to go through them to look for premium-rate numbers and high-cost destinations. And you will immediately notice the key challenges:
- How to go through the millions of call records
- How to identify which numbers are legitimate international calls and which ones are not? If you work with a transnational corporation, calls may be made to Lithuania or Lesotho for legitimate reasons – how are you going to deduce if the calls are valid?
- How to identify which numbers are legitimate calls to premium-rate numbers and which ones are not? While in the USA, premium-rate numbers are usually easy to identify – the 1-900 prefix is a giveaway, other countries have more complex rules and some countries do not even have a separate numbering plan! By our estimation, there are around 20 million premium-rate numbers available all over the world!
- An especially challenging problem – what if some of your own employees are abusing the phone system and making calls to premium-rate numbers or international high-cost destinations? This might be a problem for the company but it’s not a toll fraud issue
At this point, you are probably wondering when I am going to bring up Assertion as a solution for toll fraud – and the answer is: NOW. J But this is an educational series, not a hard-sell one, I’ll just point to the “About Assertion” at the bottom of this article and come back to the discussion.
Suffice to say that this is a non-trivial problem – combing through millions of records looking for specific patterns or even specific numbers, which themselves number in the millions. Even worse, how does one get access to the database of premium-rate numbers across the world, and how does one keep it up to date. The solution is therefore a service, not a static database.
Now that I have dwelt at length on the difficulty of solving the toll fraud problem, here are some suggestions on how to prevent it:
- Reduce dialing permissions of all extensions to restrict them from calling numbers where your business has no interest.
- Modify your SBC’s configuration to tighten URI and User-agent filters – allow only approved end-point types to get through.
- Use mutual certificate authentication and disallow all incoming connection requests from un-authenticated extensions.
Toll fraud is a difficult risk to control unless you know what you are doing. All communication infrastructure OEMs have capabilities built into their systems that can reduce toll fraud risk – reach out to your SI or OEM to discuss how you can avoid getting burned.
And yes, I am taking precautions on the cholesterol front. 🙂