VoIP Fraud

When we think about hackers, we usually imagine somebody hunched in front of a computer screen, but some of the first hackers got their start finding exploits in the analog telephone system. Today’s hackers have moved on from figuring out how to make free calls at payphones, but telecommunications remains a lucrative target.

VoIP fraud is a serious issue, with organized and well-equipped fraudsters exploiting every technological and legal loophole they can find. What is VoIP fraud, and how can the telecom companies and service providers caught in the middle of it protect themselves?

New call-to-actionVoice over Internet Protocol, or VoIP, is a simple idea—instead of using cables and satellites for long-distance voice communication, why not rely on fast, cheap, readily available internet connectivity?

The trick is in integrating VoIP with existing telephone systems, which requires cooperation between telecommunications companies, VoIP phone companies, and other network service providers.

These points of connection also inevitably create vulnerabilities that hackers will target in order to use these systems for free and illicitly profit off of them.

Telecom fraud losses clock in at nearly $40 billion per year, and VoIP fraud is involved in many of the most frequent and costly cyberattacks. Small-scale VoIP fraud can often lead to chargebacks, either when cardholders whose identities were stolen to create fake accounts dispute their unauthorized charges, or when customers whose accounts were hijacked realize that they got charged for calls that they never made.

Merchants in the telecom industry cannot afford to ignore VoIP fraud—it’s imperative to learn how it works and deploy adequate preventive measures.

What Is VoIP Fraud?

The term “VoIP fraud” is used to cover a wide range of criminal activities, from making a few free long-distance calls to running an entire fraudulent phone company off of hacked telecommunications networks. It all boils down to one thing: using VoIP services to make calls without paying for them.

Unlike credit card fraudsters, the perpetrators of VoIP fraud don’t always hide in the shadows. They often pose as legitimate phone companies and sell authentic-looking phone cards, especially in countries where regulation and enforcement are light and they can operate with relative impunity.

You might see the term “phreaking” used in reference to VoIP fraud. This is an older term for hacking into phone systems by doing things like mimicking signaling tones. These methods don’t have much to do with hacking into VoIP systems, but the legacy term still shows up on occasion.

What Are the Major Types of VoIP Fraud?

Telecommunication systems can get very complex very quickly, and there are countless ways for bad actors to take advantage. An exhaustive list of the scams and attacks that could be levied against or via VoIP systems would run quite long, but here are some of the most significant types of fraud that merchants in the telecom industry should watch out for:

Toll Fraud

Fraudsters will hack into private branch exchanges (PBX), VoIP devices, and other phone network systems and set them up to forward calls. They can then call the PBX and it will route their calls to expensive international destinations, and the owner of the hacked phone network gets stuck with the bill. This is also known as call transfer fraud.

Call Reselling

This is essentially an “upgraded” form of toll fraud in which the fraudster, acting as a legitimate phone company, sells international calls at an exceptionally low rate. What they’re really doing is routing those calls through a hacked PBX and pocketing 100% of the rates they’re charging.

Revenue Share Fraud

fraud Prevention- Proven Strategies to prevent e-commerce fraud Hacked phone networks may also be used to artificially inflate call numbers to carriers who charge high rates for international calls.

Bypass Fraud

Also known as interconnect fraud, this is a sophisticated hack in which one carrier’s call traffic is inserted into another carrier’s network without their authorization. This can be done by disguising international calls to look like cheaper domestic calls, so they bypass the international call billing processes. As with the call reselling scam, fraudsters will sell phone cards for cheap, then use high-tech tools to route the calls through an unwitting carrier. 

Subscription Fraud

The most basic form of VoIP fraud is subscription fraud, which is where a customer signs up for a VoIP service, makes lots of calls, and disappears without paying for it.

This kind of fraud requires no hacking skills or advanced hardware. Usually, the perpetrator will sign up using somebody else’s payment credentials, leaving the provider stuck with a chargeback once the cardholder realizes their card was stolen.

Fraudsters may also engage in subscription fraud by filing fraudulent chargeback claims, also known as friendly fraud, after making payments with their own cards.

What Are the Best Ways to Prevent VoIP Fraud?

One of the most effective ways to catch VoIP fraud before it can do too much damage is to monitor your call logs and look for anomalies. Here are some of the biggest warning signs to look for:

  • VoIP fraud is usually used to make expensive long-distance calls. Any international calls that don’t have a reasonable explanation, show up in odd clusters, or otherwise appear unusual should be investigated.
  • Fraudsters prefer to make hacked VoIP calls after normal business hours, when nobody at the targeted company is likely to see them happening in real time. If you see calls happening when nobody is supposed to be in the office, that’s a red flag for sure.
  • Train your staff to recognize phishing attempts, social engineering, and other attacks that might be used to gain initial access to your phone system.
  • Use up-to-date anti-fraud tools and malware protection, and always keep your VoIP software updated with the latest security patches.
  • If feasible, set up outbound calling rules that limit international calls.

Conclusion

VoIP technology has made long-distance phone communication more accessible and affordable, but it has also proven to be a very attractive target for fraudsters. Carriers and providers of VoIP service need to protect themselves, and not just from sophisticated, large-scale hijacking attacks.

Small acts of subscription fraud can add up to a big problem as chargebacks, fees, and revenue losses mount up.  No matter what industry you’re in, you can’t create a truly comprehensive fraud prevention strategy without understanding where your chargebacks are coming from.

Thanks for following the Chargeback Gurus blog. Feel free to submit topic suggestions, questions, or requests for advice to: win@chargebackgurus.com
Get the guide, Chargebacks 101: Understanding Chargebacks & Their Root Causes

Similar Posts

Ready to Start Reducing Chargebacks?