When we think about hackers, we usually imagine somebody hunched in front of a computer screen, but some of the first hackers got their start finding exploits in the analog telephone system. Today’s hackers have moved on from figuring out how to make free calls at payphones, but telecommunications remains a lucrative target.
VoIP fraud is a serious issue, with organized and well-equipped fraudsters exploiting every technological and legal loophole they can find. What is VoIP fraud, and how can the telecom companies and service providers caught in the middle of it protect themselves?
The trick is in integrating VoIP with existing telephone systems, which requires cooperation between telecommunications companies, VoIP phone companies, and other network service providers.
These points of connection also inevitably create vulnerabilities that hackers will target in order to use these systems for free and illicitly profit off of them.
Telecom fraud losses clock in at nearly $40 billion per year, and VoIP fraud is involved in many of the most frequent and costly cyberattacks. Small-scale VoIP fraud can often lead to chargebacks, either when cardholders whose identities were stolen to create fake accounts dispute their unauthorized charges, or when customers whose accounts were hijacked realize that they got charged for calls that they never made.
Merchants in the telecom industry cannot afford to ignore VoIP fraud—it’s imperative to learn how it works and deploy adequate preventive measures.
The term “VoIP fraud” is used to cover a wide range of criminal activities, from making a few free long-distance calls to running an entire fraudulent phone company off of hacked telecommunications networks. It all boils down to one thing: using VoIP services to make calls without paying for them.
Unlike credit card fraudsters, the perpetrators of VoIP fraud don’t always hide in the shadows. They often pose as legitimate phone companies and sell authentic-looking phone cards, especially in countries where regulation and enforcement are light and they can operate with relative impunity.
You might see the term “phreaking” used in reference to VoIP fraud. This is an older term for hacking into phone systems by doing things like mimicking signaling tones. These methods don’t have much to do with hacking into VoIP systems, but the legacy term still shows up on occasion.
Telecommunication systems can get very complex very quickly, and there are countless ways for bad actors to take advantage. An exhaustive list of the scams and attacks that could be levied against or via VoIP systems would run quite long, but here are some of the most significant types of fraud that merchants in the telecom industry should watch out for:
Fraudsters will hack into private branch exchanges (PBX), VoIP devices, and other phone network systems and set them up to forward calls. They can then call the PBX and it will route their calls to expensive international destinations, and the owner of the hacked phone network gets stuck with the bill. This is also known as call transfer fraud.
This is essentially an “upgraded” form of toll fraud in which the fraudster, acting as a legitimate phone company, sells international calls at an exceptionally low rate. What they’re really doing is routing those calls through a hacked PBX and pocketing 100% of the rates they’re charging.
Also known as interconnect fraud, this is a sophisticated hack in which one carrier’s call traffic is inserted into another carrier’s network without their authorization. This can be done by disguising international calls to look like cheaper domestic calls, so they bypass the international call billing processes. As with the call reselling scam, fraudsters will sell phone cards for cheap, then use high-tech tools to route the calls through an unwitting carrier.
The most basic form of VoIP fraud is subscription fraud, which is where a customer signs up for a VoIP service, makes lots of calls, and disappears without paying for it.
This kind of fraud requires no hacking skills or advanced hardware. Usually, the perpetrator will sign up using somebody else’s payment credentials, leaving the provider stuck with a chargeback once the cardholder realizes their card was stolen.
Fraudsters may also engage in subscription fraud by filing fraudulent chargeback claims, also known as friendly fraud, after making payments with their own cards.
One of the most effective ways to catch VoIP fraud before it can do too much damage is to monitor your call logs and look for anomalies. Here are some of the biggest warning signs to look for:
VoIP technology has made long-distance phone communication more accessible and affordable, but it has also proven to be a very attractive target for fraudsters. Carriers and providers of VoIP service need to protect themselves, and not just from sophisticated, large-scale hijacking attacks.
Small acts of subscription fraud can add up to a big problem as chargebacks, fees, and revenue losses mount up. No matter what industry you’re in, you can’t create a truly comprehensive fraud prevention strategy without understanding where your chargebacks are coming from.
Thanks for following the Chargeback Gurus blog. Feel free to submit topic suggestions, questions, or requests for advice to: win@chargebackgurus.com