Call selling

Continuing our series on different types of mobile fraud, Mark Yelland analyses the risks of call selling to mobile operators

Call selling is the practice of selling service to customers at below market rates but using another person’s system and equipment to deliver that service.

The usual practice is to sell cheap international calls to an expat community.  The community may well not be aware that the service they are using is illegal and is generally in support of cheaper calls back home. 

The operator may have to make payments to his international partners as they will have connected a call.  He will have a potential irate customer who will be experiencing bill shock and have the option of writing off all or part of the bill and the possibility of the customer churning.  There is no relationship between the fraudster and the calls being made.

In addition to the System Access Fraud described above, there are other ways of getting access to the network, some are:

1.       Voicemail feed through – where someone has left open their voicemail platform and as one of the options is to “dial another number” without restricting the number to be internal to the organisation.

2.       Stolen mobile phones – using the three-way calling to set up numerous concurrent calls from the customers to the mobile and then three-way calling to the far end.

3.       Seizing the circuit from a cordless phone from outside the premises

4.       Friendly switch engineer providing a circuit that does not generate a billing record

5.       Out-of-hours security accessing the PBX

The fraudster makes money by selling the calls to his customers.  The key indicator is the traffic pattern unexpectedly changing for a customer.

Although the network could legally require the customer to pay for the fraudulent traffic, there is usually some compromise agreement reached.  Again, the weakness being exploited is the failure of the customer to secure his equipment from external or internal threats by implementing a strong security policy.  

System Access Fraud

Continuing our occasional series on the different kinds of fraud that take place on mobile networks, Mark Yelland, an international expert on mobile fraud and revenue protection looks at System Access Fraud:

Most PABX systems have a means for the maintainer to dial into the system to perform remote diagnostics and system maintenance through dialling a number (often a freephone number) and entering a password.  This access is often referred to as the Direct Inward System Access port (DISA port).  This port gives total access to the system and allows outgoing calls to be made.

By chaining several of these hacked PABXs, and relying on the lack of co-operation across different telecommunications providers, the fraudster is able to hide.  Having access to an external line, the fraudster is then able to generate revenue by providing services at a cheaper rate than through the legitimate operators.

Although traditionally these frauds have been initiated by fixed line fraudsters, as calls to Freephone numbers from mobiles may be charged, with the advent of web sites which provide the translated number, these can now be access using mobiles with unlimited calls to fixed lines.

In addition, as convergent services are being developed, and the proliferation of ip-pbx systems, the fraudster first hacks the company website to gain access to the internal intranet network.  He then uses this to access the pbx and can initiate calls from the pbx.    Potentially, with the growth of smartphones and LTE equipment, the opportunity for the fraudster to attempt to hack the web address can be delivered from anywhere, and the service can be sold anywhere, simply breaking out in the local country.

From a mobile network operator’s perspective, the contract between the customer and the network usually specifies that the customer is liable for all calls originating from his equipment.  Theoretically, this means that the customer could be charged for all fraudulent traffic, but in practice there is usually an agreement reached whereby the network writes off part of the losses.

The key indicator for this type of fraud is traffic being generated outside normal parameters for this type of business, for example out-of-office calls, excessive number of destinations called, and so on.

The weakness being exploited is the failure of the customer to secure his equipment from external or internal threats by implementing a strong security policy.