Benefits Of Telecom Analytics And Fraud Detection For Enterprises
Background
Background
In the 1960s fraudsters would trick the
phone systems of AT &T into providing
free calls by whistling high-pitched
sounds into their handset. These
relatively innocuous pranks would
become known as phreak attacks.
The reality of telecom fraud today, is
frighteningly different. In 2009, according
to the CFCA, businesses of all sizes and
carriers lost a combined $80 Billion to
telecom fraud. Organizations of all sizes,
in the telecom business and otherwise,
are susceptible to telecom fraud attacks
that can cripple their business financially
over a weekend.
In the past only large companies could
afford their own PBX, but the rise of
cheaper digital IP-PBXs has enabled
smaller businesses to install their own
in-house telecom networks. But with
added convenience and functionality,
these companies unknowingly became
susceptible to telecom fraud.
A 1983 insurance claim for a $382,000
telecom fraud attack on a Fortune 100
Company presaged the enormity of the
problem to come.1
According to the Communications
Fraud Control Association 2009 Global
Fraud Loss Survey, over $80 Billion are
lost each year to telephony fraud, with
the top three predominant sources
being Subscription Fraud ($22 B), PBX/
Voicemail Hacking ($15.1 B), and Premium
Rate Service Fraud ($4.6 B). According
to the survey, 91% of participants felt
that global fraud losses had increased or
stayed the same, while 78% said fraud has
trended upwards within their company.2
National and regional media outlets
are beginning to raise awareness of the
global telecom fraud epidemic:
The U.S. government breaks up a toll
fraud ring costing enterprises $55
million.3
A fraudster is sentenced to 82 months
for routing calls to premium number
services through unsuspecting New
Hampshire businesses.4
A music chain in Canada is hit with
$83,000 in fraudulent phone charges
following a weekend attack.5
A small Perth, Australia business
is charged $120,000 for 11,000
fraudulent long distance calls made
in the span of 46 hours via a phreak
attack.6
Technologies have evolved at a hairraising
pace since the telling attack
of 1983. The ubiquitous internet and
modern computing power make
cunning hackers all the more dangerous,
arming them with sophisticated attack
methods and an endless supply of
victims. The rapid adoption of IP-based
telephony technology by businesses and
consumers has opened up telephony
security to a wider spectrum of security
enthusiasts who have readily available
information, resources, and equipment
to rapidly cover and probe networks at a
global level.
Enterprises are reluctant to speak
of fraud attacks for fear of public
embarrassment and calls of negligence
from stockholders. Because currently
available solutions are prohibitively
expensive, running upwards of $150,000
for instillation and costing more than
$17,000 a month, each enterprise finds
itself reinventing the wheel internally,
coming up with a hodgepodge of
makeshift solutions to tackle the risk of
telecom fraud. The lack of information
sharing in a discreet manner creates a
fertile environment for hackers to thrive
in. If a vulnerability in one company is
secured, a hacker will simply migrate to
Telecom Fraud in Billions of USD Over Time the next unsuspecting victim.
Humbug Telecom Labs offers unique
community based Telecom Analytics
and Fraud Prevention/Detection services
which can either act as a primary fraud
detection system or as a supplement
to existing credit card and voice fraud
detection systems already installed in an
enterprise environment.
SPECIFIC TELECOM THRE ATS TO
ENTERPRISES
The following threats represent but a
handful of the dozens of telecom fraud
attacks an enterprise may be subject to:
PBX Dial-Through
Dial-Through fraud relies on a feature
that exists on every PBX. This feature
allows employees to call into the
switchboard or their voicemail and
make outgoing calls after inputting a
password or pin.
Although this feature may be turned
off upon installation, hackers will try to
break in and create their own mailbox,
which will allow them to dial in and then
make any calls they wish.
Calls to Known Fraudulent
Numbers or Destinations
Telecom fraud is a well-known problem,
and like the Nigerian Bank Scam,
there are blacklists of phone numbers,
area codes etc., that can be blocked or
monitored if the right tools are at hand.
System Hacks
Currently there are two types of attacks
that can target an enterprises PBX:
Crude - creating a mailbox, as
described above, or trying default
or common passwords are two of
many techniques. Fraudsters may
also directly contact employees to
ascertain useful information that can
be used to harm the company.
Sophisticated - hacking the PBX
to gain access privileges, much like
hacking a computer network. This
attack type may include denial of
service (DoS) attacks, brute force
attacks, etc.
Internal Misconduct
Telecom fraudsters are not always
outside the confines of the organization.
Internal Employee Fraud is a significant
contributor to fraud affecting enterprises.
Employees may use company phones to
make premium number, personal, and
long distance calls. In the worst-case
scenario employees may actively enable
toll fraud.
Off Hour Calls
Calls originating from an organizations
PBX may be the result of Internal
Employee Fraud, unauthorized visitors,
or remote hackers accessing the system.
Most significant telecom fraud attacks
are perpetrated when the enterprise
is unmanned over weekends, bank
holidays, religious holidays, etc.
BENEFITTS OF HUM BUG
TELECOM SER VICES
Humbug Telecom Labs provides
enterprises with tools previously only
available to telecom carriers due to
prohibitively high acquisition costs
and complex instillation processes.
Humbug Labs offers an easy to use
Telecom Analytics platform in an
elegant User Interface making it easy for
marketing, finance or IT staff to monitor
the organizations phone system(s).
Easily configurable safeguards alert
the organization via email, SMS or
automatic phone call, whenever an alert
is triggered to forewarn of a pending
telecom fraud attack.
HUM BUG ANALYTICS
The information Humbug analyzes is
not only relevant in preventing fraud.
Humbug Telecom Analytics provides
your organization with tangible benefits
in several ways:
Marketing Activity Optimization
Track marketing campaign effectiveness
based on metrics, based on geography
or by campaign specific phone numbers.
Track sales team(s) with metrics for
number of calls inbound / outbound,
average call duration, calls per location,
department or employee, etc.
Cost Optimization
Real-time knowledge of telecom costs -
itemized details about calls per location,
department or employee.
No bill shock know what your corporate
phone bill will be in near real-time.
Improved bargaining position vis--vis
the carrier enables detailed dispute
resolution with call level phone use
details.
Right size phone plan - Determine if your
enterprise is on the right phone plan,
based on actual telecom utilization, to
reduce expenses.
HUM BUG FR AUD PRE VENTION /
DETECTION
Humbug modernizes the antiquated
approach to fighting fraud where
each organization stood alone on
the battlefield with a patchwork of
improvised solutions. No need to
reinvent the wheel; with a host of
customizable alerts, users actively
participate in setting up the defenses.
This layer of proactive protection is
driven by the philosophy that end -
users understand their telecom traffic
better than any algorithm. Whereas the
traditional approach to fraud detection
looks for fraud at the carrier level,
Humbugs focus is detecting fraud in
end-user traffic where anomalies are
most conspicuous. Finally, Humbugs
unique community approach to fraud
detection means users benefit from
a community database of blacklisted
numbers gathered by law enforcement
agencies around the world.
Technical - receive notifications when
certain technical events occur; events
that are strong indicators of pending
fraud.
Blacklist - be notified of traffic to/from
blacklisted sources:
Number Blacklist - Setup your own list
of blacklisted numbers
Community Blacklist - Protect your
PBX from over 55,000 industryconfirmed
blacklisted numbers
Country Blacklist - Receive alerts when
traffic to/from specific countries you
select are detected
Timestamp - be notified when calls
originate from your organization at
times you deem suspicious.
User defined time ranges
Business hours
Cost & Duration - receive alerts when
individual calls exceed a specified cost
per minute, total cost or duration.
Visit us at: www.humbuglabs.org Contact us: sales@humbuglabs.org
Threshold - receive alerts when daily or
hourly costs, durations, or call volume
thresholds are exceeded on a total or per
country basis.
Statistical - User Specific Statistically
Significant Anomalies, receive alerts
when Humbug identifies traffic that is
inconsistent with historic telecom usage.
Unique Community Based
Information Sharing Humbug Labs
uses a secure cloud based system that
learns of new fraud fingerprints in real
time and spreads the information in
the Humbug Network, ensuring that all
Humbug users are protected. Customer
premises solutions lack this important
community feature.
Future Proof Solution unlike
solutions based on installing a physical
box, the cloud-based nature of the
Humbug solution is future proof for all
technologies.
Humbug Fraud Alerting Tools include:
About the Author
Eric Klein has over 20 years experience in
the telecom industry. In addition to his
experience with MCI Communications
(now part of Verizon) and Cellcom he has
co-authored RFC4864 - Local Network
Protection for IPv6, served as a grant
reviewer for the US Department of
Commerce Broadband Initiatives (BIP)
Program and Broadband Technology
Opportunities Program (BTOP).
1Frank Scheckton,jr., Telephone Fraud: Reach Out
And Rob Someone, http://www.e-perils.com/pdf/
sheckton.pdf
2Communications Fraud Control Association (CFCA);
Global Fraud Loss Survey for the year 2009, July 27,
2010 http://www.cfca.org/pdf/survey/2009%20
Global%20Fraud%20Loss%20Survey-Press%20
Release.pdf
3Adam Brooks, Toll fraud is alive and well, Network
World, October 1, 2009 https://www.networkworld.
com/news/tech/2009/092909-tech-update.html
4Robert McMillan, Man Gets 7 Years for Forcing
Modems to Call Premium Numbers, PC World,
Mar 2, 2011 1:40 am http://www.pcworld.com/
businesscenter/article/221108/man_gets_7_years_
for_forcing_modems_to_call_premium_numbers.
html
5Jenny Yuen, Phone bill hits sour note for
music store chain Toronto Sun, November
25, 2010 http://www.torontosun.com/news/
torontoandgta/2010/11/25/16320096.html
6Brett Winterford, Perth firms phreaked by VoIP
hackers, iTnews, Apr 12, 2011 http://www.itnews.
com.au/News/254255,perth-firms-phreaked-by
voip-hackers.aspx
by: Renee Sandler
Harmful Effects Of Red Back Spiders And How To Deal With Them Explore Hexhams Picturesque Rural Location And Wonderful Walks Efficiency And Ease Of Use Is Key When Choosing A Germany Courier Service There Are Medical And Natural Tinnitus Treatments Available For Sufferers Printing Services And Your Florida Direct Mail Marketing Use Tech And Make Cash The Franz Josef And Fox Glaciers; The Worlds Most Impressive Glacier Phones And Phone Deals Dissected Coffee Blends Are Bad For Taste And Aroma Outlined - The Reason Small And Medium-sized Agencies Normally Value Investments Bath Tub Selection And Installation Tips Knowing The Difference Between Empty Calories And Supportive Calories A Guide To Procedures And Unfair Dismissal Online Help