loan

subject: Benefits Of Telecom Analytics And Fraud Detection For Enterprises [print this page]

Background
Background

In the 1960s fraudsters would trick the

phone systems of AT &T into providing

free calls by whistling high-pitched

sounds into their handset. These

relatively innocuous pranks would

become known as phreak attacks.

The reality of telecom fraud today, is

frighteningly different. In 2009, according

to the CFCA, businesses of all sizes and

carriers lost a combined $80 Billion to

telecom fraud. Organizations of all sizes,

in the telecom business and otherwise,

are susceptible to telecom fraud attacks

that can cripple their business financially

over a weekend.

In the past only large companies could

afford their own PBX, but the rise of

cheaper digital IP-PBXs has enabled

smaller businesses to install their own

in-house telecom networks. But with

added convenience and functionality,

these companies unknowingly became

susceptible to telecom fraud.

A 1983 insurance claim for a $382,000

telecom fraud attack on a Fortune 100

Company presaged the enormity of the

problem to come.1

According to the Communications

Fraud Control Association 2009 Global

Fraud Loss Survey, over $80 Billion are

lost each year to telephony fraud, with

the top three predominant sources

being Subscription Fraud ($22 B), PBX/

Voicemail Hacking ($15.1 B), and Premium

Rate Service Fraud ($4.6 B). According

to the survey, 91% of participants felt

that global fraud losses had increased or

stayed the same, while 78% said fraud has

trended upwards within their company.2

National and regional media outlets

are beginning to raise awareness of the

global telecom fraud epidemic:

The U.S. government breaks up a toll

fraud ring costing enterprises $55

million.3

A fraudster is sentenced to 82 months

for routing calls to premium number

services through unsuspecting New

Hampshire businesses.4

A music chain in Canada is hit with

$83,000 in fraudulent phone charges

following a weekend attack.5

A small Perth, Australia business

is charged $120,000 for 11,000

fraudulent long distance calls made

in the span of 46 hours via a phreak

attack.6

Technologies have evolved at a hairraising

pace since the telling attack

of 1983. The ubiquitous internet and

modern computing power make

cunning hackers all the more dangerous,

arming them with sophisticated attack

methods and an endless supply of

victims. The rapid adoption of IP-based

telephony technology by businesses and

consumers has opened up telephony

security to a wider spectrum of security

enthusiasts who have readily available

information, resources, and equipment

to rapidly cover and probe networks at a

global level.

Enterprises are reluctant to speak

of fraud attacks for fear of public

embarrassment and calls of negligence

from stockholders. Because currently

available solutions are prohibitively

expensive, running upwards of $150,000

for instillation and costing more than

$17,000 a month, each enterprise finds

itself reinventing the wheel internally,

coming up with a hodgepodge of

makeshift solutions to tackle the risk of

telecom fraud. The lack of information

sharing in a discreet manner creates a

fertile environment for hackers to thrive

in. If a vulnerability in one company is

secured, a hacker will simply migrate to

Telecom Fraud in Billions of USD Over Time the next unsuspecting victim.

Humbug Telecom Labs offers unique

community based Telecom Analytics

and Fraud Prevention/Detection services

which can either act as a primary fraud

detection system or as a supplement

to existing credit card and voice fraud

detection systems already installed in an

enterprise environment.

SPECIFIC TELECOM THRE ATS TO

ENTERPRISES

The following threats represent but a

handful of the dozens of telecom fraud

attacks an enterprise may be subject to:

PBX Dial-Through

Dial-Through fraud relies on a feature

that exists on every PBX. This feature

allows employees to call into the

switchboard or their voicemail and

make outgoing calls after inputting a

password or pin.

Although this feature may be turned

off upon installation, hackers will try to

break in and create their own mailbox,

which will allow them to dial in and then

make any calls they wish.

Calls to Known Fraudulent

Numbers or Destinations

Telecom fraud is a well-known problem,

and like the Nigerian Bank Scam,

there are blacklists of phone numbers,

area codes etc., that can be blocked or

monitored if the right tools are at hand.

System Hacks

Currently there are two types of attacks

that can target an enterprises PBX:

Crude - creating a mailbox, as

described above, or trying default

or common passwords are two of

many techniques. Fraudsters may

also directly contact employees to

ascertain useful information that can

be used to harm the company.

Sophisticated - hacking the PBX

to gain access privileges, much like

hacking a computer network. This

attack type may include denial of

service (DoS) attacks, brute force

attacks, etc.

Internal Misconduct

Telecom fraudsters are not always

outside the confines of the organization.

Internal Employee Fraud is a significant

contributor to fraud affecting enterprises.

Employees may use company phones to

make premium number, personal, and

long distance calls. In the worst-case

scenario employees may actively enable

toll fraud.

Off Hour Calls

Calls originating from an organizations

PBX may be the result of Internal

Employee Fraud, unauthorized visitors,

or remote hackers accessing the system.

Most significant telecom fraud attacks

are perpetrated when the enterprise

is unmanned over weekends, bank

holidays, religious holidays, etc.

BENEFITTS OF HUM BUG

TELECOM SER VICES

Humbug Telecom Labs provides

enterprises with tools previously only

available to telecom carriers due to

prohibitively high acquisition costs

and complex instillation processes.

Humbug Labs offers an easy to use

Telecom Analytics platform in an

elegant User Interface making it easy for

marketing, finance or IT staff to monitor

the organizations phone system(s).

Easily configurable safeguards alert

the organization via email, SMS or

automatic phone call, whenever an alert

is triggered to forewarn of a pending

telecom fraud attack.

HUM BUG ANALYTICS

The information Humbug analyzes is

not only relevant in preventing fraud.

Humbug Telecom Analytics provides

your organization with tangible benefits

in several ways:

Marketing Activity Optimization

Track marketing campaign effectiveness

based on metrics, based on geography

or by campaign specific phone numbers.

Track sales team(s) with metrics for

number of calls inbound / outbound,

average call duration, calls per location,

department or employee, etc.

Cost Optimization

Real-time knowledge of telecom costs -

itemized details about calls per location,

department or employee.

No bill shock know what your corporate

phone bill will be in near real-time.

Improved bargaining position vis--vis

the carrier enables detailed dispute

resolution with call level phone use

details.

Right size phone plan - Determine if your

enterprise is on the right phone plan,

based on actual telecom utilization, to

reduce expenses.

HUM BUG FR AUD PRE VENTION /

DETECTION

Humbug modernizes the antiquated

approach to fighting fraud where

each organization stood alone on

the battlefield with a patchwork of

improvised solutions. No need to

reinvent the wheel; with a host of

customizable alerts, users actively

participate in setting up the defenses.

This layer of proactive protection is

driven by the philosophy that end -

users understand their telecom traffic

better than any algorithm. Whereas the

traditional approach to fraud detection

looks for fraud at the carrier level,

Humbugs focus is detecting fraud in

end-user traffic where anomalies are

most conspicuous. Finally, Humbugs

unique community approach to fraud

detection means users benefit from

a community database of blacklisted

numbers gathered by law enforcement

agencies around the world.

Technical - receive notifications when

certain technical events occur; events

that are strong indicators of pending

fraud.

Blacklist - be notified of traffic to/from

blacklisted sources:

Number Blacklist - Setup your own list

of blacklisted numbers

Community Blacklist - Protect your

PBX from over 55,000 industryconfirmed

blacklisted numbers

Country Blacklist - Receive alerts when

traffic to/from specific countries you

select are detected

Timestamp - be notified when calls

originate from your organization at

times you deem suspicious.

User defined time ranges

Business hours

Cost & Duration - receive alerts when

individual calls exceed a specified cost

per minute, total cost or duration.

Visit us at: www.humbuglabs.org Contact us: sales@humbuglabs.org

Threshold - receive alerts when daily or

hourly costs, durations, or call volume

thresholds are exceeded on a total or per

country basis.

Statistical - User Specific Statistically

Significant Anomalies, receive alerts

when Humbug identifies traffic that is

inconsistent with historic telecom usage.

Unique Community Based

Information Sharing Humbug Labs

uses a secure cloud based system that

learns of new fraud fingerprints in real

time and spreads the information in

the Humbug Network, ensuring that all

Humbug users are protected. Customer

premises solutions lack this important

community feature.

Future Proof Solution unlike

solutions based on installing a physical

box, the cloud-based nature of the

Humbug solution is future proof for all

technologies.

Humbug Fraud Alerting Tools include:

About the Author

Eric Klein has over 20 years experience in

the telecom industry. In addition to his

experience with MCI Communications

(now part of Verizon) and Cellcom he has

co-authored RFC4864 - Local Network

Protection for IPv6, served as a grant

reviewer for the US Department of

Commerce Broadband Initiatives (BIP)

Program and Broadband Technology

Opportunities Program (BTOP).

1Frank Scheckton,jr., Telephone Fraud: Reach Out

And Rob Someone, http://www.e-perils.com/pdf/

sheckton.pdf

2Communications Fraud Control Association (CFCA);

Global Fraud Loss Survey for the year 2009, July 27,

2010 http://www.cfca.org/pdf/survey/2009%20

Global%20Fraud%20Loss%20Survey-Press%20

Release.pdf

3Adam Brooks, Toll fraud is alive and well, Network

World, October 1, 2009 https://www.networkworld.

com/news/tech/2009/092909-tech-update.html

4Robert McMillan, Man Gets 7 Years for Forcing

Modems to Call Premium Numbers, PC World,

Mar 2, 2011 1:40 am http://www.pcworld.com/

businesscenter/article/221108/man_gets_7_years_

for_forcing_modems_to_call_premium_numbers.

html

5Jenny Yuen, Phone bill hits sour note for

music store chain Toronto Sun, November

25, 2010 http://www.torontosun.com/news/

torontoandgta/2010/11/25/16320096.html

6Brett Winterford, Perth firms phreaked by VoIP

hackers, iTnews, Apr 12, 2011 http://www.itnews.

com.au/News/254255,perth-firms-phreaked-by

voip-hackers.aspx

by: Renee Sandler

welcome to loan (http://www.yloan.com/)