Call Fraud Primer

James Brown
Jun 17 · 3 min read

Call fraud is a scourge that troubles nearly every single person today and we, in the telecom industry, haven’t done the best job of making the topic less confusing. We throw around acronyms (SIP, PSTN, CDR) like crazy and use a bunch of words only a select few understand (spoofing, Robocall, Traffic Pumping).

I’ll attempt to define and explain these acronyms and words to help lay a foundation for people to follow along with fraud discussions, articles, and regulations that are coming out.

Let’s start with some acronyms:

SIP (Session Initiation Protocol) The protocol that handles setting up, maintaining, and terminating most phone calls in today’s world.

PSTN (Public Switched Telephone Network) The network of mobile phones and landlines that handle routing of phone calls.

CDR (Call Detail Record) The data recorded about a phone call such as phone number, start time, duration, etc.

Now let’s have a look at some common terms:

Spoofing is the act of disguising a caller’s identity by displaying a false phone number to the recipient regarding who the call is coming from.

Robocalls are any call you answer where the other side is a recorded message or computer generated voice.

Now that we understand some of these terms let’s breakdown what call fraud is and the many forms that it comes in. As you can see in the CFCA (Communications Fraud Control Association) 2019 chart below there are many forms of fraud which are causing billions of dollars in losses annually.

Image for post
Image for post

Here is a breakdown of some of these types of fraud we may encounter today.

Subscription fraud: The act of using customer information to sign up for services without the intent of paying for them. This could be stolen credentials, identity information theft, or simply signing up for a service with your own credentials and not paying.

PBX Hacking: This happens when someone “hacks” into a PBX (Private Branch Exchange) company phone system, to generate phone calls for profit. Typically international calls to high rate centers.

Wangiri: When someone places very short duration calls, usually with an autodialer, to people with call back numbers to high cost rate centers.

Dealer fraud: Telecom companies leverage lots of partners for selling services such as mobile services. Dealer fraud happens when those service partners manipulate order counts or sign up people fraudulently.

Account Takeover: Fraudsters who compromise a person’s credentials to get access to accounts and then use those services to incur charges.

Phishing / Pharming: convincing someone to give up information or coercing them to a malicious site with the intent of defrauding them or compromising their personal information.

Abuse of Service Terms: when someone does not follow the terms of service outlined by companies for use of their services.

Spoofing: The practice of masking the calling party’s phone number using a phone number that does not belong to them or route back to the true calling party.

Social Engineering: The act of convincing someone into divulging personal or sensitive information.

As you can see there are a lot of similarities between the fraud and one is typically used to enable or help facilitate another. Toll Free Traffic Pumping is a great example of a type of fraud that spans across several of these.

Toll Free Traffic Pumping is the act of using an autodialer to generate massive amounts of phone calls to Toll Free numbers. Those calls are paid for by the owner of each number and paid back upstream to the carrier and then on to the fraudster through a negotiated “kickback”, payment per minute, generated and routed through their network.

We’ve encountered cases of Account Takeover, PBX Hacking, and Subscription fraud use to perpetrate TFTP campaigns. You could imagine they will use any way they can to generate calls for free and get some monetary compensation back.

These calls are also considered “Robocalls”. As defined above these are automated messages and not live people. Many of these are illegal but not always. We get automated emergency alerts, appointment reminders, etc. which are typically desired by the recipients of the calls.

Anywhere there is a means to make money we can safely assume someone will be willing to take advantage of it. We’ll continue following fraud and updating as we continue to learn more.

Invoca Engineering Blog

Invoca is a SaaS company helping marketers optimize for the…

Medium is an open platform where 170 million readers come to find insightful and dynamic thinking. Here, expert and undiscovered voices alike dive into the heart of any topic and bring new ideas to the surface. Learn more

Follow the writers, publications, and topics that matter to you, and you’ll see them on your homepage and in your inbox. Explore

If you have a story to tell, knowledge to share, or a perspective to offer — welcome home. It’s easy and free to post your thinking on any topic. Write on Medium

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store