Anti-fraudEnterprisesSecurity solutionCyber security
Published   | Updated  

Enterprise Telecom Fraud in Focus: Challenges and Solutions

Telecom fraud poses a pervasive challenge that extends beyond operators and subscribers, affecting enterprises across a diverse range of sectors. Recent attacks targeting tech giants have highlighted the alarming frequency of enterprise Voice and SMS fraud, emphasizing the inadequacy of existing protection measures. Such attacks inflict significant losses on enterprises, including inflated marketing and customer support costs without yielding conversions, customer trust erosion, and brand reputation damage.

To effectively address this escalating problem and protect businesses from costly attacks, proactive measures are necessary to strengthen anti-fraud technology. By embracing innovative solutions and leveraging cutting-edge technologies, enterprises can enhance their defenses, detect fraudulent activities in real time, and minimize the negative impact on their operations. This approach not only safeguards their financial interests but also preserves customer trust, upholds brand reputation, and ensures a prosperous future in an increasingly interconnected world.

In this article, we’ll delve deeper into anti-fraud technology, exploring its various aspects, emerging trends, and best practices. Together, let’s set out with the objective of equipping businesses with the knowledge and tools they need to effectively combat telecom fraud, fostering a safer and more secure business environment.

Enterprise fraud types

Enterprises suffer from a wide range of fraudulent attacks that exploit vulnerabilities within their telecommunications systems. I will now outline the most prominent Voice and SMS fraud scenarios that target businesses.

PBX hacking

In a PBX hacking attack, fraudsters first gain access to the targeted business's private branch exchange (PBX) systems. They then generate a large volume of traffic by calling specific number ranges. The generated traffic doesn’t reach real end-users because the fraudster short-stops the traffic in the cloud of international carriers. Fraudsters route the payment flow from the victim enterprise to the unethical carrier they are cooperating with, gaining revenue from them.  

At the end of the billing period, the targeted enterprise faces exorbitant bills. Typically, an enterprise will refuse to pay the bill they have received, but this is only one of several matters they are left with. Although not always likely to be made to pay for the work of fraudsters, it is highly likely, if not certain, that hackers may choose to steal data from the PBX or simply leave it in an unusable state. If sustained, the financial and reputational costs this can have on enterprises can be terminal. In cases where enterprises are not made to pay for the misuse of their PBX, telecom service providers, who are often innocent, are instead made responsible. Costly financial disputes could be avoided if enterprises instead choose to employ advanced anti-fraud technology. Crucially, such anti-fraud measures must be capable of detecting PBX hacking in real time. 

Wangiri 2.0

It’s a version of the infamous Wangiri one-ring scam which targets enterprises rather than individual users. The fraud capitalizes on the company's obligation to call potential customers back. Hence, fraudsters program bots to fill out contact forms on company websites, using premium-rate numbers as contact phone numbers. The company then calls these numbers, which are priced at high rates, and subsequently receives an enormous bill without obtaining any real, paying customers.

Brand Impersonation: Phishing and Smishing

Phishing and Smishing fraud types target end-users to extract sensitive information or money. Additionally, they cause significant reputational damage to the impersonated brands, as they are left looking untrustworthy. Fraudsters mask the origins of phishing calls or SMS by spoofing the Caller ID of their phone numbers with burner phones or using software to send texts via emails. SMS phishing (Smishing) is particularly attractive to fraudsters because, on average, users are more inclined to open and read their text than to respond to all calls or emails.

Artificial inflation of SMS traffic (AIT)

In recent years, inflated traffic has become particularly prominent, with tech giants admitting its scale. According to our calculations, around 6% of all SMS traffic was flagged as artificially inflated, and the percentage keeps growing. Moreover, the rate of inflated traffic for some top brands may reach 30 to 60%.

In this scheme, like Wangiri 2.0, fraudsters employ bots to generate large amounts of sign-in or sign-up requests. However, in contrast to targeting voice services, this scheme profits from verification SMSes that deliver one-time-passcodes (OTPs). These messages are delivered automatically; hence they are called application-to-person (A2P) SMS. Fraudsters unlawfully exploit this SMS traffic by collaborating with rogue operators who share profit margins with them. A similar scheme exploits Pin-to-speech – an alternative method of delivering an OTP via an automated phone call that dictates the passcode in a recorded message.

Artificially inflated traffic leads to increased customer acquisition costs; the marketing budget intended for acquiring genuine paying users is instead spent verifying the sign-ups or sign-ins of bots. What’s more, bots are capable of signing in with generated OTPs, which artificially inflates conversion rates above the average level. This situation is misleading;  the number of actual paying users doesn’t increase, while the average revenue per user decreases. Alternatively, If the bots don’t sign in, the conversion rate falls below average. Thus, inaccurate conversion rates may lead enterprises to make incorrect adjustments to their marketing campaigns and product strategies.

Why is inflated traffic challenging to deal with?

Firstly, enterprises might be misguided by high conversion rates, overlooking the presence of artificially inflated traffic. If businesses fail to detect and prevent traffic inflation, this fraud type will prevail because, inadvertently, the entire chain of operators benefits from inflated traffic. Operators don’t see the inflated A2P SMS because artificially generated OTPs are incredibly difficult to distinguish from genuine traffic. Therefore, it falls upon brands to detect and prevent inflated traffic, requiring advanced tools capable of accurate detection.

Furthermore, the rates for A2P SMS services continue to rise. The allure of higher revenues attracts more fraudsters to the market, further contributing to the prevalence of inflated SMS traffic. Once a specific price point is reached, fraudulent activities become more common as the financial gains outweigh the risks for these malicious actors.

The intense competition for large brands' SMS OTP traffic also fuels traffic inflation. Fraudsters target businesses with a substantial online presence and customer base, seeking to exploit their reach and commitment to following leads. To win tenders and outcompete genuine vendors, rogue vendors go below market SMS price and generate fake traffic to subsidize the SMS cost.

Resolving the challenge of enterprise telecom fraud

Enterprises must prioritize the implementation of robust anti-fraud technology to safeguard their revenue, prevent customer churn, and uphold the brand reputation. By harnessing advanced technologies like Artificial Intelligence (AI) and Machine Learning (ML) in automated and non-automated voice and SMS service scenarios, organizations can fortify their defenses against fraudulent activities.

AI can empower enterprises, allowing them to analyze vast amounts of data and unveil hidden patterns that would otherwise go unnoticed. ML algorithms continually learn and adapt, enhancing fraud detection capabilities over time. These cutting-edge technologies offer real-time detection and blocking capabilities, enabling businesses to stay ahead of fraudsters proactively.

Of course, anti-fraud technology cannot be approached with a one-size-fits-all mindset. Each enterprise must assess its specific fraud risks and tailor its strategy accordingly. It is very beneficial to collaborate with experienced anti-fraud technology providers who possess a deep understanding of the unique challenges faced by different industries. Such vendors offer easily customizable, ready-to-use anti-fraud solutions.

Regarding safeguarding voice services in an enterprise environment, there are distinct strategies for both automated and non-automated systems.

The Interactive Voice Response (IVR) module plays a critical role in non-automated voice services. This built-in safeguard alerts employees when attempting to dial high-risk numbers, serving as a proactive defense mechanism. By notifying users when they dial a number associated with a call-back scheme such as Wangiri 2.0, the IVR module helps protect employees from unknowingly falling victim to fraudulent activities.

If a company uses automated voice services, a capable anti-fraud solution’s AI engine will accurately detect and block the automatic dialing of any fraudulent numbers by intuitively identifying and blocking suspicious ranges. The targeted blocking mechanism of ML systems ensures that subsequent calls to nearby ranges, which might also be compromised, are prevented without disrupting legitimate call traffic from genuine subscribers. This approach minimizes revenue loss while guaranteeing uninterrupted service for legitimate users.

AI detection is equally robust in identifying fraud conducted via SMS. Some tools on the market can detect and block inflated SMS traffic with an outstanding 99.995% accuracy. Moreover, such tools offer low TCO, a simple implementation and onboarding process, and helpful reporting capabilities that can be used to settle disputes.

Impersonation fraud, including caller or sender ID spoofing, can be mitigated through the use of call and SMS validation solutions that provide robust protection. These solutions function similarly to SWIFT messaging used by banks. The underlying concept involves the originator of the call or SMS sending a validation request in parallel with the actual call or SMS. This request is instantly transmitted through a secure out-of-band channel accessible only to the originating enterprise and the terminating operator. The receiving operator then sends a validation response indicating whether the message was received with the original caller or sender ID. These validation requests are exchanged for all key events, ensuring enhanced security.

At the 2023 ITU CxO meeting, the implementation of call validation was unanimously considered to be the correct global response to the growing threat of voice fraud. Both alternative isolated and threshold-based solutions are now considered ineffective by the industry’s most experienced leaders.

To explore all findings from the 2023 ITU CxO meeting, and how AB Handshake cater to industry requirements, read the communiqué.

In summary, telecom fraud presents a complex and widespread challenge for businesses in diverse sectors. Recent attacks on industry leaders highlight the urgency for improved protection measures. The intricate involvement of operators further compounds the problem, leaving brands to suffer financial and reputational consequences. Fraudulent activities result in inflated marketing expenses, loss of customer trust, and misguided strategic adaptations. To effectively combat fraud, businesses must take proactive steps, embracing innovative solutions and state-of-the-art technologies. By bolstering anti-fraud technology, enterprises can safeguard their interests, maintain customer trust, and foster a secure business ecosystem.

If you want to know more about AB Handshake’s products or need assistance in choosing the best anti-fraud tool for your business, please email us or book a free consultation using the button on the right.

Subscribe to our Newsletter

Subscribe to our marketing material (newsletters and special offers). Unsubscribe at any time via footer link in emails you receive.

Please review our Privacy Policy