As fraud protection solutions evolve and become more efficient and sophisticated, so do the threats they face. Enter Wangiri 2.0, an evolution of the original “one ring and drop" Wangiri telecom fraud. In the original Wangiri scheme, scammers call individual users from a premium-rate spoofed number and hang up before the victim answers the call. A certain percentage of the victims call back, and the fraudster collects a cut of the expensive rate on the callbacks.
Wangiri 2.0 targets enterprises and brands rather than individual users, capitalizing on their commitment to customer service for fraudulent purposes. Wangiri 2.0 scammers know that, unlike individual users, companies feel obligated to call potential customers back. Therefore, they activate internet bots to fill out contact forms on company websites, using international and premium-rate numbers as contact phone numbers. The targeted company's customer service voice mechanism (e.g., call centers or voice messages) is activated by the form and calls the numbers which are priced at exorbitant rates.
Why is it so hard to prevent Wangiri 2.0?
Wangiri 2.0 poses a significant challenge to telecom security. Unlike regular Wangiri fraud, Wangiri 2.0 has only one “leg" of voice traffic—the callback. It means that there is only one chance to block fraud. Another issue is the volume of calls. Individual users can and do ignore calls from unfamiliar numbers, so in the original Wangiri, scammers have to generate an enormous volume of calls to get a significant number of callbacks. These “waves" of calls are more likely to trigger a fraud management system that identifies unusual patterns.
Companies, on the other hand, can't simply ignore contact forms for fear of missing out on a potential customer or creating a negative customer experience for a legitimate contact. Therefore, the callback rates in Wangiri 2.0 are much higher than in the original scheme. The scammers don't need to generate as much voice traffic and can spread the traffic out, allowing them to stay under the radar of traditional anti-fraud systems that analyze patterns. Furthermore, due to the scope of their activity, it usually takes longer for companies to notice the unusual charges and take action.
The challenge is compounded by the fact that many companies outsource customer service to call centers, that don't typically have sophisticated fraud management systems. The companies are often unable to identify the contacts on the bot-filled forms as fraudulent and instead associate them with poor sales conversion.
Due to these difficulties, all types of companies, from international financial organizations to online shops, regularly fall victim to this type of telecom fraud. Once the call has been made, there isn't much the company can do. Telecom operators generally refuse to refund the costs, claiming that the call was made willingly the service has been fully rendered. The victimized companies are forced to absorb the costs.
Staying one step ahead of the scammers
Fraud protection can't focus solely on preventing the risks that exist today—a robust system has to be ready to take on new attack vectors. AB Handshake does exactly that. The AB Handshake community is a group of businesses that use a unique “handshake" to validate each and every call and prevent all types of fraud—current and future.
AB Handshake has a clear advantage in fighting new threats like Wangiri 2.0. Unlike traditional fraud prevention systems, AB Handshake doesn't rely on sampling or patterns, which are not effective in identifying Wangiri 2.0. Instead, the originating operator sends a verification request directly to the terminating operator, and the terminating switch sends the call details to the terminating call registry. If the call cannot be verified at all points, it is blocked in real-time before the company is charged. It can be activated on the telcos existing infrastructure and adjusted to fit the policies of both the network operator and the client.
With the AB Handshake, companies don't have to absorb the costs of Wangiri 2.0 and other emerging threats—they can simply prevent them.