Gabriele Lieser
CUSTOMER SUCCESS MANAGER
Summary
Mobile communication has become an integral part of our lives. Attacks on mobile networks have accordingly very serious consequences to millions of subscribers, so a basic knowledge of telecom fraud is essential. Join us on a brief journey of discovery of the main threat vectors hitting the mobile industry and costing them a lot of money, data and time.
International Revenue Share Fraud thrives on the fees a victim network must pay to international carriers for traffic generated by its network towards the destination network. IP PBX/PBX hacking exploits the vulnerabilities of a company’s PBX (private branch exchange/telephone system). Roaming fraud focuses on network fees generated from stolen cell phones and SIM cards. In Interconnect bypass fraud, the criminal exploits the difference between high international interconnect rates and low retail prices for on-net and off-net calls. Grey routes scams take advantage of the fact that international text messages can be routed to their destination in several different ways, so that each route is charged differently.
Signaling attacks exploit the vulnerabilities of SS7 and Diameter protocols, they are able to reach any mobile network and subscriber in the world. The new world of 5G also contains old vulnerabilities: GTP, the GPRS Tunneling Protocol is used to transmit user data and control traffic in 2G, 3G, 4G and also 5G networks. The inability of GTP to verify the user’s location provides the main reason for successfully executed attacks. Identity fraud happens when a contract is signed with a fake identity and the fraudster gains access to phone, TV and internet services, but also to mobile financial services that can be used for money laundering. For operators, this means that there are more and more channels that need to be secured.
In RoamsysNext Insights our experts share their views on extensive industry topics and possible solutions we can offer.
It’s no secret that telecom fraud is a fast-growing field. And why not: it’s a cutting-edge and relatively low-risk alternative to traditional crime methods like muggings and bank robberies. No, no, seriously: telecom fraud funnels significant amounts of money from carrier or subscriber accounts directly into the pockets of criminals. According to a 2019 report by Europol’s European Cybercrime Centre, fraud costs the telco industry an estimated €10.6 billion ($12 billion) per year. MNOs must usually bear the cost of fraud themselves; there is certainly cross-border cooperation in the fight against fraud, but investigations take a long time, and sometimes, cases cannot be conclusively resolved. Moreover, fraud has causes problems within companies: damage resolution costs time and effort on multiple fronts. MNOs suffer from the loss of revenues, subscriber churn and the deterioration of their brand image. Acquiring new customers costs much more time, money and effort than retaining existing ones.
Telecom fraud can take the form of a veritable cabinet of horrors that can drive you into paranoia. At the same time, it should be said that, thankfully, effective and powerful countermeasures exist, and they are constantly improved. Not only MNOs, also the people involved in fraud prevention and detection don’t just clean up after an attack, they take the fight to the fraudsters!
International Revenue Share Fraud calls often terminate at destinations with low tracking rates for any type of fraud or crime. A large number of calls from the victim network towards International Premium Rate Numbers (IPRNs) are made at high termination rates on a destination network they control. Then, the victim network has to pay the international carriers for the traffic generated by its network towards the destination network.
IP PBX / PBX hacking scammers are specifically designed to scour the Internet looking for vulnerabilities in a company’s PBX (private branch exchange/telephone system). As long as the connection is open, illegal revenue can be generated, so attacks are often launched at night, in the early morning hours, or on weekends.
Roaming fraud is a special case where the victim’s cell phone or stolen SIM cards are used to make exactly these expensive calls. Often, the victim is traveling, and a criminal steals the victim’s cell phone or SIM card. The device is then used excessively until it is locked/unlocked. Fortunately, compared to 20 years ago, fraud managers today have virtually 100% visibility of roaming traffic, as they can feed their Fraud Management Systems with data that is all available on the home network. Read article
Interconnect Bypass Fraud
In Interconnect bypass fraud, the scammer exploits the difference between high international interconnect rates and low retail prices for on-net and off-net calls, causing $4.27 billion in lost revenue worldwide (CFCA survey 2017).
In SIM box fraud, criminals exploit a local rate for on-net-to-on-net calls by purchasing SIM cards in one country and using them in SIM boxes to terminate calls to subscribers on the network from international routes. In this way, scammers pay only the subscription fee and the local rate (usually free minutes are included with a SIM card) and can make large profits.
Refiling, A-Party Refiling, A-Party Caller Spoofing, and other terms describe the method by which carriers, such as transit carriers or clearinghouses authorized to terminate traffic to an operator, spoof the CLIs (Calling Line Identity) of calls to a network.
False Answer Supervision means that the call is actually answered, but this is not reported back to the caller, driving up the minutes and cost of the call. Read article
Grey routes, Spam and Smish
SMS has a reputation as a secure communication channel and is growing due to application-to-person (A2P) messaging, e.g., from two-factor authentication to delivery notifications. This has led to a variety of attack vectors via SMS. Grey routes SMS scams benefit from the fact that international text messages can be routed to their destination in a variety of ways, so each route is calculated differently. Grey routes are prevalent where the mobile operator has an imbalance between international and local termination charges for SMS, coupled with an ineffective SMS firewall.
Subscriber Targeting “Spam” is the unsolicited notification of a subscriber that can lead to a dangerous privacy attack through “smishing” (SMS phishing). It usually contains a call-to-action, such as a phone number or web address to click. Apart from the cost of handling subscriber complaints, this can lead to a high churn rate. Read article
Identity fraud
Identity fraud can start at the sign-up stage when a contract is signed with a fake identity. SIM swap fraud happens when fraudsters use their victims’ SIM cards to take over a legitimate subscriber account. Especially with identity fraud, it often takes a long time for the intrusion to be discovered. Once a fake subscription is set up, fraudsters have access to a wide range of value-added services, including phone calls, television and internet, and also mobile financial services which can be used for criminal activities such as money laundering. For operators, this means there are more and more channels that need to be secured. Read article
Signaling attacks
The vulnerabilities of SS7 and newer Diameter protocols and their use for signaling attacks is sufficiently documented and unfortunately widespread. If the home network cannot provide adequate protection, attackers are able to gain access to the SS7/Diameter interconnection network and launch attacks against any mobile network and subscriber in the world. These attacks range from privacy breaches to fraud to denial of service attacks on the core network infrastructure impacting millions of subscribers. Read article
Insecure GTP
The new world of 5G offers the opportunity to address the vulnerabilities of another long-standing technology: GTP, the GPRS Tunneling Protocol. It is used to transmit user data and control traffic on 2G, 3G and 4G networks and will also be used as part of 5G. The main reason for successfully carried out attacks is the inability of GTP to verify the user’s location, so it is important to have as much traffic visibility as possible. Given the complexity of both LTE and 5G roaming networks, configuration errors must be avoided at all costs. Attackers discover misconfigurations very quickly and exploit them to their advantage. Read article
Helping MNOs become fraud-proof
At the same time, it should be said that, thankfully, effective and powerful countermeasures exist, and they are constantly improved. Not only MNOs, also the people involved in fraud prevention and detection don’t just clean up after an attack, they take the fight to the fraudsters. We have decided to help them to be smarter than their criminal opponents.
There is no way around understanding and controlling exactly how traffic flows in and out of the network. Carefully reviewing roaming network configurations, for example, is one of the first steps to protecting your valuable assets from attacks. RoamsysNext is an independent link in this chain, and already today our tools simplify and validate the correct configuration of each roaming-relevant network element. This helps MNOs block any unwanted or unauthorized traffic with very little effort. For more than 12 years, RoamsysNext has specialized in software development and project management.
Since 2009, we have been the exclusive provider of RAEX solutions for the GSMA. We serve our customers with excellent service and competitive pricing. Already more than 700 MNOs around the world rely on our tools and services. If you would like to learn more about our products, just get in touch at info@roamsys.com. We will be happy to help you, and we will always find a great solution for your requests.
Gabriele Lieser joined RoamsysNext in 2020 as Customer Success Manager to strengthen the bonds with our increasing number of customers and to support the marketing team. Gabriele has a strong background in corporate sales. She studied at the Universities of Trier (Germany) and Manitoba (Canada) and is incorporated in the RoamsysNext Client Service team.
“The team is a crucial asset”
It has been an exciting year for RoamsysNext. And as 2023 is coming to an end, we took the opportunity to talk with CEO Michael Grasmück about the past year, the growing team that becomes more and more international, and the comeback of an industry institution.
15 years of RoamsysNext – Driving Global Connectivity
RoamsysNext turns 15, so we talked with CEO Michael Grasmück about the anniversary, the early years, the move to Luxembourg and the future within the fast-developing roaming industry.
The new age of the IR.21 – Be ready for the full automation!
The new RAEX IR.21 schema will be released early 2023 with great changes coming that allow us to revolutionize the way we work with the IR.21 data.
Reporting at a glance: The RoamsysNext Dashboards
The RoamsysNext tools offer many reporting functionalities of which the dasboards play an important role. Learn more about using them in practice to identify bottlenecks, visualize your team's performance and bring a smile to your management's faces.
End-2-End-Automation with Network Configuration Optimizer
The RoamsysNext Network Configuration Optimizer is the perfect solution to make the shift from manual processing to more and more automated processing, with the option to move to full automation. Let's see how it works.
From Roamsys to RoamsysNext
Sixteen months ago, Roamsys relaunched and became RoamsysNext. Time to look back to a year we never expected to happen.
How to Stay Secure
What can MNOs do to stand up to the ever-growing tide of telecom fraud and protect their assets? Stay alert, use great tools, collaborate with other market players, and take the fight to the fraudsters.
Telecom Fraud Hurts
Telecom fraud is a rapidly growing area that has serious effects on national critical infrastructure (civil, healthcare, energy, agriculture...) and wider industrial processes.
The GSMA MISP – How Does it Help?
Malware information sharing and threat intelligence sharing has unbeatable benefits that make any caveats and challenges look small in comparison.
The Experts behind RoamsysNext Insights
RoamsysNext Insights has a growing fan base due to its substantial reports. With a wide variety of great information and exciting insights, they inspire beginners as well as professionals.
How to Treat 2G and 3G Closures without Becoming an Archivist?
As we are entering the era of 5G, legacy networks are in a state of flux and lose significance. This blog is about how the sunsetting of 2G and 3G networks will impact mobile communication.
How to Choose a Signaling Firewall Wisely
In times of global turbulences and increasing fraud attacks the decision for a sophisticated signaling firewall becomes more and more a priority. Some general considerations help to narrow down the choice.
Identity Fraud in Telecom
Identity fraud robs people of their virtual existence; it costs time, money and nerves. But there are countermeasures that help.
How to Tackle the Challenges in Combating Telecom Fraud
Telecom fraud can have dire effects on critical infrastructure and always causes painful loss of revenue. See how the industry's joint efforts tackle the challenges in combating telecom fraud.
Face the Breach: Rehearse an Emergency Before it Happens
In case of a breach, most companies are poorly prepared to take quick action. Have a look at some ideas on how to make the best of a difficult situation and save valuable time.
Working from Home during a Global Pandemic
Due to the broad introduction of remote working, businesses need to rethink their current cyber security measures and consider how they need to be adapted or further developed.
The Future of Roaming Trainings – An interview with Milja Hofman, CEO Roamingwise
Roamingwise is a well-known provider of roaming trainings, seminars and consultancy in a variety of international roaming topics. In our interview, CEO Milja Hofman reveals how she prepares professionals to drive the roaming world.
Historical Fraud Incidents and Lessons to be learned
In the course of history, no era is free from the practice of deception for personal benefit. Let’s have a look at what we can learn from historic fraud cases from ancient Greece to modern times.
Two-Factor Authentication rules!
For some time now, we have introduced 2FA and have contributed our share to provide more secure access to our tools. Norbert Becker, Head of Software Development, picks up the thread and provides engaging insights into his area of responsibility.
Introducing: The RoamsysNext Network Configuration Optimizer
Learn how the RoamsysNext Network Configuration Optimizer enables MNOs to switch safely to full automation and growing roaming revenues by providing effective and secure data management of all roaming related business information.
Introducing: The RoamsysNext Wholesale Roaming Manager
The RoamsysNext Wholesale Roaming Manager provides powerful collaboration and reporting tools for all roaming partner relationships by converging everything from service openings to the user’s roaming footprint, test SIM cards and tariffs, document and contact management.
Don’t fear the breach – three more ways to avoid configuration errors
Three ways to bliss: take bold measures to automate processes as much as you can, check your firewall’s security logs regularly and enforce centralized authentication mechanisms.
We’re in this together
In the second part of our interview with Alexandre De Oliveira, POST Luxembourg Cyberforce, he highlights major pain points in fraud detection and stresses the importance of global information sharing via the GSMA T-ISAC initiative.
Mastering today’s Fraud Landscape
Learn how Alexandre De Oliveira’s team at POST Luxembourg Cyberforce is mastering today’s fraud landscape with penetration tests, security assessments, the Telecom Intrusion Detection System (TIDS) and the Telecom Security Scanner (TSS).
How to avoid configuration errors
Hardening the network is a good way to get configuration errors under control. Introducing smart firewall rules and consistently updating these rules can be very time-consuming, but it’s a crucial measure to be taken.
From customer request to feature
In our newest “RoamsysNext Insights”, David Houstek and Adrian von Wendt elaborate on our customer focused production processes.
Making a Stand against Fraud
In an insightful interview, our CTO, Hendrik Hoehndorf, speaks about further GSMA initiatives on fraud detection and prevention such as the MISP (Malware Information Sharing Platform) and T-ISAC (Telecommunication Information Sharing and Analysis Centre).
Cyber security and fraud prevention – the GSMA approach
How does the GSMA approach cyber security, fraud detection and prevention? Look at the incredible useful tools and informations they provide with the Fraud and Security Group (FASG) and documents on best practice countermeasures.
How insecure GTP makes LTE and 5G networks vulnerable
GTP will still have an impact on 5G. Our tools can help to identify dubious requests faster, reduce reaction times and block incidents in a fraction of time.
How bad can it get? Signaling attacks strike the heart of each MNO
This blog is about how correct data is key to ensuring that mobile communication is of trustworthy origin, especially in case of signaling attacks. Notably, the roaming industry has to take action for data verification.
Grey Routes, Spam, Smish – funny words but nothing funny about SMS Fraud
SMS enjoys the reputation of being a safe channel for communication. But as any system, it is prone to abuse. We show you what needs to be done.
4 more Types of Telecom Voice Fraud MNOs are vulnerable to
Voice fraud is known as one of the top inter-carrier fraud cases, and in order to expose them, time and reliable data is crucial. This article shows that prevention is key to make sure that legitimate traffic is not obstructed.
Three Types of Telecom Voice Fraud that can destroy businesses
This issue shines a light on the variety of security breaches and fraud incidents: A cabinet of horrors.
Problems with telecom fraud? How big the issue really is. And how we can help
Fraud and security issues cause considerable problems within mobile network operators. But we are here to help.
Let’s talk about data quality
Most fraud and security issues are caused by misconfigured network nodes. This article shows, how RoamsysNext treats this problem on their quest for data quality.