Despite advancements in technology, telecom frauds continue to be a major source of revenue leakage for businesses and telecom operators alike. It’s believed that businesses worldwide face a loss of 3 – 9% in annual revenues through telecom frauds.  According to statistics published by the Communications Fraud Control Association (CFCA), telecom fraud costs businesses more than $40 billion each year.

How do various types of telecom frauds lead to revenue losses and leakages? Let’s take a closer look.

External Frauds

As the name suggests, these frauds are typically committed outside the network. Fraudsters and hackers can penetrate a telecom network to make unsolicited calls, remotely open/shut specific ports on telephony servers and even flood a business network with spurious calls. Fraudsters can use the network to make calls to premium numbers and use a business’s telephony infrastructure outside business hours and on holidays for personal monetary gains. External frauds are typically driven by a fraudster’s malicious intentions and greed and can be monetarily damaging for any business.

Internal Frauds

Such telecom frauds are usually initiated by insiders. Internal frauds typically include making unapproved configuration changes in any of the network elements, modifying the tariff configuration without an approval, and extracting/ manipulating information on MSC-IN-mediation-billing systems. Since such frauds often impact the billing, it’s crucial for a business to prevent them to minimize revenue leakages.

Non-Technical Frauds

Telecom frauds aren’t just limited to the network. Fraudsters often use fake subscriptions, caller IDs and unapproved forwarding to conduct telecom frauds. Such non-technical frauds are a menace for businesses as well as a major inconvenience for their customers. Since the fraudster’s objective is to cash in on loopholes in the subscription or the call forwarding process, these can often lead to charging discrepancies, thereby causing significant revenue leakage.

So, how do these telecom frauds cause revenue leakages?

• Direct monetary loss through fraudulent calls (internal and external)
• Poor resource utilization due to un-needed circuits
• Loss of customer confidence due to disruption in services
• Financial losses due to litigation and failure to meet contractual obligations

In response to these high cost fraud cases characterized by high volumes of preventable fraudulent calls, Humbug has launched the new Humbug Pro Protection service which will allow the end-user to configure their PBX to block calls to fraudulent destinations based on the following opt-in parameters:

• Community Black List: Over 70,000 certified fraudulent numbers.
• Premium Numbers Worldwide (in the USA these would include 1-900 numbers, for example).
• Specific Countries, Continents, Geographic Areas and Satellite and Mobile Phones.
• Specific numbers or ranges.
• By Business hours – the company configures its normal working hours and Humbug Pro Protect will block calls outside of those hours. .
• By Holiday – allows the company to configure which holidays (single day or range of days) they are closed (by calendar date).

Roger Collings, Managing Director of RDC Communications Ltd in the UK and a telecoms consultant specialising in business VoIP

ITexpo Slide

Well, apparently, I was slightly wrong – well, not all the way wrong. While the general term is that fraudsters don’t publish their success on the Internet, it would appear that we are now at the verge of seeing “Fraud Enabling Services”.

A recent post on the www.voip-info.org website had caught my attention this morning:

A “FAS Service” – since when did False Answer Supervision became a legitimate thing in telecoms? Ok, in order to elaborate on the matter, let’s first explain what “False Answer Supervision” actually is.

False Answer Supervision, or FAS, is generally facilitated within mobile networks – usually when dealing with SIM based gateways. The methodology is fairly simple: A call from the VoIP world is transferred to a SIM based cellular gateway, the SIM gateway then generates an outbound call from an installed SIM card on the SIM gateway. As there is a delay from the time the VoIP call was intercepted, till the mobile network generates the ring-back tone (the ringing beep-beep sound), the SIM gateway will answer the call on its own and generates a falsified ring-back tone.

Technically speaking, this sounds reasonable. The problem is that FAS creates a billing record, even for calls that weren’t answered at the remote mobile end. Which means: if your call was intercepted by a SIM gateway, there is a good chance you’ll be paying for the ringing of the call. In addition, if this is an international call – that can easily rack up fairly fast (depending on your destination).

So, the above news bulletin kind’a racked up into my: “CHECK THIS THING OUT MAN!” list. So, when you logon to their website, you are greeted with a very informative page, explaining what FAS is, how it works and how their service works. Their page actually explains why generating FAS is good for you and how you can make money from using their service:

So, this service takes people that have legitimate wholesale termination services or other telecoms services – and turns them into fraudsters.

FAS is not a “prerogative”, FAS is down right nasty – and in some countries even illegal. At the same time, I can create a system that would randomly answer calls, delay the outbound ring by 20 seconds, then start dialing out – cashing those 20 seconds into my pocket. Sure, you say 20 seconds isn’t much, but multiply that a 500,000 calls per month, and you have over 160,000 minutes of cash in your pocket – let’s imagine that these are mobile numbers in the UK, where the interconnect fee is around 0.05GBP – that’s a really COOL 10,000GBP – per month, every month – that’s practically stealing !

So, who are www.fasservice.net? Their website doesn’t say much about them. Even a short Whois query on Internic will generate the following response:

Registrant:
 Domains By Proxy, LLC

 Registered through: Go Daddy
 Domain Name: FASSERVICE.NET

 Domain servers in listed order:
 NS01.DOMAINCONTROL.COM
 NS02.DOMAINCONTROL.COM

So, their domain was registered via GoDaddy.Com and they had decided to hide who they are. How convenient!

There is no question about it, this service turns a simple wholesale/termination provider into a fraudster – use this service, and know that you are putting your hand into someone else’s pocket – for a service you didn’t deliver. And hope you don’t get called on it or the FCC (OFCOM, etc.) could shut you down.

Martin Vilaboy, in his recent article “Dipping into BIG DATA’, indicated some information regarding the usage of BIG DATA in various corporations. The information was provided by the Aberdeen Group. Let us examine the below table:

Key Performance Enhancements Provided by Data Analytics

Top Inhibitors to Efficient Data Management

* Data provided by Aberdeen Group, survey of business decision makers

While our primary usage for this data is fraud analysis, a business which relies primarily on its phone system can benefit immensely from the distillation of the raw data accumulated in its Humbug account. In order to evaluate the possibility, let us describe a case for an office furniture manufacturer.

Office furniture manufacturer usually work via distributors, these then distribute to the various resellers – while at the end of the day, the support and customer care is performed by the manufacturer himself. So, our manufacturer has 5 distinct distributors in the US, while each distributor has around 20 different reselling outlets – with some overlapping between the reselling outlets.

Now, our manufacturer receives around 30,000 calls to its support team on a monthly basis. Calls are coming in from various area codes in the US, with no specific overlapping with the various resellers and distributors. Most manufacturers won’t allocate many resources for analyzing the call data via a call center platform, or even extract the information from their PBX system, however, utilizing a tool like Humbug – they can now tap into that rich data, to provide them an insight as to where their REAL CUSTOMERS are located. Now, having obtained that information using the various call records and Origination reports in the Humbug analytical suite, our manufacturer can now ascertain whether a specific region in the US requires specific handling, or if a distributor/resellers isn’t doing their job right.

The above shows that companies that will gain access to their call records, can synthesize the information into a business readable form – thus utilizing it. The Humbug analytical service does most of the work on its own, thus, allowing you to gain immediate access to the synthesized data, in a humanly readable form. No more need to import the data into various customized spread sheets and special reports – just logon and issue a customer report according to your requirements.

- Humbug releases version 3.0 that proactively blocks fraudulent calls before they are made  -

Ramat HaSharon, Israel – February 1, 2012 - Humbug Telecom Labs provider of carrier-class fraud prevention, detection and telecom analytics for any size business; today announced it has released version 3.0 Silver Hawk.

According to the Communications Fraud Control Association (CFCA), telecom fraud costs businesses more than $40 billion each year. Humbug has a solution that prevents fraudulent calls from being made and a host of other solutions that provide a blanket of protection against constantly evolving and insidious fraud attacks.

“With the release of Silver Hawk, Humbug Pro changes the game by preventing certain types of fraud from happening even before the calls are made” says Eric Klein, VP Sales and Marketing at Humbug Telecom Labs. He continues, “Humbug Pro now has the ability to pre-authorize calls before they are made, thus preventing fraud before it happens.”

2011 has been full of stories of fraud, “AT&T customers hacked for $2 million to fund Al-Qaeda,” “$400,000 in fraud in two days,” and others cases where companies were hit over nights or weekends. Until today Humbug Pro has been able to send alerts when fraud was committed. This means that even when you know a call is fraudulent the company would be hit with charges for at least one call.

In response to these high cost fraud cases characterized by high volumes of preventable fraudulent calls, Humbug has launched the new Humbug Pro Protection service which will allow the end-user to configure their PBX to block calls to fraudulent destinations based on the following opt-in parameters:

• Community Black List: Over 70,000 certified fraudulent numbers.
• Premium Numbers Worldwide (in the USA these would include 1-900 numbers, for example).
• Specific Countries, Continents, Geographic Areas and Satellite and Mobile Phones.
• Specific numbers or ranges.
• By Business hours – the company configures its normal working hours and Humbug Pro Protect will block calls outside of those hours. .
• By Holiday – allows the company to configure which holidays (single day or range of days) they are closed (by calendar date).

Mr. Klein continues, “The prevention service alone would have been enough to warrant a new version, but the team has completely enhanced the reporting system to enable custom reports unlike anything available in the market. Additionally, Silver Hawk enables companies to assign phones to departments for departmental or campaign level reporting. With Humbug Pro, carrier-class tools and Telecom Fraud Prevention is now more accessible and affordable for businesses of all sizes.”

Fonality has been using Humbug’s services since May 2010. “Preventing fraud to protect our customers is one of our top priorities and we are constantly seeking innovative solutions to support this objective,” said Rahim Jina, Head of Information Security at Fonality. “Humbug offers a reliable, cost-effective service and we are excited about the new release. The reporting functionality, which has potential to be used across the organization, is particularly beneficial. Plus, the new proactive fraud prevention adds powerful features to their core product. “Existing users of Humbug’s Analytics can upgrade to Humbug Pro, to gain the benefits of Fraud Detection and protection by going to their Humbug Account and upgrading to one of the Humbug Pro plans and installing the upgraded their Plugin or API module.

About Humbug Telecom Labs

Humbug Telecom Labs makes it affordable for any sized business to have carrier-class fraud prevention and detection, while providing powerful business intelligence which puts users in command of their telecom activity.  Humbug also offers free Visual Analytics to view telecom traffic in a real time, concise, readable Google Analytics-type format. No PBX report comes close. Customizable real time alerts can be configured by the user to track telecom traffic behavior and keep track of spending. Humbug is ideal for call centers, ITSPs (Internet Telephony Service Providers), organizations that sell by phone, businesses with significant telecom expenditures and any responsible organization cognizant of the global fraud epidemic. Humbug easily integrates with a host of popular open source and proprietary PBX systems. Humbug is funded by Vkantakte, the social networking phenomenon ranked among the world’s Top 50 most visited sites. www.humbuglabs.org.

About Fonality

Founded in 2004, Fonality is a pioneer in business communications, delivering cloud-based, hybrid-hosted and on-premise solutions for small and mid-size businesses. The company offers an enterprise-grade feature set without the cost or complexity of legacy providers. Investors include Intel Capital, Draper Fisher Jurvetson and Azure Capital Partners. Visit www.fonality.com for more information or call 877-FONALITY.

All trademarks are the properties of their respective owners.

###

PR Contact:

Eric Klein

Humbug Telecom Labs

IL Tel: +972-54-666-0933

US Tel: +1 518 249 1199

Eric@humbuglabs.org

FOR IMMEDIATE RELEASE

Socializing Telephony Fraud Prevention

–Fraud Does Not Discriminate, Any Size Company Can Be Hit–

Ramat HaSharon, Israel – January 17, 2012 - Humbug Telecom Labs, provider of carrier-class fraud prevention, detection and telecom analytics for any size business, today announced that they will be participating at TMC’s ITEXPO East 2012, being held February 1-3, in the Miami Beach Convention Center.

ITEXPO is well known as the “communications and technology marketplace” due to its history of fostering true business opportunity.  The 25th iteration of the World’s largest and longest-running B-to-B communications and technology conference is expected to draw more than 7,000 buyers and sellers of IP Communications products and services. Each attendee of the expo will receive a Humbug Branded conference bag as well as a copy of Humbug’s White Paper The Evolution of Telecom Fraud Prevention. Each copy of the White Paper contains a Promotion Code for a 1 month free trial of the Humbug Pro Fraud Protection service.

Humbug will be presenting in two of the collocated events:

• On Wed. Feb 1st at 2:30-3:15 Eric Klein, Humbug’s VP of Sales will be part of a Panel entitled: What Cloud Means for Fraud Prevention as part of the Cloud Communications Expo.
• On Thurs. Feb 2nd at 1 pm Nir Simionovich will be presenting Socializing Telephony Fraud as part of Asterisk World.

“By presenting real instances of fraud and showcasing the impact it has on these businesses, we expect to create more awareness of a problem that will affect unprotected businesses,” said Simionovich.  “It’s not a matter of IF – it’s a matter of WHEN.”

Telecom fraud affects businesses of all sizes, from mom and pop shops, to large enterprises, and even seemingly immune government bodies like the Department of Homeland Security.  No one is safe and very few businesses, service providers and carriers have made the necessary telecom security provisions.  Hacker networks have found the largely unprotected telecom infrastructure to be the new frontier for lucrative criminal behavior.

“ITEXPO is the industry’s best venue for sourcing new products and solutions, and for learning more about the latest issues and trends that are shaping the communications landscape,” said Rich Tehrani, TMC CEO and Conference Chairman.  “Many of the attendees who visit ITEXPO seek the types of solutions that Humbug Telecom Labs provides, and we’re looking forward to working together in Miami.”

Collocated events at ITEXPO include: 4G Wireless Evolution Conference; Asterisk World; Business Video Expo; (CVx) Channel Vision Expo; Cloud Communications Summit; the HTML5 Summit; Mobile LatAm; M2M Evolution; the Mobile Enterprise Security Summit; MSP Alliance/MSP World; the Super WiFi Summit; and the Synopsis Under IP Patents Telecom Sourcing Conference.  Visit www.itexpo.com for more information.

Companies interested in exhibiting, sponsorship, or advertising packages should contact TMC’s Joe Fabiano (203-852-6800 x132) or Maureen Gambino (203-852-6800 x109). Media inquiries should be directed to Todd Keefe at For Immediate Release PR.

For additional information on Humbug Telecom, please visit our website at www.humbuglabs.org

About Humbug Telecom Labs

Humbug Telecom Labs makes it affordable for any sized business to access carrier-class fraud prevention and detection tools, and simultaneously gain powerful business intelligence, which puts users in command of their telecom activity.  Humbug offers free telecom analytics to view telecom traffic in a real time, concise, readable Google Analytics-type format. No PBX report comes close. Customizable real time alerts can be configured by the user to track telecom traffic behavior and keep track of spending. Humbug is ideal for call centers, ITSPs (Internet Telephony Service Providers), organizations that sell by phone, businesses with significant telecom expenditures and any responsible organization cognizant of the global fraud epidemic. Humbug easily integrates with a host of popular open source and proprietary PBX systems.. www.humbuglabs.org.

About TMC:

TMC is a global, integrated media company that helps clients build communities in print, in person, and online.  TMC publishes the Customer Interaction Solutions, INTERNET TELEPHONY, Next Gen Mobility, InfoTECH Spotlight and Cloud Computing magazines.  TMC is the producer of ITEXPO, the world’s leading B2B communications event.  TMCnet.com, which is read by two million unique visitors each month, is the leading source of news and articles for the communications and technology industries.  In addition, TMC runs multiple industry events: 4G Wireless Evolution; M2M Evolution; Cloud Communications Expo; SIP Tutorial 2.0:Bringing SIP to the Web; Business Video Expo; Regulatory 2.0 Workshop; DevCon5; HTML5 Summit; CVx; AstriCon; StartupCamp; MSPAlliance MSPWorld and more. Visit TMC Events for a complete listing and further information

All trademarks are the properties of their respective owners.

Contact Information:

Todd Keefe

For Immediate Release PR (for ITEXPO)

617-262-1968 x 101

todd@firpr.com

###

Eric Klein

Humbug Telecom Labs

US Tel: +1 518 249 1199

Eric@humbuglabs.org

Additionally you can sign up for a full pass to hear Humbug Present at the affiliated shows:

Cloud Communications Expo

Wednesday – 1 Feb at 2:30-3:15pm

What Cloud Means for Fraud Prevention – Stefanie Mosca (Moderator) , Managing Editor , TMCnet

by Eric Klein , VP Sales and Marketing , Humbug Telecom Labs

and

Asterisk World

Thursday – 02 Feb at 1:00-1:45pm

Socializing Telephony Fraud

by Nir Simionovich CEO/Cheif Architect -Greenfield Technologies Ltd/Humbug Labs

Contact sales@humbuglabs.org to set a meeting during the show.

This advice follows a recent fraud investigation which has cost a local business in excess of £20,000.

The scam works when the fraudsters hack into the businesses’ internal phone network to gain control of the administrator’s access code. They then set the system to divert any unanswered calls to a premium rate number.

Full story:  http://harrogate-news.co.uk/2012/01/06/police-warn-businesses-about-phone-fraud/

As reported in Reuters article: GSM phones vulnerable to hijack scams –researcher new research at Security Research Labs shows that even feature phones using GSM can be hacked and used

“to make calls or send texts to expensive, premium phone and messaging services in scams, said Karsten Nohl, head of Berlin-based Security Research Labs”

This is not the first time that someone has warned that the GSM standard is old and full of holes.

“Security experts have previously identified a small number of viruses designed to infect smartphones, allowing hackers to take control of the devices and force them to make calls or send text messages. But Nohl said he has discovered a way to leverage previously disclosed vulnerabilities in GSM technology that could potentially threaten hundreds of thousands of phones.”

He went on to tell Reuters that “e can do it to hundreds of thousands of phones in a short time frame.”

Be warned, and aware.

Original report: Decrypting GSM phone calls

Full article at: http://www.siliconrepublic.com/strategy/item/25037-comreg-warns-firms-to-be-on/