[VoiceOps] A question about some international calling fraud to Eritrea

Matt Yaklin myaklin at g4.net
Fri Apr 16 16:02:49 EDT 2010 

Hey all,

I will try to explain this the best I can.

We got a call from one of our long distance carriers today telling us
that we had a spike of long distance international calls going through
their switch. These calls were to Africa and the country name is Eritrea.

The originating number is a customer of ours. The trick is that this
customer uses resold ILEC POTs lines that has their long distance calls
PIC'd to the carrier who called to warn us about the spike of odd call
traffic.

This customer of ours happens to be a large agency in NH who has the
ability to look at CDRs directly from the 5ESS in Concord, NH. A rather
special situation to say the least.

They can state, with quite a bit of assurance, that these calls were not
generated from their PBX/network as they cannot see any records for them.

Also, as I checked earlier, these calls did not go through any of my
switches/asterisk servers.

So the customer and I are left wondering how these calls managed to get
to this long distance carrier who warned us about the spike. The calls
came into this long distance carrier from the Manchester, NH Fairpoint
tandem.

Naturally we will try to contact Fairpoint for assistance but I am not
very hopeful at this point they will be much help.

The long distance carrier who warned us tends to think that the calls
were generated by our customer who has something SIP/PBX insecure but when
the customer has a link to look at CDR records right from the 5ESS he
is rather sure that is not the case.

I am trying to figure out creative ways this fraud can be happening if
the customer is not at fault. One way is for a person who owns/operates
a full blown switch to generate this type of fraud but it does seem
unlikely.

Any suggestions what I should be asking the long distance carrier who
warned us about this?

Any suggestions on how this type of fraud can be committed without
the customer being the cause?

Should I be grilling our customer one more time stating that since
the originating number was theirs AND that it was PIC'd to the right
long distance carrier... it is hard to imagine that someone could
duplicate this fraud that easily?

Thank you for your time. I hope I was clear enough to give you an
idea of what is going on.

matt at g4.net

More information about the VoiceOps mailing list