[VoiceOps] Fraud

Mon Nov 1 13:06:29 EDT 2010

We had two customers get hit simultaneously last summer with almost the same thing. In both cases the customers entire DID ranges were hit by an auto dialer that basically iterated through and did password guessing attempts and then once it compromised a voicemail account it set a call forward to an international pay per minute informational line through the portal. The dialer would then call back in and initiate as many calls as allowed to the compromised DID, racking up as many charges as possible. We picked it up fairly quickly and so were able to minimize losses but the whole incident did lead to a gaggle of administrative and operational changes.

I had RTP captures for all the attack calls so I was able to pinpoint exactly how the compromise ran – I initially thought it had been done through the customer web portal till I saw all the unusual log activity. All the calls were using spoofed CLID, Florida State Patrol in on case - a hospital I think in the other, so I can only imagine that they originated from a compromised system somewhere out there.

In addition to blocking the offending numbers make sure you track down the exact attack methodology they used and close up the hole. In our case that meant disabling the ability for customers to set call forwarding through the voice portal. You may find voice portal call origination or even a compromised SIP account to be the culprit, whatever it is don’t rely on blocking numbers to stop it because it is too easy to spoof CLID.

From: voiceops-bounces at voiceops.org [mailto:voiceops-bounces at voiceops.org] On Behalf Of Colin
Sent: Sunday, October 31, 2010 10:02 PM
To: voiceops at voiceops.org
Subject: [VoiceOps] Fraud

Has anyone ever run into this international fraud before or have any idea who runs it?

The various numbers(blocks of numbers) in various countries being called all answered by an IVR with the following message.
"Thank you for calling dial to win application, where you can win fabulous prizes every week. The long you hold the line the bigger is your chance to win. For every minute you hold the line you will collect one lucky hit. The more lucky hits the bigger chance to win. Now we will generate a unique pin code for you, your unique pin code is
Xxxxxxxxxx
Please note down you have collected one lucky hit for this one minute so please hold on and you will get a lucky hit for every minutes. This is a international lottery running successfully in 50 countries of the world. Please hold the line to get next lucky hit and continues……………………”

Any leads are appreciated. We've blocked all the offending numbers of course.

Sent from my iPhone.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/voiceops/attachments/20101101/031d29a2/attachment.html>