[VoiceOps] Phone fraud doubles

J. Oquendo sil at infiltrated.net
Thu Nov 21 09:02:06 EST 2013 

Fluff, fluff, fluff, fluff, fluff...

"Pindrop Security, a startup focused on combating phone-based fraud for banks and enterprise call centers, has released a new report outlining some of the risks phone fraud poses to financial institution call centers."

http://www.securityweek.com/financial-phone-fraud-attempts-double-1h-2013-report

------------

Outside of a nice little bit of marketing, I think most of
us know, and see that phone fraud is up however, some of
what is quoted just sounds off: "counted over 2.4 million
consumer complaints of phone fraud attempts." First... How
big of a call center would they have to count this many
complaints. Second, we can go back to the "Ghost calls"
thread (Hennigan) from 11/12 and others... Does a phantom
call constitute a complaint. What about the 100,000 ghost
calls sent my one attacker?

I have been meaning to do some more analytics on some of
the junk I have seen, but become overwhelmed. I am highly
convinced that right now, there is 1) About a half dozen
groups highly focused on this (VoIP heavy hitters), and 2)
there is a forum shared by the attackers amongst one another
sort of a "VoIP carders market" (if you will), where an
attacker will post compromised servers to share in what I
perceive is a "fraudulent calling card" center with a way
to give kickbacks to carriers in questionable countries.
I believe the end destination carrier in some cases is
likely related (family wise) to some of the attackers.

E.g.: Palestine has been ramping things up via VoIP attacks.
What I notice is these attackers try to call numbers whose
carrier is owned by another Palestinian elsewhere. And it
is not isolated to Palestine, they happen to be the heavy
hitters via my logs this quarter.

I have seen: Romanian attacker --> route calls to company
in UK which happens to be owned by (drum roll) another
Romanian. Nevertheless, thought I'd ramp up some discourse
on VoIP and the oft overlooked (or is it underlooked) topic
of security.

-- 
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
J. Oquendo
SGFA, SGFE, C|EH, CNDA, CHFI, OSCP, CPT, RWSP, GREM

"Where ignorance is our master, there is no possibility of
real peace" - Dalai Lama

42B0 5A53 6505 6638 44BB  3943 2BF7 D83F 210A 95AF
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x2BF7D83F210A95AF

More information about the VoiceOps mailing list