[VoiceOps] Fraud

[Matt Yaklin]

On Mon, 24 Feb 2014, My List Account wrote:

> 
> Maybe I am missing something here but why does the carrier that delivers the fraudulent traffic to the Telco that?s in on the fraud pay the Telco that?s in on the fraud for the calls that are delivered to their
> network?   Seems pretty simple, if you cut off their revenue stream they won?t have a reason to continue.   
>

I would also like to add into this question:

I realize it can be very difficult to track down the hacker generating
these SIP calls from stolen credentials because they can hide behind TOR
or other proxies... (Somehow I doubt they all do. Some are probably
terribly stupid and doing it from their home internet conncetion).

But where the calls are going can be tracked right to the switch that
has the CDN on it. Thus you have the owners of the numbers nailed down
as well as the telephone company providing the service. Why are they not
grilled as to why hackers are generating calls to their numbers and if
determined to be part of the fraud arrested and taken to court?

Is it because these telephone companies are in countries where corruption
is rampant and they are greasing the right palms to stay out of trouble?

matt

>  
> 
> I guess we all know there is no incentive for them to stop this practice because it?s a big cash cow for everyone except for the poor end user who is left holding the bag.
> 
>  
> 
> Our default dial plan won?t let you dial these destinations so we don?t have a real issue with this abusive traffic.   Most of our customers who use international go with one of our filtered dial plans that let
> them dial most of the world except for known fraudulent and high toll rate destinations.
> 
>  
> 
>  
> 
> Richey
> 
>  
> 
> From: VoiceOps [mailto:voiceops-bounces at voiceops.org] On Behalf Of Ryan Delgrosso
> Sent: Saturday, February 22, 2014 11:48 AM
> To: voiceops at voiceops.org
> Subject: Re: [VoiceOps] Fraud
> 
>  
> 
> In most cases you will lose this customer. They don't see this as their responsibility (i.e. the credit card fraud defense) but the reality is their equipment was compromised due to their negligence.
> 
> If the customer is reasonable offer them your cost on the damages so its just a passthrough. Otherwise you can take them to court or just send them to collections.
> 
> BTW while many will advocate fraud detection and mitigation systems here, its been my experience (we wrote our own fraud system that out-performs our upstream carriers by hours) that if you detect fraud on a
> customer like this, and shut it down in minutes, and mitigate what could have been thousands of dollars in damage due to their mis-configured systems, reducing it to just tens or hundreds they will often still
> fight that amount and deny responsibility. The fraud system protects you, and by extension the customer, but the customers don't see it that way.
> 
> -Ryan
> 
> 
> On 02/19/2014 02:09 PM, John Curry wrote:
>
>       I am new to your site. I was looking in the Archives and saw in November 2013 there were some of you who experienced fraud. We had a an Avaya IP Office customers system who got hit pretty bad. The
>       customer is treating the fraudulent calls like credit card fraud and not taking any responsibility. Does anyone have any advice on how to persuade the customer take this issue seriously?  His bill was
>       racked up pretty good.  Strangely and coincidentally Avaya came out with a security bulletin the end of December 2013 on this same issue.  I tried to contact Avaya with no response. It seems as though
>       someone has built a sniffer for the Avaya IP Offices and gleaning their registrations.
> 
> 
> 
> 
> _______________________________________________
> 
> VoiceOps mailing list
> 
> VoiceOps at voiceops.org
> 
> https://puck.nether.net/mailman/listinfo/voiceops
> 
>  
> 
> 
>