No Jitter is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

  1. Home
  2. The Devil is in the Details - Fraudulent Calls
Unified Communications & Collaboration

The Devil is in the Details - Fraudulent Calls

We all have heard the idiom "The Devil is in the Details." Recently, I received a call from another consultant about a client issue which provides proof to this saying.
Art Yonemoto
Art Yonemoto
September 10, 2014

Initial Consultant Assessment - Fraudulent Phone Calls
I got a call from an organization that is fighting with their Long Distance Carrier about some fraudulent charges that have been creeping onto their bill for the past 6 months. The client opened billing disputes per the long distance Carrier's recommendation.

At their location, they have a large block of DID numbers and some Toll Free numbers. The Carrier is both the Local provider and Long Distance Provider (separate bills/entities). They use Local PRIs for outbound and inbound calls.

The client realized that there were some fraudulent LD calls showing up. These calls show in the call detail to have been placed by various DID numbers at the client's location. Their PBX is set to use the phone's individual DID number as the outbound caller ID. They were not sure, when asked, what their BTN (Billed Telephone Number) or even what the "main" number for billing assigned to their PRIs is.

They have checked their PBX CDR (Call Detail Records) info and confirmed the calls are not physically originating from their system or site. Many of the billed-to DID numbers are not even configured in the PBX. Some of the calls (a few for 600-1,000 minutes each) are being billed to their toll-free numbers. Their Toll Free service is switched – terminates to a DID number at the site.

I'm not sure how/why the CARRIER would bill outbound calls to a Toll Free Number. I know you can spoof, via the PBX, the outbound caller ID to be any number – including a Toll Free Number, but I thought the billing number for the PRI would be the default billing mechanism. Many of the calls are about 1 minute in length and show to be originated in consecutive minutes (i.e. 3:00pm, 3:01pm, 3:02pm etc) from the same DID number. The outbound calls billing to the Toll Free Number are random throughout the week (Sun-Sat, any time of day) while the ones billing to the DID numbers are mostly business hours (Mon-Fri, 8am-6pm local time).

They've reported this not only to the Carrier billing group but also with the Carrier fraud department. At one point the Carrier told them this was a known scam and that it was happening to many customers all over the country – that someone seems to be "selling" random bill-to numbers via the Internet. These are not trunk-to-trunk transfers. The Carrier even told them not to pay their most recent bill at all until this got resolved. However, now that the unpaid balance has gone past $10k, the Carrier has changed their message and is being somewhat hostile and more aggressive – telling the client that they must provide "proof" that these calls are not legitimate. The client has an assigned Carrier account rep, but that person has only been able to provide them with numbers within the Carrier to call to ask for help. After numerous attempts and time, nothing has been resolved.

Initial Analysis & Discussion
For the next few hours, there were several discussions, ideas, thoughts among us (consultants). Specifically, how can fraudulent calls be "introduced" to the client's bill? Was there "phishing" involved. How can the client prove that they were not responsible for the fraudulent calls.

After several hours, I asked for an actual copy of their bills (details). And sure enough, the "Devil was in the Details".

Analysis, Findings, Explanation(s) & Perspective

It took about 5 minutes in reviewing the bills to realize the following:

1) There were no Fraudulent Calls
2) There was not spoofing or phishing
3) However, there were "Abusive" calls
4) The client was responsible for these calls
5) Perspective/Sanity Check – Domestic Fraud calls?

CLUE # 1 – The misleading Toll Free Section on the bill. Under the toll free section, it listed the termination DID number, instead of the Toll Free number.

TOLL FREE SECTION
690 XXX-3257 - 2,149.0 minutes - $60.82
690 XXX-3307 - 71.0 minutes - $2.52
690 XXX-3917 - 4,457.0 minutes - $111.02
690 XXX-3927 - 152.0 minutes - $5.71

However, in the same bill, when you looked at the detail billing section, the Total shows the following;

Total Toll Free Service – Calls to 888 YYY-4445 $60.82
Total Charges for 690 XXX-3257 $60.82

It is obvious that the CARRIER'S bill was mislabeled. Instead of the Toll Free Number showing, it showed DID number (where toll free calls terminated to).

CLUE # 2 – The long duration calls were on the Toll Free number. There were no long duration calls on outgoing calls.

This highlights the potential abuse. Specifically, that the organization's toll free number may be compromised (i.e. given out to family, friends, etc).

CLUE # 3 – The long duration calls were during non business hours.

The Long Duration calls to various toll free numbers included calls at the following times:

662 minute call @ 8:38 pm
559 minute call @ 10:32 pm
318 minute call @ 2:26 am
572 minute call @ 10:14 pm
555 minute call @ 10:32 pm

Clearly, these are non-business calls (the client was not open for business during these times). However, what was unusual was these calls were placed to two different toll free numbers and from different parts of the country. Normally, abusive calls are usually to the same toll free number and placed from the same phone number (or same city).

Perspective
In retrospect, the idea of Domestic Fraudulent calls really doesn't make economic sense. If you are going through the process of placing fraudulent calls, why place inexpensive domestic calls. Doesn't it make more sense that the "Bad Guys" would place expensive International calls?

An analogy is for counterfeiters - would it make sense to counterfeit $5 bills (versus $100 or $50 bills)?

Conclusion
While there are still some minor unanswered questions (i.e. why CDR didn't match up), the important issues were addressed. The client initiated their own internal investigation.

The client and carrier spent over 6 months and wasted countless hours of time chasing various Red Herrings. Of particular interest is the Carrier's inability to understand their own bills and their claim that this is a "Known Problem."

Moral of the story – Get other "Eyes" involved and remember "The Devil is in the Details".

The Society of Communications Technology Consultants (SCTC) is an international organization of independent information and communication technology (ICT) professionals serving clients in all business sectors and government worldwide.

Don't miss the Society of Communications Technology Consultants annual conference, open to members and non-members of the SCTC. The event will feature essential technical and logistical updates, networking with peers from around the world and fun in the sun - San Diego, 29 Sep to 2 Oct. More athttp://c.ymcdn.com/sites/www.sctcconsultants.org/resource/resmgr/Docs/Br...

Don't miss the Society of Communications Technology Consultants annual conference, open to members and non-members of the SCTC. The event will feature essential technical and logistical updates, networking with peers from around the world and fun in the sun - San Diego, 29 Sep to 2 Oct. More athttp://c.ymcdn.com/sites/www.sctcconsultants.org/resource/resmgr/Docs/Br...

Tags:

News & Views
Unified Communications & Collaboration
Unified Communications & Collaboration
Enterprise Connect