Monday, February 27, 2012

Reviewing the Geek Twins Top Nine Shocking Phone Hacks in the Science-Fiction Universe

In looking for interesting news about Phone Hacks I came across this great list put together last summer about the Top Nine Shocking Phone Hacks in the Science-Fiction Universe by the site The Geek Twins

Now, to be honest, Humbug Telecom can not stop any of these (yet), but I thought I would discuss a few of them anyway as the Geek Twins seem to have gotten the facts wrong in most cases.

Now their list is deliberately limited to "only includes interception of communication not intended for the recipient."

Thursday, February 23, 2012

Humbug shortlisted by Global Association for Contact Center for Best Technology Innovation – Vendor Solution


The Global Association for Contact Center Best Practices & Networking has release the Shortlist for their 2012 Best in Europe, Middle East & Africa
Humbug Telecom Labs was shortlisted under the Best Technology Innovation – Vendor Solution category.

To read about Humbug’s solution for Call Centers please see our White Paper – Benefits of Telecom Analytics & Fraud Detection for Call Centers

Tuesday, February 21, 2012

Term Tuesday - Industry Standards Organizations That are involved in Fighting

There are 2 primary organizations that I would like to mention in terms of Telecom Fraud these are the CFCA and the TM Forum.


Taking the about sections from each:


CFCA
The idea for the Communications Fraud Control Association began in February 1985 with a group of concerned communications security professionals from several different long distance carriers. Intent upon finding a more effective way to combat the growing problem of communications fraud, representatives from AT&T, ITT, MCI, Network One, Satellite Business Systems and Sprint met to lay the groundwork for the Communications Fraud Control Association (CFCA). These representatives left their first meeting assured that a cooperative effort through an Association of security professionals was a realistic and appropriate response to the identified need.
Through the years, membership categories have expanded to include a world-wide network of: carriers, PBX /PABX owners, ISPs, cable and satellite provides, corporate end-users, operator service providers, fraud system developers, prosecutors, members of law enforcement agencies, communications consultants and companies that provide revenue assurance solutions for wireless, wireline, IP, NGN, etc., systems.
TM Forum 
TM Forum is a global, non-profit industry association focused on simplifying the complexity of running a service provider’s business. As an established industry thought-leader, the Forum serves as a unifying force, enabling more than 800 companies across 195 countries to solve critical business issues through access to a wealth of knowledge, intellectual capital and standards. 
The Forum provides a unique, fair and safe environment for the entire value-chain to collaborate on pressing industry issues, helping companies of all sizes gain a competitive edge and the flexibility and speed they need to underpin future growth.

Sunday, February 19, 2012

Does IT make it too easy for fraudsters?


I was just reading an interesting article by Steven Cotton of the TM Forum entitled Fraudsters Will Be Fraudsters, But How Does Provider Indifference Help? In it he explains about a recent phishing attempt that came to his in-box and how the service provider’s support group did not know if they had a security or fraud department and could not be bothered to care.

Now if you look at most of the recent stories labeled as telecom fraud they are frequently about people being defrauded using the phone rather than fraud hitting the PBX. In these cases it us usually someone tricked by phone or email into going down to Western Union an sending money to someone that they know who is in some sort of “trouble.”  Now the cases and cause of the trouble is varied (bail, hospital charges, fees to get car fixed, etc.) but the common item is that they always want the money sent via Western Union – who has no verification, tracking or roll-back options once the cash is taken.

Now Steve ended his blog entry with this line
I'd suggest that the industry should at least set a basic goal of making the fraudsters at least break a sweat as they perpetrate their nasty business.
I suspect that this is exactly the case, and if there was a way to force Western Union to verify the identity of the person claiming the money, say the way that a person-to-person call works, would cut down more than half of this kind of fraud.

The same is true in PBX related fraud, keeping default passwords, leaving the system ports open, not watching your phone bill, and not proactively protecting your system makes it just as easy to defraud you as those who are praying on phone scam victims.

Tuesday, February 14, 2012

Term Tuesday: Sweepstakes or Premium Fraud explained

In our on going series explaining how Telecom Fraud works and how to protect yourself and your company here is an example of how Sweepstakes or Premium Fraud occurs.

Not all Telecom Fraud requires that the fraudster hack your phone system or take any real risk. In many cases fraudsters try to trick you into making calls or into staying on the line a long time, thus defrauding yourself. These are easier than hacking your system and can be much more profitable.

Some examples of how they get you to call can be:
  • Message to your cell phone
  • Voice message (automatic return the call option)
  • Missed call
  • Email or fax offers
In most of these cases you will be asked to call a number, they then want to keep you on the line as long as possible, and if they can do it they want to encourage you to call over and over again by offering you chances to win. I came across one example recently that explains this clearly:
Thank you for calling dial to win applications, where you can win fabulous prizes every week, the longer you hold the line the bigger is your chance to be the winner, for every minute you hold you collect one lucky hit, the more lucky hits you collect the the bigger your chances, now get ready we will generate you unique code 322123179325. 
Well done, you have collected you first lucky hit for this call, please continue to hold etc...
What they don't tell you is that you are not calling a toll-free number and in fact can be paying more than $5 per minute, and there have been cases of over $20 per minute.

Be wary of these scams.

To read more about this type of fraud see: