It’s common knowledge: Telecommunications fraud is a big problem for large businesses across the world. For context, $39.9 billion in revenue was lost to telecom fraud in 2021, according to a survey by the Communication Fraud Control Association. And before the end of the first quarter of 2023, 74 million telco customers already had their data leaked to the dark web in the U.S. alone, per a report by Cyble Research and Intelligence Labs.
But here’s the other side of the story: Large businesses aren’t the only ones facing this onslaught of malicious actors. Small-to-medium enterprises, which constitute a great percentage of the global GDP, are facing the telecom fraud battle, and the stats show they are losing. The reality is grim, to say the least — and it doesn’t look like it’s stopping any time soon.
What does the future of SME security portend? How can SMEs, which the International Federation of Accountants calls “the foundation for economies worldwide,” navigate these challenges, stay on top of business and continue to contribute to the global economy?
What are premium-rate number telecom scams?
Premium-rate number telecom fraud occurs when a criminal uses a business’s phone number to call a premium rate number that the criminal owns. The caller is then charged a high amount, which the telecom company shares with the owner of the premium number. Essentially, the fraudster keeps a portion of the call charges while the business is stuck with the bill.
A Growing Issue for SMEs Worldwide
The telecom sector is a lucrative playground for fraudsters, particularly because it’s a major revenue generator for countries around the world. Looking to get a chunk of the revenue, these criminals employ nefarious means to infiltrate businesses for financial gains. With human error, outdated telco security mechanisms and sophisticated technologies on their side, it’s easy for them to succeed. In 2023, the CFCA noted that companies globally witnessed a 12 percent increase in fraud loss reported compared to 2021.
Further findings indicate that more SMEs are now getting targeted by fraudsters. What’s more, most SMEs do not have the resources to fight back like larger enterprises and telecom companies. Consider the story of Foreman Seeley Fountain, a U.S.-based architectural firm with just seven workers that racked up an outrageous telecom bill of $166,000 following a successful telecom traffic pumping attack.
This type of fraud occurs when a criminal uses the business’s phone number to call a premium rate number that they most likely own. Following the call, the caller is charged a high amount, which the telecom company then shares with the owner of the premium number. Essentially, the fraudster keeps a portion of the call charges while the business has to pay the bill.
Meanwhile, the proliferation of AI-driven technologies presents the masterminds of telecom fraud with yet another angle to explore. Through the power of automation, these fraud attempts have become more intelligent with a great chance of success. I spoke with Gavin Stewart, vice president of sales at telecom software company Oculeus, who agreed with this assertion.
“AI is enabling fraudsters to more effectively disguise themselves from detection. For example, they use AI smarts to disguise the patterns on which pattern-based anti-fraud solutions rely,” he says. Unlike these criminals who are adopting AI technologies on a large scale, many telcos and SMEs are slow to incorporate AI-powered fraud detection. This makes them grossly under-equipped to put up a fight.
The Tactics and Tricks of Telecom Scammers
For SMEs to continue to thrive, they must operate in a safe environment. Unfortunately, their ability to strengthen the economy is threatened by existing and emerging telecom fraud attacks. One of the most common types of telecom fraud today is Private Branch Exchange Hijack. Devopedia defines PBX as “a private telephone network that handles an organization’s internal and external communications.”
By using AI technology, SMEs have a better chance of not becoming fraud victims.
What fraudsters do in this case is take control of an SME’s PBX system by exploring a vulnerability in the system. Once they have gained entry into the system, they place many long-distance calls to premium rate numbers, leaving the business to pay the hefty bill. Stewart sheds some light on what may happen should the SME refuse to settle the bill.
“If they refuse to pay the bill, then (depending on the terms of the agreement) the SME’s telephony service provider may waive the debts, but the service provider is then left having to settle the debts themselves,” he explains.
Although PBX hijack typically occurs when hackers infiltrate the system using a loophole in the security network, SMEs that sublet their PBX system to a third-party stand a greater chance of getting hacked. Unless the SME has a robust Know Your Customer framework, a fraudster could pose as a business partner and ask to sublet the PBX infrastructure.
SMEs face another threat in Wangiri 2.0. A new and improved version of the famous telephone scam, Wangiri 2.0 targets businesses instead of individuals. Unlike the original Wangiri where a scammer uses a premium rate number to beep an unsuspecting individual with the hope that they will call back and incur high charges, Wangiri 2.0 treads a different path.
According to Stewart, the criminals visit an SME’s website and pretend to be a prospective client. They fill out the online contact form with fake details and input a premium rate number in the telephone field. The next step is clicking the “request callback” option, which SMEs use to follow up on prospects. This creates an expansive call traffic that gets billed to SMEs.
How SMEs Can Stay Ahead
Telecom fraud deals varying levels of loss to its victims. While individuals face high phone bills, corporations and SMEs have to contend with revenue loss. Moreover, apart from reduced earnings, telcos risk having a negative brand image. To avoid this fate, SMEs and other affected entities must become proactive in their telecom fraud detection and mitigation efforts.
When asked to provide actionable steps for SMEs to take, Stewart believes that small enterprises must evaluate their telco’s capacity to deter fraud attacks. He adds that SMEs must assess the methods that telcos use to tackle confirmed cases of fraud.
“In some cases, telephony providers will respond to PBX hijacks by completely blocking the account of the SME in order to stem further losses while they investigate what is happening. If this happens, then the SME may be unable to conduct its business activities. Therefore, it’s also vital that SMEs review and define an agreed workflow for how to handle fraud incidents should they arise,” he says.
Another thing he expects from telcos is to ensure their service provider is in full compliance with the regulatory requirements of the region. Unfortunately, the above strategy is often difficult to implement, as telecom fraud operates on a global stage where national governments lack the jurisdiction to press charges. More governments, however, are now exploring regulatory policies to curb the crime, though it may take time to materialize. As such, SMEs and telcos must take responsibility for their assets.
Stewart says SMEs can further fortify themselves by integrating fraud mitigation solutions in their operations. Organizations like TransNexus, Squire Technologies, Oculeus and others are some great examples of companies providing anti-fraud solutions that can help SMEs to monitor call traffic in real time, identify anomalies and instantly deploy mitigation techniques.
What’s most interesting about some of the services these companies offer is the use of AI. For instance, Oculeus uses AI in its real-time anti-fraud offering against fraudulent activities like PBX hijack and Wangiri scams. Squire Technologies offers MavenShield, an AI-powered tool that prevents fraud in real time, reducing customer churn and increasing cost savings. TransNexus leverages AI to provide analytics, toll fraud prevention and robocall mitigation. By using the same AI technology, SMEs have a better chance of not becoming fraud victims.
