As technology expands and the way we live and work becomes increasingly digital, new threats emerge and existing ones continue to evolve. To highlight these threats, October has become ‘cyber security awareness month’ to empower everyone to protect their personal – and business – data from digital forms of crime.
Today, we sat down with Katia Gonzalez, our Head of Fraud and Security and an expert in the world of telecoms fraud. While telecoms fraud has some differences from cybercrime, the reality is, some cyber security breaches enable telecoms fraud to take place. But what both cybersecurity and telecoms fraud have in common is the harm it causes to innocent businesses and individuals. Read on as we explore the issue and how it can be solved.
When it comes to cyber security, where does telecoms fraud sit?
The two are distinct, but definitely related. As the largest and oldest deployed network in the world, I sometimes describe telecom fraud as the older brother of cybercrime. An example of this type of fraud is Wangiri (Japanese for “one and cut”), which targets customers’ curiosity by calling them, letting the phone ring just once, and then hanging up, prompting the customer to unwittingly call the premium (usually expensive!) number back.
An example of telecoms fraud which targets businesses, is International Revenue Sharing Fraud (IRSF), which sees fraudsters using premium numbers to rack up sizeable phone bills, or regular numbers which are used to intercept traffic by proposing very low and competitive rates. Fraudsters intercept the calls by leasing a number, break into a business’s phone system and make calls and intercept traffic, pocketing up to a quarter of the phone bill, with the business none-the-wiser until their phone bill comes in at the end the month.
Telecoms fraud has existed for as long as telephones, and operators for many years have had to absorb the costs of fraudulent attacks – costing telecoms companies millions of dollars every year – whilst trying to limit the damage to their reputations. But as communication methods have evolved, fraud has too.
Cybercrime is more publicized than telecom fraud these days. Not only is that due to the scale of cyber-attacks, but also their nature. High-profile cybercrime targets big companies and looks to cripple them or demand huge sums of money, often by using ransomware (a type of malware) to encrypt employees’ files stored on their devices, preventing them from using or accessing any stored data.
So, whilst telecoms fraud is more subtle and can often target the little guy, now we have cloud communications and phone calls being carried over the internet, the two are more closely linked than ever before.
How else are they similar?
Their intent is largely the same. You do have types of cybercrime that spy on or cripple certain services, but the more common kind (like ransomware) aims to make money. Cybercrime and telecoms fraud target both individuals and large businesses alike. Their methods of affecting the background systems of an organization or business are slightly different, but they share similar ‘social engineering’ tactics to trick humans into doing the wrong thing.
“Phishing” is a term many people are familiar with by now. It’s where criminals use some kind of communication channel (email, text messages or phone calls) to trick people into downloading a virus or clicking an unsafe link – often aiming to steal personal information like card details. In this example, we’d define email phishing as cybercrime, but text messaging phishing (Smishing) as telecoms fraud – despite the fact that for the victims, they are one and the same.
With cybercrime taking on many different forms to destabilize or cripple a target, we are also starting to see security breaches in telecoms roaming interconnections being used as a tool in wars. Through the interconnection between telecoms networks, spies can access individuals’ private communications and track individuals’ locations.
How has fraud changed in the last 20 years?
It’s certainly become more complex. That’s largely because how we communicate has changed so rapidly in that time. Twenty years ago, SMS (text messaging) was only just starting to become widespread. That changed the game as it added a new channel that fraudsters can exploit. More recently, as telecoms have evolved beyond ‘fixed telephony’ (phone lines) and become increasingly internet- and cloud-based, it has added more entry points for fraudsters. There’s just far more to think about and try to protect than there was 20 twenty years ago.
What types of scams/crimes are out there?
Scams targeting businesses (or telcos) are more complex and varied, but for consumers, it often comes down to fraudsters trying to steal your personal information. While a human ringing you on the phone to try and scam money from you can still happen, “robo” calls and texts are now much more common. Robocalls or robotexts use automated systems that can call or text en masse. For scammers, this increases the chances of success through the sheer weight of numbers. Instead of phishing with a single pole, they’re using a giant net!
What can consumers do / what do consumers need to be aware of?
Be wary. Be suspicious of texts and phone calls (even if it seems like it’s coming from a service provider or bank) that ask you to share personal or financial information. Even if the website looks legitimate, ask yourself, “How did I get here?” If you came through an SMS link, it could be a fake website. This could even come from a phone number that you recognize. If you receive a request to change your password, avoid using the provided link. Instead, log in as you normally would, either through Google or the app on your phone, and check if the request is still valid. If not – it’s a scam.
What do businesses/telcos need to do to stop it?
As much as consumers need to be wary, the only ones who can contain this type of fraud are businesses and telecom companies. These scams are taking place on channels owned by mobile operators (and occasionally businesses that have cloud communications or their own phone lines) so it’s up to them to identify fraudulent activity and shut it down. Unfortunately, this is really challenging due to the sheer scale of international communications. You’ve got calls coming and going from all over the world, often passing through different countries and carriers on the way, which makes it really hard to pin them down.
How does BICS help?
As a global player in the telecommunications landscape with a massive telecoms network that spreads all over the world, BICS is in a unique position to help fight fraud. We carry over half of the world’s roaming traffic, and so when we apply our AI tools to that massive data, we can analyze traffic patterns and identify and block fraudulent activity on the network. We can do this for businesses and other telco companies. Our FraudGuard solution has proactively blocked over 850 million fraud attacks and saved a collective €2.1 billion for our customers.
Head of Fraud and Security at BICS