I had built a system not so long ago that tracked day over day traffic
from my network by destination NPA/NXX and was able to pinpoint this
sort of thing by simply looking for seismic deviations from the norm
(volume or cost). Sure we would get occasional false positives when a
new customer with a really specific marketing business might turn up,
but it really wasn't hard to build and resulted in a good measure of
safety from a backstop perspective.
We just used the systems output to focus manual investigations, not to
power an automated system. Too much risk in automating domestic traffic
cutoffs.
FWIW we were an end-user network, not a wholesale network so we didnt
get the random sampling that wholesalers might which would likely have
changed some of the knobs on my selected criteria.
On 6/17/2019 7:20 PM, Matthew Yaklin wrote:
I am not sure if this is feasible for someone to do easily so I do not
bother you too much... but does anyone have a spreadsheet of the nanp
npa-nxx(s) you keep a very close eye on for fraud? I am not sure how
well we keep an eye on such things here. I would like to explore it
more. Naturally we keep an very close watch on international and brute
force attacks.
Matthew Yaklin
Network Engineer
FirstLight
359 Corporate Drive │ Portsmouth, NH 03801
Mobile 603-845-5031
[email protected] | www.firstlight.net
This email may contain FirstLight confidential and/or privileged
information. If you are not the intended recipient, you are directed
not to read, disclose or otherwise use this transmission and to
immediately delete same. Delivery of this message is not intended
to waive any applicable privileges.
------------------------------------------------------------------------
*From:* VoiceOps <[email protected]> on behalf of Robert
Dawson <[email protected]>
*Sent:* Monday, June 17, 2019 7:18:43 PM
*To:* Paul Timmins; Paul Timmins; [email protected]
*Subject:* Re: [VoiceOps] 605-562 - Arbitrage scam?
Interesting that you haven’t really seen that much domestic . . . I’d
say that domestic fraud accounts for at least 40% of the attempts we
have seen over the last year or so, with another 40% to NANP “island”
destinations (DR in particular) and the remaining to international.
Definitely different than a few years back when almost everything was
to African destinations.
The fraudsters are very smart and evolve over time, always have to be
vigilant!
*From: *Paul Timmins <[email protected]>
*Date: *Monday, June 17, 2019 at 6:48 PM
*To: *Robert Dawson <[email protected]>, Paul Timmins
<[email protected]>, "[email protected]" <[email protected]>
*Subject: *RE: [VoiceOps] 605-562 - Arbitrage scam?
I can just augment my existing one we developed in house easily
enough. But the new behavior that's concerning is hacked endpoints
calling the numbers. I'm used to "traffic pumping" being free
services people actually want leveraging arbitrage, but attracting
fraudulent traffic from hacked handsets isn't something I've ever seen
on domestic traffic before.
Bold, since it implies there's revenue share, and federal law can
reach a tribe in a way that the usual banana republic telco fraud in
the 3rd world can't.
-Paul
------------------------------------------------------------------------
*From:*VoiceOps [[email protected]] on behalf of Robert
Dawson [[email protected]]
*Sent:* Monday, June 17, 2019 6:25 PM
*To:* Paul Timmins; [email protected]
*Subject:* Re: [VoiceOps] 605-562 - Arbitrage scam?
Jumping in on this one late – Pine Ridge is most well-known for the
Ogala Lakota reservation that is located there. Numbers are in fact
owned by Native American Telecom which is tribally owned and has had
traffic pumping charges levelled against them as someone else
mentioned. Payday lenders have used tribal law for years to get around
usury laws, there was one company that was charging something like
900% effective interest. Repayment on a $10k loan was something like
$75k. Wondering if they can somehow skirt Federal telecom law too?
Paul, you are 100% correct – any fraud detection system that is only
looking at International destinations would not pick it up . . . you
definitely need something that can, at a minimum, be configured to
look at call velocity and volume to US destinations. I can make a
recommendation if you are interested.
Rob
*From: *VoiceOps <[email protected]> on behalf of Paul
Timmins <[email protected]>
*Date: *Wednesday, May 29, 2019 at 4:54 PM
*To: *Matthew Yaklin <[email protected]>, "[email protected]"
<[email protected]>
*Subject: *Re: [VoiceOps] 605-562 - Arbitrage scam?
Yeah, what makes it notable in this case is it seems like it's dead
air calls and hacked phones like traditional international fraud, not
free conference call services.
On 5/29/19 4:16 PM, Matthew Yaklin wrote:
Nevermind.. you meant interstate calling fraud detection systems I
assume. Sorry. Please ignore me. I just reread again.
*Matthew Yaklin*
Network Engineer
*FirstLight*
359 Corporate Drive │ Portsmouth, NH 03801
Mobile 603-845-5031
[email protected] <mailto:[email protected]> |
www.firstlight.net <http://www.firstlight.net>
/This email may contain FirstLight confidential and/or privileged
information. If you are not the intended recipient, you are directed/
/not to read, disclose or otherwise use this transmission and to
immediately delete same. Delivery of this message is not intended/
/to waive any applicable privileges./
------------------------------------------------------------------------
*From:*VoiceOps <[email protected]>
<mailto:[email protected]> on behalf of Matthew Yaklin
<[email protected]> <mailto:[email protected]>
*Sent:* Wednesday, May 29, 2019 4:14:02 PM
*To:* Paul Timmins; [email protected]
<mailto:[email protected]>
*Subject:* Re: [VoiceOps] 605-562 - Arbitrage scam?
Paul,
Why do you mention international toll fraud when that is an area
code and exchange for
Pine Ridge South Dakota?
And just imagining how small that company must be wouldn't a
logical guess be more like they just messed up in some fashion?
But in your defense that telecom company is fishy and Sprint tried
to sue them. I am not sure what ended up happening. Typical crap
with free conf stuff and having traffic sent to a high cost area...
*Matthew Yaklin*
Network Engineer
*FirstLight*
359 Corporate Drive │ Portsmouth, NH 03801
Mobile 603-845-5031
[email protected] <mailto:[email protected]> |
www.firstlight.net <http://www.firstlight.net>
/This email may contain FirstLight confidential and/or privileged
information. If you are not the intended recipient, you are directed/
/not to read, disclose or otherwise use this transmission and to
immediately delete same. Delivery of this message is not intended/
/to waive any applicable privileges./
------------------------------------------------------------------------
*From:*VoiceOps <[email protected]>
<mailto:[email protected]> on behalf of Paul Timmins
<[email protected]> <mailto:[email protected]>
*Sent:* Wednesday, May 29, 2019 3:50:35 PM
*To:* [email protected] <mailto:[email protected]>
*Subject:* [VoiceOps] 605-562 - Arbitrage scam?
Is anyone else seeing lots of long duration calls to the 605-562
exchange that when you dial the respective number, it supervises
to dead
air?
Seems like a new kind of toll fraud that international fraud
detection
systems won't catch.
-Paul
_______________________________________________
VoiceOps mailing list
[email protected] <mailto:[email protected]>
https://puck.nether.net/mailman/listinfo/voiceops
_______________________________________________
VoiceOps mailing list
[email protected]
https://puck.nether.net/mailman/listinfo/voiceops
_______________________________________________
VoiceOps mailing list
[email protected]
https://puck.nether.net/mailman/listinfo/voiceops
