Categories
End User scams

Christmas phishing anyone? especially naive law firm PRs

raise your hands if you fancy a bit of christmas phishing

Got this email the other day. In my wisdom at some time in the past I said yes to being on some central PR database mailing list and now get spammed from all over the place with press releases with very tenuous links to my own areas of interest, which themselves are pretty wide. The email I have to believe is from a subscriber to that list and looks to me like a bit of Christmas phishing.

Who on earth in their right minds is going to click on the logo as suggested. I’m sure it leads to a very humorous landing page intended to show it’s sender, dlapiper, in a good light. All it did for me was to make me think dlapiper  were not that clued up and why should I even think of using their almost certainly extremely expensive legal services.

I took a screenshot to use with this post, labeled the sender as spam (I do this to most emails that address me as “Hi”) and deleted the email. Having done so I am a little curious as to what the message from the president. It might have been funny or it might have been that he was looking for someone to temporarily deposit $100m in their bank account until after he had left office.

I’ve asked to be taken off the central PR database but it’s probably going to be some time before I stop getting spammed like this. I might have to manually start unsubscribing for a bit to see if it has any effect.

First post in a while. Must do better.Going to have some interesting (well to me anyway) news in the new year so don’t go away. Not out of hearshot anyway. Or leave a number where I can get you.

ciao

twef

Categories
Bad Stuff Business Legal ofcom Regs scams

Information, Connection and Signposting Services (ICSS) Update

ICSS update

A little while ago I was approached by someone else that shares an interest in the subject of Information, Connection and Signposting Services (the so-called ICSS), about which I have previously written on Trefor.Net.

As a brief reminder, someone will buy up all the Google Ad-words (or, I suppose, the Yahoo equivalent if they’re still a thing) for “British Gas Customer Services” and variants thereof, and show a revenue sharing phone number, such as 0844 (which can be upto 7 pence per minute plus your phone company’s access charge) which they then translate to the actual customer service number and pocket the difference.

Since I last wrote about this, the Consumer Rights Directive was transposed and the Financial Conduct Authority implemented a similar requirement to outlaw the use of “premium rate” calls when contacting a company in connection with a contract.

Firstly, some pedantry from me. The term premium rate is bandied about far too often by everyone. It has a very distinct legal meaning, which is based in the Ofcom Premium Rate Services Definition. Broadly, that means it has to be more than 7 pence per minute in terms of the Service Charge element; and as the National Telephone Numbering Plan (given force by virtue of General Condition of Entitlement 17) prohibits the use of anything above 7 pence per minute to just 087x and 09x ranges, then 084 numbers and 03 numbers are not Premium Rate by definition. Hopefully some sub-Editors for the Daily Mail shall take note. Incidentally, the numbering plan doesn’t prevent 087 being used below 7 pence per minute – in the changes to the non-geographic call services market in the summer of 2015, many operators set a service charge of 1-2 pence per minute for 0870 numbers to maintain the status quo. This means they are not “premium rate” despite the fact the next number block in sequence might be 13 pence per minute.

So, now we are all up to speed, why the renewed interest? Well, PhonepayPlus intervened in the ICSS market where the Service Charge element was over 7 pence per minute (i.e. premium rate where they have jurisdiction). They set a prior permission regime, which denoted ICSS has high risk, but then softened this to Special Conditions along with the rest of the prior permission regime in an update to the PhonepayPlus Code of Conduct. Their intervention wasn’t a smooth one, with some ICSS operators seeking a judicial review of their intervention. That will give you an idea of what the market is worth – a view supported by the growing number of entities apparently offering such a “service”. I have a list broken down by year and it has demonstrably been growing over time.

I cannot think of any direct PhonepayPlus censure of an ICSS provider; however, the Advertising Standards Authority has intervened in a couple of cases. The first brought to my attention was in 2014 whereby the ASA ruled against them on the basis it wasn’t clear it was a connection service. Interestingly, in a case in 2015, they went further, discussing that customers looking for a number for customer services wouldn’t go into detailed small print. This is heartening as it means the ASA is almost going further than PhonepayPlus and is a useful alternative body to make complaints to.

Unsurprisingly, the Fair Telecoms Campaign made a suggestion that all ICSS should be treated as Premium Rate Services (i.e. under Phonepayplus control) in their response to the Ofcom consultation on the latest Phonepayplus Code of Conduct. Ofcom dismissed this in their Statement due to a lack of consumer harm being evidenced, which is a stock Ofcom answer for “not important enough to warrant our resource or attention yet”.

That Ofcom position also correlates with me having made representations on behalf of some financial institutions who were rather aggrieved at being passed off (which is still the advice I give people – treat it as impersonation more than a telecommunications regulation issue).

So, it’s clear there’s still a problem, and potentially one that is growing. Where do we go from here?

Well, it is heartening that a Google search I have performed for a few private sector companies people may wish to call (including those I referenced in my original piece) has them in the top couple/three hits with ICSS at least being less obvious and less baiting then I recall, although they are still there. This of course doesn’t get around the natural human instinct of just dialling the number that’s there at the top, of course. However, I cannot say the same for government departments who appear to be subject to it, and, in terms of Ofcom’s statutory duties, should have them pay more attention as it presents services used by the more vulnerable in society.

I believe that the ASA has broader power and is clearly more disposed to using it in situations where ICSS is misleading. The problem here is two-fold though. First, it is a lot harder for a commercial entity to make a complaint to the ASA (something I found out when ITSPA were going to refer EE for its “shed load of data” advert a couple years ago). Secondly, there is a balance between offering a service at a premium taken willingly by lazy consumers (the economists would say “reducing their search costs”); just like being put through to a number given to you by the guys in moustaches at their 118 rates, ICSS can be argued to have a legitimate role in society.

That means we need to have a debate, which is where Ofcom should come in. They are the subject matter experts and have a wide range of powers available for them to research and intervene as they feel appropriate. So, I think my advice needs to be updated as follows;

  1. Complain to the ASA. It is easier for it to be given attention if the consumer does it as opposed to the passed off company.
  2. Be in control of your search engine results and outspend the ICSS people if needs be. I haven’t experienced it myself as it isn’t my area, but one ITSPA members tells me Google are receptive to  companies complaining they are being passed off, so that should be something done as well.
  3. Complain to Ofcom. Google “Ofcom contact us” and pray I haven’t been mischievous and bought the ad words for it and translated an 0908 number to their 0300 to fund an Aston Martin. In all seriousness, their details are here.

 

My experience from dealing with fraud, net neutrality and other issues that various agencies want to try and ignore is that once there’s a clear weight of evidence, in fairness to those agencies, they do start to act. So let’s get the evidence to them and break the vicious cycle of “no action because no reporting” and “no reporting because no action”.

Categories
Business scams

Takeaway messages from telecoms fraud workshop

Telecoms fraud workshop learnings

We covered a lot of ground in yesterday’s telecoms fraud workshop. A big thanks to everyone who made it and to sponsors Netaxis and Gamma. I don’t think there was a singe person in the room who didn’t contribute in some way and I’m sure everyone got something out of it.

A special thanks to the speakers Colin Duffy of Voipfone, Ben O’Leary from Gamma, DS Nick Kemsley of the City of London Police, independent fraud expert Dave Morrow and Manuel Basilavecchia of Netaxis.

Much was discussed in the three hours but the key points can easily be summarised here:

  1. If carriers were able to stop international settlement payments for known fraudulent traffic to premium rate numbers the problem would disappear overnight. “Apparently this is not possible”. Nobody could really say why.
  2. Fraud mitigation systems need to be automated and work in real time or as near to real time as possible. Most fraudulent “attacks are over in a short period of time. Manual systems that rely on human intervention take too long. This may result in “false positives” where genuine traffic is blocked but it is better this way than for end users to be hit with big bills.
  3. There has been plenty of work done that would help people model their automated (and non automated for that matter) systems. Get in touch if you want me to point you in the right direction.
  4. Criminals use automated processes that work their way through number ranges until they find an unblocked series to use as targets for their fraudulent calls. An automated system should be able to anticipate fraudulent activity by seeing calls from one destination working their way through such number ranges. \

 

I’m not going to go through the types of fraud involved. Much has been written before on this blog if you want a read. I’ve made it easy for you by providing a link to telecoms fraud posts.

Click on the link for Dave Morrow’s white paper on Missing Trader Intra Community Fraud.

Categories
Bad Stuff End User scams

Facebook notifications with phishing links

Don’t do it! – Facebook notification phishing.

Facebook notification phishing whereby someone shares a post on your page and provides a phishing link within the text is new to me. Our Anne’s Vans website Facebook Page just received such a notification using a link to a phishing site. My wife spotted the notification and asked what she should do. The notification said that unless she verified the page it would be shut down.

I took a look and it is clearly a phishing site. The interesting thing is that whilst I reported the page there doesn’t appear to be a means of deleting the notification – I don’t particularly want the link hanging around. Even reporting the page only lets me block it. In fact it was a post within the page that let me do this rather than the page itself.

I don’t particularly want to hang around the page to play with it any more so I’ve moved on, other than to pen this swift blog post on the subject.

I guess the issue is that this going to catch some people out. Anne wasn’t sure what to do so she asked me. Some will just take the notification as read and fill in the facebook login details that were being requested.

Facebook notification phishing is new to me and is a slightly disappointing attempt at a scam. The previous ones I’ve seen have involved friend requests from scantily clad females which I have,with a heavy heart, reluctantly had to block 🙂

It would be interesting to hear if others have seen such phishing attempts.

It remains to be seen  whether Facebook takes down the page. I will let you know, obvs. In the meantime I’m getting ready to go off camping in Derbyshire for the weekend. The forecast is rain, sleet and temperatures approaching zero!

facebook notification phishing

confirm your page

Loads of posts on scam subjects.

Categories
Business scams

Telecoms Fraud, Liability and Responsibility: A Contractual Approach from a Telecoms Specialist Lawyer

Telecoms Fraud Liability and Responsibility

Danny Preiskel of Preiskel & Co is one of the world’s leading telecoms lawyers. In this final post of Manuel Basilavecchia curated posts on telecom fraud Danny looks at the subject of telecoms fraud liability from a legal perspective.

Considering the devastating effects telecoms fraud can have on a wholesale or retail telecoms business this post looks at some of the legal aspects and provides some guidance to minimise the impact from a contractual perspective.

Civil Litigation for Civil Fraud

Successfully suing in civil litigation for fraud and recovering damages is only possible in certain circumstances, and with fraud being notoriously difficult to prove, the risk of losing in court and being liable for the defendant’s costs often outweighs the potential award of damages.  This is exacerbated by the fact that even if the telco victim is successful, the defendant company may not have the funds to actually satisfy any judgment awarded.

As with other jurisdictions, English law also allows shareholders and directors to hide behind the veil of incorporation.  Only in limited circumstances will the English courts pierce the veil of incorporation to convict or fine the individual shareholders behind a company, though directors can incur liability in addition to the company.   Typically in the UK we have seen that fraudsters can simply re-appear and commit more fraud by hiding behind another company name.

Another legal principle which may accidentally protect fraudsters is the privity of contract doctrine, whereby contractual obligations are only due to the contracting party and not its sub-contractors. For example BT fraud department will usually not deal with carriers with whom it is not directly contracted with. This can be problematic as often BT’s call records as well as the knowledge and actions of its fraud department can be hugely useful.

And finally, there are the UK insolvency laws which make it hard and expensive to recover monies from a company in liquidation or administration.

Insolvency Proceedings

Insolvency proceedings in the UK involve an application to court for the winding up of the company, usually after service of a Statutory Demand; and the appointment of an insolvency practitioner (to collect and distribute amounts for all the creditors).  

If the insolvency practitioner is not convinced there are sufficient funds in the insolvent company then it will ask the company appointing it to guarantee its costs. Whilst this is understandable it can be a huge disincentive bearing in mind that any amounts recovered by the insolvency practitioner will be for the benefit of all the creditors. It is not just in the telecoms sector that it is rare for creditors who are unsecured to get any meaningful percentage recovery.

If an insolvency practitioner is funded then it could potentially sue the fraudulent director and attempt to get a recovery as well as make a report recommending the person be disqualified as a director for several years. However the harsh reality regarding insolvency related proceedings in the UK, means that the failure to properly fund an insolvency practitioner often results in a director getting away with the telecoms fraud.

The Telecoms LCR Chain – Profiting From Fraud

When it comes to the wholesale industry we find ourselves in the curious position that, often it is not just the perpetrator of the fraud who seeks to profit. Understandably carriers in the chain want to be paid in full (including their profit margin), meaning that they profit from fraud, albeit not a fraud they have committed themselves. In essence it can be quite galling for a carrier that has been left with a gaping revenue hole, to have its supplier insist on recovering not only its cost of transiting the traffic but also its profit margin.

Contractual Protection

Please consider the important recent case Frontier Systems Ltd (t/a Voiceflex) v Frip Finishing Ltd [2014] EWHC 1907 (TCC), where the Court required the telecoms carrier to be liable for the calling costs, even if the traffic was fraudulently generated.  We advise that in light of this judgment in particular that carrier review carefully and make amendments to their end user and wholesale agreements.

Carrier contracts should not only exclude, to the fullest extent permitted by applicable law, all express and implied warranties but should require the other party to be responsible, even if traffic was fraudulently generated by a third party.  Looking up the supply chain, we advise our client carriers to require that the supplier’s systems should be set to block fraudulent traffic and accordingly be liable in the event that they fail to block such fraud, even if it has passed through our client’s system undetected.

There is a lot to be said for such provisions to avoid uncertainty at the outset, minimising our clients’ exposure in terms of liability whilst importantly drawing the carriers’ minds to implementing appropriate anti-fraud measures before exchanging traffic.

What the Industry Can Do

Beyond the various technical measures (not mentioned in this blog note), the blocking of certain destinations by the way of default and some anti-fraud security provisions in the contract protecting the single carrier, the telecoms industry should consider an industry code of practice:

agreeing to help other carriers in the chain in identifying the fraud, even though there is no contractual relationship;

agreeing not to profit from fraud, i.e. take out profit element of charges;

appointing industry representatives to have a better working relationship with the fraud sections of the police and the regulator;

allowing companies to refuse to pay up the supply chain where there has been fraud suspected, albeit subject to certain provisos to ensure that nobody unduly benefits in such case;

providing a reseller kitemark approach to help combat dial-through fraud (e.g. the FCS’ fraud group that Preiskel & Co helped set up; or the International Interconnection Forum For Services Over IP (I3 Forum))

considering an industry fund to make a contribution towards costs of bringing enforcement action against fraudsters

identifying a cost effective insolvency practitioner who understands the industry

This concludes telecom fraud week on trefor.net, edited by Manuel Basilavecchia of Netaxis. Read our other fraud posts from the week:

Colin Duffy on “is encryption the answer to data loss
Manuel Basilaveccia on Missing Trader VAT Fraud
Dave Dadds – “telecom fraud is industry’s problem not the customer’s
Manuel Basilavecchia on “A mobile operator fraud case study
Jonathan Rodwell on “Telecoms and IT Security” and with part 2 here

Categories
Business scams

Jonathan Rodwell on Telecoms and IT Security part two

SIP Trunk Plus CEO Jonathan Rodwell in Part two of his posts on Telecoms and IT Security

Fraud week sponsored by Netaxis continues with part two of Jonathan Rodwell’s post on Telecoms and IT Security. In part one Jonathan discussed “Telecoms and IT security in the UK” together with “Technical best practice”.

The second post  concludes with  “the human wild card” and says “we need a new way of thinking”

The weak link?

The elephant in the room is the weak link in all telecoms/network scenarios. Us human beings. The bigger question being that if the ‘human’ wildcard element cannot be controlled, can any network (Telecoms or otherwise) ever be truly secure?

I suspect that even some of the most technically astute individuals cut corners.  We just can’t help ourselves sometimes. Using similar passwords on email accounts perhaps?  Not bothering with voicemail passwords?  User log on credentials that are not sufficiently robust?  No matter how robust a technical architecture is when people cut corners they expose their business to another’s malicious intent.

Larger organisations certainly have more tools at their disposal to exercise greater control over protecting their services, or offering training and technical solutions to manage passwords and so forth. But even they face challenges, particularly when staff bring their own devices onto the network.  Larger organisations often present a more attractive target to groups of individuals intent on hacking. It is generally accepted that if a group of skilled individuals with sufficient resources wants to penetrate your security, they will undoubtedly find a way. TalkTalk can tell you all about it.

As Telecoms providers, we know that as our service is predominantly IP Based, our clients and our businesses are exposed to potentially massive costs.

Both The Federation of Communication Services (FCS) and the Internet Telephony Service Providers Association (ITSPA) understands these challenges and is working with industry experts, the police and stakeholders across the board to try and help mitigate the potential risks. The FCS have a Fraud panel dedicated to working with industry professionals to help deliver best practice. ITSPA work closely with the likes of Action Fraud and the Metropolitan Police. 

FCS’s experience is instructive:  less than two years ago, fraud was a taboo subject at FCS meetings.  No business CP liked to talk about it, for fear of admitting weakness to their competitors.  Today it’s the industry’s number one pain-point.  

These trade associations provide a single voice for their members to Ofcom and to policy-makers. This protects members from the risk of individual damage to their brands. 

What can we do?

This all seems somewhat daunting, particularly for the small business owner – remember, the challenges for a multi-national are immense, too. So where do we start? A good place is the set of recommendations from GCHQ: The Cyber Essentials Scheme. Essentially, this focuses on protecting against Internet-Originated attacks against IT/IP Comms services. Cyber Essentials focuses on five key controls:

  1. Boundary Firewalls and Internet Gateways – devices designed to prevent unauthorised access, and setting them up effectively.
  2. Secure Configuration – of systems relative to the needs of the organisation.
  3. Access Control – Ensuring appropriate permissions within systems, with sensible passwords.
  4. Malware Protection – Ensuring it is installed and correctly maintained.
  5. Patch Management – Ensuring they are applied and utilised this is particularly pertinent for users of all PBXs. They need to be patched as much as any other network device.

 

This is all perfectly sensible and a good starting point, especially if your staff are office-based, but many businesses in 2014 support flexible working environments, such as staff who work from home and so forth. Indeed, some businesses do not have offices at all; so consider item 3: how do you control access when a home internet service is provided by BT or Sky and they have direct access to the router? If your IT support is provided by a third party, what happens if their own security is penetrated; are you vulnerable too?

BYOD (Bring Your Own Device) adds a further layer of complexity when employee or visitor devices are allowed access to the network. Companies must balance the benefits versus the risks and what mitigation can be implemented (realistically) on a technical basis.

Suppliers must emphasise and help implement best practice when it comes to the protection of PBX and handset architecture. Granted, some end clients are more willing than others to be proactive on this front, but suppliers have an obligation to emphasise the security protocols that can best protect the PBX and handsets (essentially network devices). Suppliers should also take some expert advice when it comes to their client contracts, with terms and conditions requiring specific attention paid to liabilities in case clients simply do not implement best practice.

Carriers and Telecommunications providers are in an interesting and powerful position in the equation. The carrier position is interesting because they can in theory, actually benefit from Telecoms Security breaches – a £20,000 phone bill still has to be paid after all, be it by the resale partner or by the client. Moral issues aside, the dilemma arise when fraudulent activity places the client’s business in jeopardy: if a business folds, then recovering the money becomes a much harder proposition. This is not to suggest that carriers encourage fraud, rather that history has shown that the responsibility of managing security and cost has always been pushed down the supply chain. Most carriers, at best, offer simple credit limiting or algorithmic analysis of traffic patterns.

The industry has a responsibility to do more, not just from an ethical point of view, but by offering enhanced protection at the Carrier level.  Doing so means changing the whole dynamic between resellers and end clients. If we can empower both the end client, and the reseller to control in real time the volume of minutes to every possible global destination (or group of destination), we can ensure end clients will always know what their maximum liability would be. This is minute limiting for the global business environment that is both dynamic and at the control of both key stakeholders – the business and supplier chain.

Consider now the dynamic of the supplier / client relationship if ‘cost of fraud’ wasn’t an issue. How would your approach to IT and Telecoms security change if a business-crippling financial penalty wasn’t threatening to be the end result of a security breach?

If the acceptance of ‘risk’ becomes easier to tolerate because there is a layer of protection and mitigation delivered through the telecoms supply chain by partners who are proactive, rather than reactive, then choices made by end clients become simpler, and could actually be different.

This can be taken a step further, so much so that if we accept that there is no perfect system and there is always a risk, then we can decide which method of working, or what telephony connectivity represents an acceptable level of ‘risk’. Clients can then assess the practicality of a heavily locked down infrastructure versus the ability to be dynamic and innovative in working practice.

We are not advocating businesses becomes an open door to hacks, rather that the whole supply chain can be chosen to facilitate a sensible approach to IT and Telecoms security that is simple to manage and doesn’t become a rod to the back of a business.

Thought leaders for the future

So what do we do about it? Well first of all, there is no perfect solution. If you admit to yourself and accept that people by nature will always be the weak link when it comes to telecoms security, then how you deal with peoples’ nature will be the defining aspect of IT and Telecoms security for your business, either globally or domestically.

Accept the view that once a file is emailed, voicemail sent out, or words have left your mouth, you have ultimately lost control over them. From that point on they can be copied, re-purposed and distributed without your permission on an exponential scale. Within Telecoms security however, you can at least limit the financial damage to an almost negligible level.

We are therefore in a more fortunate position than our friends in the IT and Data security industry where personal information, intellectual property and company data stores are also at risk.

It is time for the telecommunications industry to regain the initiative, the ‘old way’ of doing things, and the old business paradigms the industry that apply brakes to progress. Instead of playing catch-up and adopting a siege mentality, we have to change the way with think about security. Acceptance of risk, balanced with technical mitigation solutions should be weighed against the potential cost of a security penetration.

Suppliers and clients must be both pragmatic in the implementation of security protocols, and both parties must understand their responsibilities and the corresponding risks of waiving them. This is certainly an matter of education, and business owners have a responsibility to take the time to understand what those risks are, as there are currently no formal benchmarks in the industry currently that relate to telecoms security to guide selection.

A crucial step to understanding your risks and developing a strategy that suits your business is obviously working with the right supply chain: Partners can be trusted advisors to business owners and IT specialists, that offer the right solutions, even if those solutions don’t necessarily come from an established brand that has been around for decades. Telecommunications has become a managed service.

We are now, more than ever, part of a corporate ecosystem of applications. The more you lock it down, the more you dampen the dynamism and creativity within a business. So think carefully about how you deliver services to your clients.  Deliver value and don’t be afraid of breaking from tradition.  Learn from the past, but don’t be shackled by it.

This is telecom fraud week on trefor.net, edited by Manuel Basilavecchia of Netaxis. Read our other fraud posts this week:

Colin Duffy on “is encryption the answer to data loss
Manuel Basilaveccia on Missing Trader VAT Fraud
Dave Dadds – “telecom fraud is industry’s problem not the customer’s
Manuel Basilavecchia on “A mobile operator fraud case study
Jonathan Rodwell on “Telecoms and IT Security

This second post is an adaptation of an article first published by Jonathan Rodwell last year in the Journal of the Institute of Telecoms Professionals but is only available to members behind a firewall.

Categories
Business scams

Jonathan Rodwell on Telecoms and IT Security

Telecoms and IT security in the UK and Technical best practice

In an excellent and wide ranging two part series, SIP Trunk Plus CEO Jonathan Rodwell dives into the world of telecom fraud. In this first post he looks at Telecoms and IT security in the UK and Technical best practice.

Executive Summary

Telecoms and IT security is a massive industry in 2015, but the lack of security and the results thereof are talked about much more quietly. Instead service providers and technology delivery partners prefer to speak of uptime, and resilience. It is hardly surprising that what we don’t hear mentioned is who suffers from fraud. Big consumer data breaches hit the headlines frequently though only vast corporations like Target, TalkTalk and Sony really hit the headlines of the business community. Target was the result of a third party supplier breach but the snowball effect affects the entire business community.

Fraud is perpetrated every day. We fear being the victim but the reality is that often we are the problem as much as we are the solution. The IT and Telecommunications industry’s challenge is to effectively address the “elephant in the room”.  Talking about fraud with clients is interesting because service providers don’t want to sell on ‘fear’. Yet, at the same time, when they provide only one aspect of client infrastructure (e.g. telecoms), they may have no direct control over the infrastructure or the end user’s business or employees. When ‘fraud’ is perpetrated the initial and historical reaction is ‘fire fighting’ by identifying the cause and implementing a solution. Finally, they determine who gets the blame. One thing is certain, regardless of ‘fault’, the provider’s brand is damaged simply by association.

This first post is an examination of:

  1. The Telecoms and IT security in the UK
  2. Technical best practice

 

The second post  addresses:

  1. The human wild card
  2. We need a new way of thinking

 

Perfect solutions may not be available, but by removing the most painful and immediate result of a telecoms security breach – the financial cost – companies can change the way they approach security. Removing the risk of an expensive pay-out – which a service provider does not want to request, nor a client receive – massively changes the dynamic of the whole security equation.

By removing the risk, core stakeholders can then (in theory at least) work together in a cooperative, and constructive ways to firstly, ensure that a process of best practice is implemented, but also ensure that the cause of most hacks – human error – means that scapegoating and blame can be turned into a justification and positive reinforcement exercise that strengthens the client’s focus on increasing their information and network security across the board. Happy clients mean happy service providers and protection for the industry’s reputation.

Telecoms and IT security in the UK – where are we today?

In 2015, Telecoms and IT security are one and the same. A Legacy or IP PBX, or IP handsets are simply network devices that can provide huge business benefit and are crucial to most business operations. They are, however, devices that must be managed carefully along with every other network device so that they are not open to misuse. Similarly to the Local Network, infrastructure services like ISDN and SIP Trunks must also be managed, and some legacy services such as ISDN have more inherent risks associated. PBX security does not happen ‘out of the box’, it requires careful planning and control of both the network and connectivity.

Worldwide spending on Information Security showed an increase of 7.9 percent on 2013 and is predicted reach $71.1 billion in 2014 and to grow a further 8.2 percent in 2015, with roughly 10% of security capabilities delivered through cloud services1. Malware and processing power are available on an industrial scale at relatively low cost and businesses must prepare themselves to prevent becoming targets.

An enormous telephony bill at the end of the month, for some, could be the only indication that they are the victim of Telecommunications fraud. A frightening situation for anyone – be it the business owner or the IT Manager responsible for making sure that such a situation doesn’t happen. What is the initial reaction? Apportion blame? Deny liability for the costs? Fire a supplier or an employee? Contact the police or seek remedy in court? Two things are certain, a business will not be happy to pay such costs; and the resulting fallout can destroy even the longest standing business relationships.

The first question is what we can define fraud as? Is it simply exploitation of third party resources for financial gain? Or does it also extend to company employees costing their employer more, by extending their use of services provided by the company for personal benefit? We work on the basis of the full definition and focus on any expenditure that would not have been authorised by a company (in relation to their Telecommunication systems) is fraud.

Experience to date shows that the costs of fraud often never see the light of day. The reporting rate to the police the Action Fraud Bureau is just the tip of the iceberg. The Telecoms industry has been forced into a position where liability is the responsibility of the end clients simply to protect their own businesses, which in turn stimulated the development of the entire Info Security industry.

European Commissioner Neelie Kroes, Vice President for the Digital Agenda, was typically direct in her views of the Telecommunications industry: ‘Sometimes I think the telecoms sector is its own worst enemy.’ She went on to ask whether we will be leading the industry or whether we will be dragged ‘kicking and screaming’2. This may seem negative, but the Telecommunications industry has been around for over a hundred years, and like many mature industries, change can come very slowly.  While consumer telecoms, driven by the likes of Apple and Samsung, has commoditised the industry and radically adjusted consumer perception, the more traditional business to business market moves much more slowly.

The business and technical challenges

The fact is that we, as providers of telecommunications services, are providers of business critical services; the security of which we don’t necessarily have control over. This seems counter intuitive, doesn’t it? However, the challenge does not end there; types of exposure to fraudulent activity can vary significantly depending on a number of factors, not the least of which is the actual size of organisations.

For example, a company with 5 employees may have no IT expertise in house; they could rely on outsourced network support (or no network support at all) and leave themselves exposed on a variety of levels. A FTSE100 company on the other hand, may have an IT department consisting of dozens (or even hundreds) of staff, with a multimillion pound budget, but the sheer volume of devices that access their network and potential complexity of the network alone doesn’t offer them certain protection. Consider the recent cases of Home Depot and Target in the US, for example, who were penetrated at the point of sale at a cost to their own brand and their bottom line.

So what are the key considerations when it comes to telecoms security?

An onsite PBX is inherently vulnerable.

Physicality – As we know, unless equipment is in a secure environment with biometric and prescribed access control procedures, the PBX can be accessed and call routing tables amended. Note that organisations such as the NICC refer to a plethora of documentation in respect to best practice for such installations; however, how many companies are in a position to adopt such best practice?

Unauthorised access can be gained by anyone, from a systems administrator to a cleaner.

Remotely – many PBX’s are connected to the internet to enable remote access from their providers and to interface with cloud servers such as Jabber for IM and contact centre technologies, for example.

The first challenge is securing the local network, such as blocking port 5060; however, who controls the network? Is it the IT support company (in-house or contracted) or the communications provider? More often than not it is both – two brains potentially acting separately. This creates grey areas of responsibility as demonstrated by a recent High Court case where £35K of fraud was held against the communications provider.

There are two principal methods by which fraud is perpetrated:

  1. Hacks over the internet
  2. Dial-through fraud – Hacks via voicemail pin

 

Both of these methods aim to divert traffic to premium rate numbers (usually international) whereby the fraudsters are rewarded with the profit generated from such numbers.

What about at a national and global level?

Typical Methods of Prevention

The Telecoms supply chain can be very complex.  A carrier provides minutes to a sub-carrier and in turn to a reseller and in turn to, say, a SIP trunk provider and then again to the end client, or indeed another reseller. There are many combinations and permutations in the supply network.

What about at a Carrier Level?

Responsible carriers will offer protection using two principal methods:

  1. Referring to a fraudulent number repository – and blocking calls to such destinations
  2. Algorithmic – detecting unusual traffic patterns and blocking calls accordingly.

 

At Sub-Carrier Level

  1. Credit Limits – Imposing credit limits on resellers globally

 

The only real way to protect against fraud is the intelligent and real time monitoring of call traffic via Call Detail Records, or the logging of minutes. The challenge the reseller community has is that they are reliant on carrier provided monthly CRDs which only deliver the information after an incident has taken place, over a period of time. A very large cost can be accumulated in the space of an hour, let alone a month.

There is a major consideration too for the reseller community: They will have a company credit / supply limit with their SIP Trunk carrier globally. If that reseller hits their credit limit an automatic block on their services is implemented (automatically); that could potentially mean a block on all of their clients trunk services – a total service outage in effect. It is absolutely crucial the telecoms channel be able to manage their client base at a granular level and in real time.

This is telecom fraud week on trefor.net, edited by Manuel Basilavecchia of Netaxis. Read our other fraud posts this week:

Colin Duffy on “is encryption the answer to data loss
Manuel Basilaveccia on Missing Trader VAT Fraud
Dave Dadds – “telecom fraud is industry’s problem not the customer’s
Manuel Basilavecchia on “A mobile operator fraud case study

This post is an adaptation of an article first published by Jonathan Rodwell last year in the Journal of the Institute of Telecoms Professionals but is only available to members behind a firewall.

In his second post, to be published tomorrow at 1pm Jonathan conclude by looking at

  1. The human wild card and
  2. We need a new way of thinking

 

1 Gartner Press Release, Sydney, Australia, August 22nd 2014
2 Adapt or die: What I would do if I ran a telecom company, FT ETNO Summit 2014, Brussels, October 1st 2014

Categories
Business Mobile scams

Mobile operator fraud case study

A Mobile Operator Fraud case study but it could apply to any type of network

In this article this week’s guest editor Manuel  Basilavecchia of Netaxis describes a mobile operator fraud – in other words a telecom fraud that impacted a mobile operator. He describes the type of traffic pattern (destinations) and fraudster behaviour. For obvious reasons we are keeping the name of the operator out of it. It could happen to anyone dropping their guard.

The mobile operator in question underwent some planned maintenance work on its network.  Few details are available on the nature of the planned work but from a security point of view the activity was a total failure as the following day their switch was accessed from outside their network. We may assume that the planned work cleared the access list on the SBC/firewall.

Once the fraudster had access to the switch, he initiated some test calls. The goal was to check if it was possible to terminate traffic to specific destinations. To avoid detection the tests calls were kept to a low volume.

It is important to note that the hijack and the test phase took place on weekdays. On the Friday evening, fraudster rolled up his sleeves and got on with the real work of sending volume traffic to several destinations.  

The traffic pattern was as follows:

  • Fake CLI’s used like 1001111,1000001,123456; etc
  • Massive calls to Latvia, Lithuania, Moldova, Gambia etc….
  • Big volumes generated per CLI

The fraud was detected the next day in the morning by a service provider of the mobile operator. The time elapsed between the beginning of the fraud and the detection allowed the fraudster to generate quite high volumes.

As it was a week-end it was difficult for the SP to get in touch with the mobile operator to inform him about the ongoing fraud and to align on measure that needs to be taken. Again here, few hours lost which benefits the fraudster……

Once the decision to block fraudulent traffic has been taken a game of cat and mouse started. Indeed,  when the fraudster identified that a destination was not generating revenues due to barring implemented, he immediately and simply switched to targeting another country. The same principle applied for CLI’s. Any time he noticed that a CLI was blocked he just moved on to another. This game lasted the entire day.

On day two, a major change in the destinations targeted was seen: Nauru, Senegal, Maldives Zimbabwe was now part of the fraud scheme.

Again, barring had to be implemented on the targeted destinations. It is important to note that the barring had to be implemented so as to stop fraudulent traffic but without impacting the legitimate traffic

In parallel, the mobile operator attempted to solve the security breach which took some time.  Once the issue solved on the SBC, fraudulent traffic finally stopped.

Lessons learnt:

Security is key to protect  a network and in the case where a modification is made to a SBC, a cross check needs to take place after the intervention

Based on the short time between the planned work and the hacking it is clear that networks are scanned by fraudster to find an open door.

Fraud monitoring needs to be made live or near real time to minimize the impact and this 24 x 7

Barring solution must be available to stop fraud. This barring solution needs to be flexible (A number, B number, range, destination).

This is telecom fraud week on trefor.net, edited by Manuel Basilavecchia of Netaxis. Read our other fraud posts this week:

Colin Duffy on “is encryption the answer to data loss
Manuel Basilaveccia on Missing Trader VAT Fraud
Dave Dadds – “telecom fraud is industry’s problem not the customer’s

Categories
End User scams

Telecom Fraud – industry’s problem not the customer’s

Industry needs to take ownership of telecom fraud says VanillaIP CEO Dave Dadds

The ongoing “quiet” debate about telecom fraud which for the Voice Carriers and Resellers in the UK typically shows itself in the form of “dial through fraud” is a continued ongoing discussion, but the truth is that it is everyone’s dirty secret.

We all know the ways dial through fraud typically happen by either the PBX being hijacking or impersonating the SIP credentials, then big bills being sent all the way down the chain typically ending up on the customer doorstep.  

The first thing I would say is this is not an end user problem, why should the customer be expected to know the inside out of the black magic art of telecoms to somehow work out how to stop it? If the banks turned around to us and told us all that our next credit card fraud is our problem to sort we would rightly tell them where to go.  No, this problem is for the industry to sort out and get its house in order and start spending the money to resolve the problem. It would also help if our regulator Ofcom took more interest in this issue rather than just passing the buck.

Why this is everyone’s “dirty secret” is because no vendor is keen to talk about how much they have been hacked for as they see it as a loss of face and a reflection of weakness in there system. This in itself means that the problem is being tackled with one hand behind everyone’s back.  The other major issue which does not always get asked is where exactly this money is being sent?  

Various stats are given as to how much this fraud is worth worldwide, millions, billions, trillions who knows but the key question is are we all funding ISIS?.  When this possibility is put in the ring this becomes not just a commercial concern for all of us but just as importantly a moral concern with the recent tragic incidents around the world including Paris.

The industry needs to get its act together and tackle the problem head on. Anyone that is running a SIP based network service these days will no doubt be putting their own preventative measures in place but the biggest leak in all of our cumulative “Buckets” is the fact that the large carriers continue to be happy to pay the out payments with NO questions asked.  If UK based carriers refused to pay their international partners this fraud would soon start to be stopped, we saw the change in the UK fraud market once out payments could be withheld for UK routed 09x, 08x and 070x numbers.  We ourselves today at VanillaIP see very little attempted fraud to UK numbers as there is no financial incentive, what a surprise!

As an industry we need to be putting a much brighter spotlight on the subject, we must all be prepared to talk openly about this problem and share best practice.  Both FCS and ITSPA have been working on strategies to help resolve this problem and we could all start by reporting all frauds through https://app03.actionfraud.police.uk/report/Account which is a website run by the City Of London Police and the National Fraud Intelligence Bureau.   We should push for greater engagement with the large carriers and the regulator as this is everyone’s problem. In reality there is absolutely no reason why we can’t resolve this to the benefit of everyone apart from the criminals and terrorists out there.

Dave Dadds ([email protected]) – is CEO of VanillaIP.com and Deputy Chairman at FCS

This is telecom fraud week on trefor.net, edited by Manuel Basilavecchia of Netaxis. Read our other fraud posts this week:

Colin Duffy on “is encryption the answer to data loss
Manuel Basilaveccia on “Missing Trader VAT Fraud

Categories
Business scams

Missing Trader VAT Fraud

Missing Trader VAT Fraud

Fraud is for telecommunication companies a wide problem. Several fraud scenarios are well know like IRSF, PBX hacking, Bypass, and could be managed using a Fraud Management System (FMS).

Nevertheless, there is a fraud mechanism that could severely affect the business of a company even if this company is using an FMS. This fraud mechanism is called Missing Trader VAT fraud and is a significant problem for both business and tax authorities.

This type of fraud becomes possible because of the way the VAT system works within the European Union. This article aims to describe the Missing Trader VAT fraud mechanism at least at the top level.

How it works?

As a first step, fraudsters create a company (telecom reseller in this case). As a second step, traffic is purchased and resold.  Following the normal VAT mechanism, VAT is charged to and recovered from the end customer by the fraudster.

Up to this point, everything is ok. However the fraudster then disappears before having handed over the cash to the VAT authorities.

This in turn can cause a problem for the innocent party who has handed over the VAT to the crooks because the taxmen believe that they can recover it from said innocent party. This is a major risk for the business, especially as tax authorities can apply penalties. 

They get you with the “should have known” clause. They repeated say that you must know your customer and your suppliers and you have to prove to them that you’re innocent – a reversal of natural justice.

It is important that you read the leaflet linked to below. If you do not take due care and HMRC can demonstrate that you knew or should have known that your trading was linked to fraudulent tax losses then you will lose your entitlement to claim the input tax linked to those transactions.

https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/366907/How-to-spot-missing-trader-fraud.pdf

missing trader vat fraud

In reality of course, when a MTIC is established, it is made is a more complex way than the basic principle described above.

Indeed, the fraud can be perpetrated on genuine traffic, meaning that no alarm will be triggered by the FMS. Also, a “clean” supplier with which a customer has business relations since years can suddenly enter in this bad game

Last but not least, in many cases several companies involved in the supply chain are complicit (buffers). This help to hide the full picture if the fraud and enable carousel mechanism.

How to detect Missing Trader VAT Fraud?

We have seen that this fraud can occur on legitimate traffic which makes detection more complicated. For that reason, a number of different checks must be made on various aspects of the workings of a business: legal, financial, and traffic analysis.

This is especially although not uniquely for new interconnections. Existing interconnections also should also be regularly checked.

Market intelligence is also a great added-value in order to avoid to connecting with suspect companies or companies managed by people who have had issues with tax authorities in the past

Considering the nature of this fraud it is important to set up alert processes across your finance, legal and fraud management departments.

Sources:

MTIC (VAT fraud) in VoIP- B.U school of law/Boston University, School of law Working Paper No10_03. Richard T.Ainsworth

ETNO/ Missing Trader Fraud. Telecommunications Industry Standard Risk Management Process

HM Revenue & customs/ Missing Trader Intra Community (MTIC). VAT Fraud presentation. Joanne Cheetam MTIC National Co-Ordination Unit . 2012

Categories
Bad Stuff Business scams

It’s telecoms fraud week on trefor.net

Telecoms fraud – a massive cost to the industry

I periodically run themed weeks on this blog. This week it’s going to be a few posts on telecoms fraud, edited by Manuel Basilavecchia of Belgian anti fraud specialists Netaxis. Manuel has already contributed a post on PABX fraud during a previous fraud week.

The telecoms industry loses a huge amount of money to fraud. The total amount has been estimated to be in the tens of billions of dollars (see global fraud loss survey by cvidya). It is a problem that affects most businesses of any size. The worst aspect of the problem is that it often alienates service providers with their customers. The fault is often down to inadequate network security practices amongst end user companies who in turn blame their communications provider.

It is in everyone’s interest to do something about telecoms fraud but because these scams are usually perpetrated across national boundaries with multiple networks involved in the loop making any progress is a difficult thing to do. It is only the local communications provider who has the problem – of recovering the cash from their customer.

This week’s contributors include some heavy hitters in the industry including Colin Duffy of Voipfone and Dave Dadds of Vanilla IP. Keep your eye open for their posts.

First one goes live today at 1pm. Catch ya later…

Categories
End User scams

Chinese domain name scam returns – yay

We take a break from our Lincolnshire broadband posts to bring you this exciting message. The Chinese domain name scam is back:)

I used to get these scam Chinese emails quite frequently when I was at Timico. Dunno if they specifically target email addresses of businesses. I look back at them with fondness because they were obviously attempts to extract cash.

Jim
General Manager
Shanghai Office (Head Office)
3008, Jiulong Building, No. 836 Nandan Road,
Xuhui District, Shanghai 200070, China
Tel: +86 216191 8696
Mobile: +86 1870199 4951
Fax: +86 216191 8697
Web: www.cnregistry.org.cn

Dear CEO,

(If you are not the person who is in charge of this, please forward this to your CEO, because this is urgent, Thanks)

We are a Network Service Company which is the domain name registration center in Shanghai, China.

We received an application from Huayin Ltd on November 9, 2015. They want to register ” broadbandrating ” as their Internet Keyword and ” broadbandrating .cn “、” broadbandrating .com.cn ” 、” broadbandrating .net.cn “、” broadbandrating .org.cn ” 、” broadbandrating .asia ” domain names etc.., they are in China and Asia domain names. But after checking it, we find ” broadbandrating ” conflicts with your company. In order to deal with this matter better, so we send you email and confirm whether this company is your distributor or business partner in China or not?

I got this one recently. Don’t recall when exactly because it was in my spam folder and I deleted the lot after copying the text. Good old Google caught this one for me. Had some words of warning: “Emails like these have been known to be attempts to take money from your bank account” or words to that effect.

I should probably take it a little more seriously but my initial reaction was “Ah bless, they’re at it again”. Presumably it must work with some people otherwise they wouldn’t bother.

PS I wonder what Huayin Ltd notionally do?

Categories
End User scams voip

Hi it’s Michael here – do you have an Apple or Microsoft computer in the house?

snom dect and Michael the Microsoft pirate

I was thrilled to answer the home phone this morning to find it was Michael at the other end. I’m sure it was Michael though it did take him a couple of goes to get his own name right. He wasn’t your average Michael. He sounded very sub-continental, if you get my drift.

I had just come in from doing mellow fruitfulness stuff in the back garden and had to race to answer the (SNOM DECT SIP) phone before it rang off so I wasn’t totally on the ball meself. I did answer the phone with my right name though, I think.

Mike got straight to the point. Actually I’m not sure that he calls himself Mike but I didn’t get that far in relationship building in our short time together but that is by the by. Anyway Mike informed me that he was ringing regarding the Microsoft or Apple PC in the house. I asked him how to could tell the differenced and how he knew it was either Microsoft or Apple. He said most people had either Microsoft of Apple PCS.

Now the frustrating thing about our very short lived conversation is that Mickey didn’t hang around long enough for me to tell him I didn’t use either but was a Chromebook aficionado. Before I knew it click, he was gone. V disappointing. I was just in the right mood for a long conversation about the fact that my PC had a virus or simlar.

Never mind. Mick had a dirty target to reach and couldn’t waste time chatting with me about the pros and cons of browser based operating systems versus the old fashioned stuff.

With an element of sadness, nay mellowness in keeping with the season, I put the handset back in its cradle.

Our home phone use btw has been revolutionised by the use of SIP but I’ll keep my powder dry on that one until next week as we are having a Lincolnshire Broadband week on the blog. I currently haver around 10 posts in my sights but can still take more if you want to contribute. Can be about apps running over broadband or about broadband tech itself. Or even how broadband has changed your life for the better. Hey it happens 🙂

The featured image btw is a snom dect handset on a background of black granite. V artistic I thought although the handset itself didn’t come out in perfect focus as I kept taking pics to try and get the red led in shot – at least I got that bit. Adds a bit of colour don’t you think?

Categories
Bad Stuff End User scams spam

HMRC scam spam

HMRC scam spam forwarded to my accountant

Thought you’d appreciate this public service service announcement re HMRC scam spam. Got the following email text notionally off HMRC and with lots of links:

Hello TREFOR.NET,

You can’t afford to miss your payment deadline

If you submitted a self-assessment form in January, your second payment instalment is due on or before 31st July.

Filing your return means you’ll know how much you’ll need to pay, making it easier for you to plan ahead and put money aside.

Here’s a short video clip explaining ‘Paying HMRC – Self Assessment’

Take a look at the following YouTube videos to find out about key dates regarding Self Assessment and details of how charges are calculated. Each is only a couple of minutes long.

Self Assessment: Tax return deadline dates (HMRC YouTube)

Self Assessment: Payment deadline dates (HMRC YouTube)

Self Assessment: Tax return late submission penalties (HMRC YouTube)

Self Assessment: Missed payment charges (HMRC YouTube)

You know it makes sense.

I thought it was a bit odd as I don’t pay my personal tax by instalments so I just forwarded it to my accountant without clicking on anything.

Lo and behold the accountant came back and said trash it it’s a HMRC scam spam (I like that phrase – not sure it accurately describes the email but it rolls poetically off the tongue so it’s in.)

It’s second nature for most people these days to distrust dodgy looking emails but you can get caught out. That unwary moment. The dropped shield etc etc etc.

Anyway gotta go and pick up a hire car as the Jeep is in being mended (again). Tomorrow we are off to York to film some pigs for broadbandrating.com. If you didn’t see the last video you can catch it here. This one’s going to be similar but totally different.

You heard it first on trefor.net…

PS loads of scam stuff on this site – check it out here.

Categories
Bad Stuff End User fun stuff scams

Stop Press – wonderful LinkedIn invite

LinkedIn spam

Just seen this wonderful invitation to connect on LinkedIn. See the featured image. As you can see it’s from

ABDULKADIR BALA MOHAMMED – FORMER MINISTER OF FEDERAL CAPITAL TERRITORY ABUJA NIGERIA

I was so excited by it I had to drop writing a post on how I’m going about choosing a new broadband provider and share it with you straight away.

We are back to the old Nigerian General with money to get out of the country scam. I assume so anyway. It’s such a pleasure to have them try it on through this new platform. Taken a while mind you but hey…

I didn’t click on anything or accept the invitation although I am just about to report it. It’s the first scam I’ve seen via LinkedIn. Facebook went through a phase of it whereby gorgeous women with large breasts (apparently) wanted to be my friends. Pained me but I declined them all (yes I did).

When I first saw this invite I thought it was from Wales – Bala is a place in North Wales. Anyway I leave you with a tune in my head – Abdul the BullBull Khadir. Olden but golden 🙂
Back to the other post. Mundane bread and butter stuff but just as important 🙂
Still time to enter the Wimbledon Competition btw.
Categories
Bad Stuff Business scams voip

Mechanics behind International Shared Revenue Fraud

VoIP fraud continues to rear its head this week with a post on ISRF mechanics.

Continuing with his week as guest editor covering VoIP fraud issues David Cargill has invited industry expert Martin John from AQL to discuss IRSF mechanics – how it actually works:

As we all know International Shared Revenue Fraud (ISRF) plays a large part in the overall fraud that we see in the industry, even though services are marketed legitimately they are widely used for fraudulent purposes and the artificial inflation of traffic, whilst some of the traffic will terminate in the target country a high percentage will never reach the expected destination (commonly referred to as short transit or short stopping)

Whilst the ITU governs the allocations of Country Codes once the code is allocated the usage and numbering plan is controlled by the responsible authority in the recipient country, the ITU publishes updates on the reported use of each numbering block for each allocated Country Code (http://www.itu.int/oth/T0202.aspx?parent=T0202) however this is based on information submitted by the responsible authority and is not always an up to date source of information.

Historically Telecoms Operators interconnected directly via TDM on a bilateral basis, a settlement rate would be negotiated with a key objective being the balance of traffic to reduce any financial settlement between the parties, using this method the majority of ISRF traffic actually terminated in the country that holds the number allocation.

isrf mechanics

Smaller countries or those with financial constraints could not justify or afford this method and opted for a cascade accounting method, cascade accounting meant that the smaller operator would make an agreement with one or two larger international operators whereby the larger operators became an aggregation point for the allocated country code and in return kept a percentage of the revenue.

isrf mechanics

With cascade accounting traffic to designated number ranges could potentially be short transited, the authority responsible for the allocation and administration of the number ranges may have requested that the cascade accounting partner terminate certain prefixes to alternate carriers/partners for other services, these opportunities were very financially rewarding due to the expensive part of the network (the international circuits) not being utilised.

isrf mechanics

 

 

As the market developed and with the establishment of VoIP clearing houses/exchanges and traffic aggregators cascade accounting has become less popular, operators favour being able to interconnect to lots of different operators in one place, increase their profitability as they no longer have to give a percentage to the cascade accounting partner and lower their cost base as they would no longer need to purchase other international routes via their previous cascade accounting partner, however this simply made ISRF easier, the telecoms market is more cost driven today than it has ever been operators strive to  maintain lcr with the minimum of man power and international destinations that are outside of their main business area are commonly terminated through large traffic aggregators or clearing houses, interconnection between the aggregators and clearing houses is a common practice it is in their business interest for a call attempt to complete and convert to revenue and therefore as the financial barriers to connect to clearing houses are small the interconnection by parties that want to abuse the situation is relatively easy.

Take for example the following scenario:-

The island of High Termination Rate is assigned the country code of +997 from the ITU the and files a numbering plan. The island of High Termination Rate Telecommunication Regulatory Authority (HTRRA), announces the following:
isrf mechanics table

 

 

The national operator of the island of HighTerminationRate HTRT is a respectable and ethical company that interconnects to a large traffic aggregator and a clearing house to not only gain access to a full international A-Z for terminating traffic but also to ease interconnection with other international carriers so that the residents of The island of HighTerminationRate are globally reachable, the per minute rate is advertised as £1.00 ppm

aql4
To this point everything is legitimate however there is nothing stopping the aforementioned opportunistic man in the middle/ISRF reseller from also interconnecting to an aggregator and clearing house and advertising a rate of £0.98 ppm supporting either the full list of breakouts or “specialising” in certain areas such as HTR Mobile +99780

aql5

 

 

In the background the ISRF reseller has been busy harvesting numbers and happily upsetting the observed statistics (reduced ASR’s etc) whilst tying up network capacity to obtain a better understanding of the utilisation of the ITU allocation.  Once this understanding has been obtained numbers can be tested and resold to customers.

Some may wish to offer chat services or other services of the like whilst avoiding any national regulation and of course this then opens the door to parties that wish to generate fraudulent traffic.  To expand further after number harvesting it is discovered that anything that starts +99780752 can NOT be completed via the legitimate route offered by HTRT.  It is a range that falls within the allocation but perhaps due to demand has not been opened yet.

Any traffic generated to this range will fail on the HTRT route if in fact it even attempts the HTRT route first due to the ISRF route being marketed at a lower rate. Once that call has failed the aggregator/clearing house would normally route advance the call to the next available route where ISRF are happy to complete it.  Legitimate traffic that the ISRF route receives is simply terminated back to another carrier. Whilst this incurs a loss with restrictive routing and capacity the impact is minimal and aesthetically legitimises the service offering provided by the ISRF route.

aql6

 

 

 

 

 

 

 

Martin John is the General Manager of aql wholesale. aql, established in 1998, is a wholesale integrated Telecommunications Operator, Regulated by Ofcom. Providing services to many of the FTSE 100 and is one of the UK’s largest IP Telephony fixed line operators.  It is recognised as a significant market force in fixed and mobile services by the UK Regulator.

Check out our other VoIP fraud posts here. Below are links to other fraud related posts this week:

PABX fraud by Manuel Basilavecchia here
IRSF Fraud by Colin Yates here
CLI Spoofing detection by Matt Anthony here

Categories
Bad Stuff Business scams security voip

Caller ID Is Broken – How Can We Fix It?

matt anthony pindropCLI spoofing doesn’t have to be as big a problem as it is.

In the third of this week’s posts on VoIP fraud guest editor David Cargill has Matt Anthony, Vice President of Marketing at Pindrop Security as a contributor.

There was once a time when people trusted the number that showed up on their Caller ID. Phone companies charged extra for the service. Even banks allowed you to activate your credit card just by calling from a registered phone number. Today, that is no longer the case.

Caller ID (CLI) and Automatic Number Identification (ANI) were originally designed as systems to be used internally by the phone companies. As such, they didn’t need any real security. As they emerged as consumer facing tools, they never developed the security features that we expect today.

The result is that spoofing Caller ID data, or ANIs, is very easy. A quick Google search turns up pages of articles on how to spoof a number. App stores are full of easy to use apps that enable spoofing. One smartphone app, Caller ID Faker, has over 1,000,000 downloads.

spook card - disguise your caller id

Adding to the problem is the fact that in general, Calling Liner ID spoofing is completely legal. Though it is always illegal to use CLI spoofing for fraud or threatening messages, it is perfectly legal to spoof a number as a friendly prank, or as a helpful business practice. (Think doctors on call who don’t want to give out their cell phone number.) While it might be fun to spoof a CLI in a prank call to your friend, too often fraudsters are the ones disguising their numbers to hide their criminal activity.

Pindrop Security tracks phone fraud activity and trends. We have found that CLI and ANI spoofing is the most common technique used by phone fraudsters. In addition, more than half of the caller ID spoofing attacks cross international boundaries, meaning they are almost impossible to track down and prosecute.

Consider the case of one attacker, known to Pindrop researchers as “Fritz.” This fraudster is likely based in Europe and works alone. Fritz is in the business of account takeover. He calls financial institution call centres, impersonating legitimate customers by spoofing ANIs, and socially engineers the bank into transferring money out of an account. In one four month period, we found that Fritz had targeted 15 accounts. We estimate that he has netted more than £650,000 a year for at least several years.

While there is no technology that can prevent CLI spoofing, it is possible to detect these calls. The key is to detect anomalies between the information being sent over the Caller ID and the actual audio characteristics of a call using phoneprintingTM, created by Pindrop Security.

Phoneprinting technology analyses the audio content of a phone call, measuring 147 characteristics of the audio signal in order to form a unique fingerprint for the call. Phoneprinting can identify the region the call originated from and determine if the call was from a landline, cell phone or specific VoIP provider. These pieces of information provide an unprecedented level of insight into caller behavior.

So, if a Caller ID says a call is coming from London, but the phoneprint of the call shows that the individual is calling from 1,000 miles away, it should be a red flag for anyone running a call centre that the caller has malicious intent.

pindrop caller id verification

 

 

 

 

 

 

 

 

One recent fraud attempt thwarted by Pindrop tools happened on a Saturday night, a time when most call centre employees are not at their most vigilant. The caller asked to transfer £63,900 from one bank to another. The Caller ID matched the phone number associated with the account, and the caller knew all the answers to the identity questions the agent asked. However, while the Caller ID said the call was coming from San Francisco, Pindrop detected that the call was actually coming from a Skype phone in Nigeria. As a result, the wire transfer was put on hold, and the bank was able to verify with the account holder that the request was fraudulent.

Pindrop phoneprinting solutions are already protecting calls to top banks, financial institutions, and retailers. The Pindrop platform is a comprehensive solution designed to protect the entire call system: inbound, outbound, live, recorded and in the IVR, customer-facing and employee-facing interactions. Pindrop uses the information from the phoneprint to create a highly accurate and highly actionable risk score for each call, which has allowed it to catch more than 80 percent of fraud calls within 30 seconds after the call has been initiated.

Historically, the phone channel has been over-trusted and under-protected, making it a major target for fraudster exploitation. Today, technology is available to detect spoofing and stop phone fraud.

Matt Anthony, Vice President of Marketing

www.pindropsecurity.com

Matt Anthony is the Vice President of Marketing at Pindrop Security. With over twenty years of experience in the technology industry, Matt is a frequent speaker at technical conferences. Prior to joining Pindrop, Matt served as Director of Marketing at Dell SecureWorks. Matt has also held marketing roles at CipherTrust, Monorail, and Dell Computer. He is a graduate of the University of Texas at Austin.

Check out our other VoIP fraud posts here. Below are links to other fraud related posts this week:

PABX fraud by Manuel Basilavecchia here
IRSF Fraud by Colin Yates here

Categories
Business scams security voip

Telecom Fraud – Investment in Prevention and Detection initiatives not always available.

colin yatesIRSF- International Revenue Share Fraud

This week we have David Cargill as guest editor. David runs the Operations Working Group at  the Internet Telephony Sevice Providers’ Association (ITSPA) and takes a special interest in VoIP Fraud. David has invited a number of experts to contribute guest posts on fraud related subjects. This ties in with the ITSPA/trefor.net Workshop on Wednesday that has VoIP fraud and WebRTC as its main themes. This is his second choice of post, in which IRSF is discussed, is written by Colin Yates, Managing Director of Yates Fraud Consulting Limited:

The telecommunications industry has a huge gap between those operators who manage fraud effectively and those who do not. Those who are effective fraud managers, whether they are a Tier 1, 2 or 3 operator, are generally those who have matured over the years with a strong mandate and support from their Executive to do the job, while being provided with the necessary budget, resources and tools to do it well. Some senior management unfortunately view fraud losses simply as a cost of business, and allocate very little budget and resource to it. In these cases fraud losses are generally not measured or reported, so will remain unknown and not reflected in quarterly, half yearly or annual financial reporting.

There are some CSP’s who have enjoyed reputations within the industry as leaders in the management of fraud, but over time these reputations have diminished and their fraud losses have increased. Some of this could be blamed on a change of senior leadership who failed to appreciate the importance of effective fraud management. This could also be a result of a fraud manager who failed to continually make it clear to the organisation how much value they were adding to the business by effectively managing fraud. An effective Fraud Manager will take whatever steps are necessary to ensure that the papers for every Board meeting will include his quarterly fraud report to clearly identify the fraud recoveries and averted losses they have achieved during the period since the last meeting.

Fraud within Telecom operators is generally measured as a percentage of total revenue, and depending on which organisation is providing the figures, this could be estimated at anywhere between 1% and 5% of total revenue. In my experience an operator with a mature fraud team with the necessary fraud detection/prevention tools, along with the support of his management team is likely to maintain their fraud losses at under 0.50%. Assuming this is a tier 2 operator with total revenues of $US1.5 billion, if the effectiveness of the fraud team was permitted to deteriorate to a point where fraud losses increased by another 0.25% of total revenue, this would add a further $US3.75 million to the annual fraud losses. To recover this revenue through adding new customers would require upwards of 10,000 new customers to be added to the business, assuming an average ARPU of around $US370 per year. Would it not make better business sense to continue to support the fraud management function with resources and tools at a cost of probably 10% of the additional fraud losses suffered.

Subscription fraud is without a doubt the biggest contributor to fraud losses across the industry. While most operators would agree that their aggregated subscription fraud loss far exceeds those suffered by any other fraud type, the drive to attract and connect new customers can make it difficult to manage. Most sales channels will require that a potential customer who meets basic identity verification checks will be provided service during that one visit to a physical or on-line store. Without investment in real time subscription fraud detection tools, this type of fraud is always going to be difficult to manage. Some of these tools are no longer expensive and can allow a CSP to take more risk when providing service to new customers.

International Revenue Share Fraud (IRSF)1 has to be regarded as the one fraud type that the industry has failed to manage effectively, primarily again because of a lack of investment in tools and resources by some to prevent and detect an attack early to minimise losses. IRSF Fraudsters can attack a business using many enablers, for example subscription fraud, roaming Fraud, PBX hacking, Mobile Malware, Wangiri Fraud and others. Some CSP’s use tools, either developed in-house or obtained from an FMS provider and do manage their IRSF risk effectively, but many others simply operate in the belief that this fraud will never impact them, so they will make no investment in a defensive strategy, and simply take the risk.  This decision is typically not taken by those accountable for managing fraud, but by those a level or two above who control the budgets. In most cases, this decision maker will have no idea what the actual risk is, and the impact of not implementing these controls may result in losses way above his delegated financial authority. It is still not unusual to hear of IRSF losses that have amounted to over $US500,000 in a 2 or 3 day period. An investment of under $US30,000 could have avoided most of these losses.

It is well documented now that around 85 to 90% of all IRSF incidents occur in the period between Friday evening and Monday morning when many CSP’s fraud monitoring staff are not in the office. Unfortunately even some of those who have made the investment in monitoring tools will continue to ‘take the risk’ over weekends and will not take that monitoring a step further to enable some automation, or diversion of outputs from their monitoring systems to a 24×7 activity within their business. In a roaming situation, NRTRDE (high roaming usage) records are delivered within 4 hours of a roaming call completing, and this includes the period right through the weekend. Having made an investment to implement this fraud control, it is hard to understand why no-one would be looking at these in real time to identify fraud, or have some automated process set up to manage an obvious fraud indicator.

Without effective monitoring tools, some operators will simply block what they consider are high risk destinations assuming that this will reduce their risk of becoming a victim to IRSF. We currently monitor destinations and numbers used for IRSF and the total Countries advertised by IPRN Providers number 221 and the test numbers we have recorded in to these countries number over 100,000. However the top 10 high risk destinations very seldom change and are as indicated in the graph below. These 10 destinations are responsible for 50% of the IPR numbers being advertised, but any of the remaining 211 country International Revenue Share numbers advertised could result in significant fraud losses being suffered.

VoIP fraud by country
Sources of telecom fraud by country

Fortunately there are more and more operators who have identified the value of 24 x 7 fraud monitoring, and have managed to make the argument for resources and tools to allow this compelling enough to obtain sufficient budget to implement this strategy.

Unfortunately this has not resulted in a reduction of the overall IRSF problem. It has simply driven the fraudsters to look for easier targets and these are currently smaller MNO’s and more recently MVNO’s. Fraudsters have come to realise that many MVNO’s do not have Fraud Management expertise in-house, or access to the information and networking industry forums that most MNO’s have available to them.

Prevention and Detection are the fundamentals of Fraud Management, which is particularly relevant for the telecommunications industry. The costs of pursuing a fraud strategy based on implementing the resources and tools required to monitor network usage are insignificant when compared to the likely losses you will suffer if you simply rely on luck. Anyone with any doubt in this area should arrange for an independent contractor to come in to their business and conduct a fraud risk review so that the full extent of the risks can be identified. A simple example of an MNO with an effective fraud monitoring process in place identifying and stopping an IRSF attack within 30 minutes, compared to an MVNO with no fraud process, allowing an IRSF attack to continue for 48 hours before detection, is demonstrated in the diagram below.

IRSF effective telecom fraud momitoring
effective telecom fraud momitoring

IRSF has now been around for at least 10 years in some form or another. Some CSP’s have lost significant amounts of money to it, and some fraudsters have generated small fortunes in fraudulent income from it. Many customers have been impacted through bill shock after their handset has been stolen or their PBX hacked, and many small countries have suffered social and economic impact as a result of their number ranges being hijacked by these fraudsters.

The argument for effective prevention and detection initiatives is compelling, but this does require some support and investment by an MNO or MVNO’s senior management team. After around 10 years of suffering from this fraud, it should be apparent that the various industry groups who have been searching for solutions are unlikely to come up with anything positive in the next year or two, so it really is up to the individual operators to take action to protect themselves.

1IRSF involves fraudsters calling international numbers that attract a high termination rate, from a stolen or fraudulently obtained connection, with an intention to inflate traffic in to those numbers and be paid a per minute fee from a number provider for each call made. Payment for these calls will eventually be required from the originating network, who will have no hope of recovering these costs.

Colin Yates is a telecommunications professional with over twenty five years’ experience, specifically in the area of fraud, investigations, RevenueAssurance and threat management. Colin specialises in the areas of Telecoms Fraud (Internal and External) and Investigations. He also has considerable experience with Personnel and Physical Security, Law Enforcement Agency Liaison,Intelligence Management, Regulatory Compliance, Revenue Assurance and Policy development.

Check out his website at www.yatesfraudconsulting.com. Also check out our other VoIP fraud posts here.

Read yesterday’s post on PABX fraud by Manuel Basilavecchia here

Categories
Bad Stuff nuisance calls and messages scams

Overseas call centre scammer

The return of the scam call

Just had a scam call. It’s not often I’m home early enough and they typically ring at tea time. You can immediately tell what sort of call it’s going to be because they use cheapo crap telephone services over the internet.

So I happened to be in a playful mood and thought I’d chat to the lad/laddette. Instead of speaking I sang the words down the line and eventually broke into a very tuneful version of Hello Dolly. At that point the scammer ended the call without having even introduced himself.

No stamina. I might have been interested in signing up for his virus repair services or whatever it was he was using to try and extract cash.

I’d be quite interested in hearing from anyone who knows someone who’s actually fallen for such a scam call. You can change the names etc to protect the innocent/unwary.

Also the most innovative scams. You don’t hear of any new ones. Maybe they think why change a winning recipe? Or maybe they aren’t imaginative enough? Probably a bit of both.

One wonders whether they have an employment category in India (or where ever else these calls originate) called “scam call operative”. It would be near surgeon and secretary on the list. Perhaps “solicitor” is what they put down. Geddit? What proportion of census entries would have the scam call operative down as occupation.

Maybe people do NVQs in such profession. It’s bound to help at the job interview. You would also want to be able to quote how much cash you had successfully extracted from people. Bump it up even. I doubt it would be verifiable. It’s the scammer’s equivalent of lying about your salary on a job application, or making up a fake doctorate you’d bought on the internet (not paid for it hopefully – the scammer has pride in his or her capability to do such things).

Anywaysenoughfernow.

Loads of scam call posts here btw.  It’s some of the most visited stuff on this blog.

Categories
Bad Stuff Business ofcom scams security voip

VoIP Fraud — Technological Conventionality Achieved

VoIP has reached the mainstream. We know because the fraudsters are coming after us.

Trefor.net welcomes VoIP Week guest contributor Colin Duffy, CEO of Voipfone and ITSPA Council member.

VoIP merges two of the largest industries in the world: Telecommunications ($5.0 trillion) and the Internet ($4.2 trillion). It is big business.

Estimates of VoIP market size vary, though they are universally large. For instance, Infotenetics Research estimates the global residential and business VoIP market to be worth $64bn in 2014, growing to $88bn in 2018. Visiongain, on another hand, puts the 2018 value at $76bn. WhichVoIP (Bragg) has it as $82.7bn by 2017, and also claims that VoIP calls account for 34% of global voice traffic – 172bn call minutes. And then there is the United States Federal Communications Commission, which estimates that “In December 2011, there were 107 million end-user switched access lines in service [..in the USA and..] 37 million interconnected VoIP subscriptions.

And with opportunity comes the thief:

ICT Recent Scenarios: VoIP Week: Colin Duffy
(Corporate ICT)

 

(You have to love that New Scotland Yard hack…..)

But it’s not confined to big organisations; perhaps a little closer to home:

“A family-run business says it has ‘nowhere left to turn’ after hackers rigged its telephone system to call premium rate phone numbers — racking up a bill of nearly £6,000. ‘We reported it to the police, but we were told there was very little likelihood of them catching anyone so they wouldn’t be able to investigate’, she added.”                               

— Lancashire Telegraph

The Communications Fraud Control Association publishes a global fraud loss survey, and in 2013 they estimated that the global telecommunication industry loss to fraud was an enormous $46.3bn, which included:

  • VoIP hacking ($3.6bn),
  • PBX hacking ($4.4bn),
  • Premium Rate Services Fraud ($4.7bn),
  • Subscription Fraud ($5.2bn)
  • International Revenue Share Fraud ($1.8).

Over 90% of the telephone companies included in the CFCA’s survey reported that fraud within their company had increased or stayed the same since the last report.

Globally, the top emerging fraud type was identified as Internet Revenue Sharing Fraud, with Premium Rate Service Fraud (both international and domestic) also in the top five. Of the top five emerging fraud methods, PBX Hacking was the most important with VoIP Hacking at number three.

Who’s doing all this is a big and interesting topic, but here’s a starter:

Top Ten Countries where fraud
TERMINATES

Top Ten Countries where fraud
ORIGINATES

*Latvia
Gambia
*Somalia
Guinea
Cuba
East Timor
Lithuania
Taiwan
*UK
USA
India
*UK
Brazil
Philippines
*Latvia
Pakistan
*Somalia
Spain
Bulgaria

CFCA, Global Fraud Loss Survey, 2013

What can be done?

Earlier this year a customer of Voiceflex was hacked to the tune of £35,000 when over 10,000 calls were sent to a Polish Premium Service number over a period of 36 hours. The customer refused to pay, which resulted in a court case that the telco lost. Now the industry is looking to its terms and conditions for protection, but it’s clear that this isn’t enough – the cause needs addressing.

The best approach would be to cut off the money supply – if Telcos could withhold payments for known fraudulent calls, the activity would end. But this solution requires changes to inter-operator agreements and cross-jurisdiction interventions.

“We are currently in discussions with our fellow EU regulators about steps that may be taken to address cross-border [Dial Through] fraud and misuse. It is important that companies using VoIP systems take steps to ensure both the physical and technical security of their equipment in order to avoid becoming an ‘easy target’ for this type of criminal activity […..] We are approaching the NICC and relevant trade associations to ensure their advice is updated to help businesses better protect themselves against newer types of dial-through fraud that have emerged as technology has developed.”

— Ofcom 2013

For once I agree with Ofcom. The industry needs to work harder at target-hardening. We need to be making this industry safer for our customers.

There’s a lot to be done but a good start is to read and apply the guidance issued by ITSPA – the UK trade organisation for Internet Telcos.

I’m taking a close personal interest in VoIP fraud and security, and I invite anyone who has more information or who wishes to discuss this in more detail to contact me at colin@voipfone.co.uk email

A naive user asked me, ‘why can’t you just make safe telephones?’ Well, why can’t we?

Categories
Bad Stuff Business Legal Regs scams

The ethics of non geographic numbers and information, connection and/or signposting services

Information, Connection and/or Sign Posting Services (known as “ICSS”, subtly different from the topical ISIS, though many will put them into a similar “scourge” pigeon hole) at their core are simply a number translation service on non geographic numbers overlaid with advertising.

The idea is that ICSS providers make it easy for you to locate the phone number you are looking for, or, to put it another way, they are better at Search Engine Optimisation that the companies you may be looking for. In one sense, it’s a Directory Enquiries service via Google as opposed to dudes with moustaches.

But like all things, they can be abused. If you Google “British Gas Customer Services”, thankfully you’ll see official bona fide entries at the top, with their plethora of freephone numbers. A few entries further down is this;

British Gas ICSS
British Gas ICSS

 

What’s that? An 0844 number at 5ppm (plus call set up fee) from a BT Landline and probably more from mobiles? It’ll translate through to their 0800 numbers, netting the value chain for this service circa 5 pence per minute margin to share around between them. There are two sides the argument on the ethics of this – be it paying a premium to reduce your notional search costs and revel in your own laziness (ultimately this is no different to why I employ a cleaner) versus exploitation of the naive.

I don’t take a view on that here; and nor did PhonepayPlus when they intervened in this market on 09 numbers and 0871 numbers (6 pence per minute and higher) last year. Essentially, they laid down the detailed and comprehensive ground rules to ensure that such services were only used by people on the left hand side of the ethical spectrum I outlined before.

But 084 numbers aren’t included in the Premium Rate Services Definition and aren’t covered by the Code of Conduct and all the requirements therein. That means they are more open to being used on the right hand side of that spectrum. And that’s when I start to get concerned. A few years ago, the Department for Work and Pensions entered into negotiations with major mobile networks to make their freephone numbers genuinely free to their users. Ofcom’s own research says that around a quarter of socioeconomic group DE households (the most vulnerable) are mobile only which makes their move, surprisingly for government, well targeted.

But if you Google “ESA contact number” as in Employment Support Allowance, this is what you get

ESA ICSS example
ESA ICSS example

 

Another 5 pence per minute 084 number, an ICSS hidden in a void of regulatory oversight, which could be argued to be exploiting the most vulnerable and least able to pay (noting that historically some mobile phone operators have charged upto 75 pence per minute for an 084 call, with many tariffs still at 40 pence per minute). Is this ethical? I’ll leave that for you to reach your own personal conclusions, but in the mean time, I hope to raise awareness of the issue after someone I know was caught out.

Categories
Engineer ipv6 scams

IPv4 leasing & IPv6 penetration into networks

IPv4 leasing offer from broker but uses gmail address.

Got an email at my LONAP address yesterday asking if we had any spare blocks available for IPv4 leasing. I used to occasionally get them when at Timico as I think did most of the industry. This time it’s prompted me to look a little deeper into the issue. After all it is over 3 years since the exhaustion of the IANA IPv4 address space – you may remember the Move over IPv4 Bring on IPv6 party which was a huge success even if I say so myself.

I looked at the google keyword stats for “IPv4 leasing”. The UK averages only 10 searches a month for this term. Doesn’t really smack of an industry getting desperate. The “brokers” of IPv4 addresses do appear to exist in somewhat of a twilight zone. For example the email I got was from an Adam Green with an address of [email protected]. If he was kosher he would use a proper business address. It isn’t a kosher business model anyway.

These guys swipe email databases from the likes of RIPE. The one I got didn’t address me by name which in the gmail world normally leads to automatic spam labelling. In November we have RIPE69 coming to London and I’ll be looking for guest posts on the subject of IPv6. The subject of IPv4 leasing will almost certainly come up at the meeting although to be honest people should be focussing on moving their infrastructure on to IPv6, something that still isn’t particularly mainstream.

It would be interesting to hear from anyone with an IPv4 address space problem although I doubt anyone would put their hand up to admit it.

Taking a look at some LONAP stats, out of 152 connected networks 113 or 74% of them have registered IPv6 blocks with the IXP.  At the LONAP AGM we ran a little exercise with prizes for those who registered using an IPv6 address. Of the 50 or so attendees and excluding LONAP staff we had 8 people register using an IPv6 address. Suggests that use of IPv6 is still somewhat limited even amongst the network engineering community you would think would be early adopters.

Taking the exercise a little further we looked at the websites of LONAP members. Of the 149 checked 74 of them have no IPv6 enabled site. If you have no idea what I’m talking about with IPv6 this info will be of no interest whatsoever. However those in the game should find the stats v interesting and probably not a surprise.

That’s all for now. Stay tuned for more IPv6 stuff as it hits my screen…

Categories
food and drink scams Weekend

The Tesco Baked Bean expose part II – 44% increase in baked beans pricing

Hot on the heels my first Tesco baked beans pricing expose (6 tins or 4 – best buys) I have more news. Further investigative journalism reveals that the buggers have now dropped the price of a fourpack to two quid whilst upping the six pack from two fifty to three sixty. wossatallaboutwtf?

Having lulled us into thinking that two fifty was the standard pricing for the sixpack they have now stuck it with a whopping forty four percent increase. So you can now either pay fifty pence for a can of beans or sixty!  They must think their customers are total morons. It is also intuitive to assume that a bigger pack will be cheaper than the smaller pack. They are taking advantage of that type of thinking.

It must come as no surprise that Tesco profits are in decline if they are messing about with prices like this. It leads to loss of faith and trust in the brand.

That’s all.

Other Tescoiffic posts:

State of the Art Tech at Tesco
I bought a grill cleaning T brush from Tesco
My name is Andy and I work for Tesco
Tesco SPAM more expensive than ham

baked beans
baked beans
baked beans
baked bean

Categories
End User scams

Another Microsoft scam call – supportpconline

supportpconlineQuite excited to receive another Microsoft “we need to check out yourPC” scam call. It’s been nearly a year since speedytechies called. This lot were called supportpconline. Their attentive advisor Alex gave me their url to check out  http://www.supportpconline.com/index_microsoft.php but it wouldn’t resolve to that – I could only access their index page.

I note that in order to find out who the owner is I need to visit privacyprotect.org. I’m not that bothered. Recording of phone call :

 

I bombed out after about 10 mins. He got a bit frustrated that I was using a Chromebook and not a Windows7 PC. I said who on earth would want to use a Windows7 PC. It gets scammers trying to take control of it:).

Took a spin round their website. It has a wonderful table showing the services they offer (doesn’t mention the extortion of cash1 by pretending they are fixing something bit). Love the way that “silver” is lower than “standard” and that economy is the best service level. Clearly a bit of reverse psychology going on there. “Our best service is our cheapest”, presumably:). They have inbound lines for the UK, Australia and the USA which presumably must be their main target scam markets. Sweden gets a fax number. Bit odd innit!

Note the Vista upgrade service, only available to Exclusive and Economy subscribers. I’d be a bit pissed off if I’d paid for the Premium service (or higher) only to find it didn’t include Vista upgrades. Having said that if I was stupid enough to have a Vista based PC then I’d deserve anything I had coming. That’s their niche – the exploitation of the technically unwary.

In the interest of research I took a look to see if they had a Twitter account. They don’t seem to. Don’t they realise that they need a social media presence in modern online business world. Huh!

Ok that’s enough for now. Stay tuned for more scam phone call posts s they happen…

services offered by supportpconline

More “hard to believe how good these posts are but it’s true”:

Gone phishing
Another accursed PPI text
Please call 08445718136 

1 It is only fair to add that at no point in this call was there an attempt to extort cash as we didn’t get that far in our relationship. However it had all the hallmarks of such a call. Should supportpconline get in touch with convincing evidence that they aren’t scammers then I will wholeheartedly apologise. It could of course have been someone misrepresenting themselves as supportpconline.

Categories
Bad Stuff End User fun stuff Mobile ofcom Regs scams

An Open Letter to Olaf Swantee, CEO of EE

Hi Olaf.

I hope you don’t mind the informal start to my letter as, after all, your company’s recent one to me regarding an increase in the price for my package from EE was as equally informal (I’ve popped a copy of it in the gallery below, though I’m sure you already know all about it).

Before I start, I will admit that you have a contractual basis from which to make the change detailed in the letter, and can mount a robust (albeit one open to challenge) argument about regulatory compliance. That isn’t quite the point, though.

First, I’d like to draw your particular attention to the line that says “RPI (Retail Price Index) is a measure of inflation, which directly affects the cost to run our service.

Interesting. And I’d like to point out a few things to you which would suggest that you are mistaken.

  • RPI, as a measure of inflation, is now largely discredited. Anyone in the know, including your sector’s regulator, the Office of Communications (Ofcom), is migrating to the use of the Consumer Price Index (CPI). Have a look at Ofcom’s discussion in paragraph 3.155 onwards of the Wholesale Local Access Review.
  • Some debate exists on whether wages over the last 12 months have tracked CPI (which is lower than RPI, by the way); it somewhat depends on which decile you find yourself in. Considering this data from the BBC, I suspect you and your executive are OK but a substantial number of EE staff may not be. Unless, of course, you gave them all a CPI-busting wage increase of the RPI figure. Did you?
  • A substantial part of your business is your mobile phone customers calling landlines: 01 and 02 numbers. As a result of a European Union Recommendation some time ago, Ofcom lowered the termination rates on 1st January 2014 for these calls by around RPI (this review was started before the Office of National Statistics drove the final nail into the RPI coffin) minus 87% — a net 84% reduction in that cost to your business. Funny, but I don’t recall getting a reduction in my line rental or other charges, so I assume you’ve kept this windfall, yes? See Table 1.1 of the Final Statement in the 2013 Wholesale Narrowband Market Review for information.
  • The Treasury estimated that the 4G spectrum auction would raise around £3.5bn. In reality, it raised £2.34bn, so there’s a £1.1bn saving there for the mobile industry against a reasonable market expectation; thus, rationally-speaking, EE must have forward-priced its 4G services expecting to outlay a market value for spectrum, resulting in further savings on your part. Is this true?

I am sure you can see at this point why I have a problem believing you when you say that RPI (or CPI) has had a direct affect on your entire business; unless in spite of what I have cited above there is a cost that has risen so disproportionately high that it means the average cost increase is the same as the RPI? What could that cost be…perhaps Kevin Bacon’s fees?

Categories
Business scams

From +447456272496 Please call 08445718136 quoting your reference 776811

llanfairpwllATTENTION! We have tried to contact you, It is important we speak to you today. Please call 08445718136 quoting your reference 776811. Thank You.

Gah this is sooo frustrating. The person didn’t say who it was sending the text and I don’t have the number in my address book. What am I going to do now? It will be so embarrassing if I ring and get their name wrong – I don’t like to just say “hi” do you? It gives a far better impression if you can call them by name. I realise that they didn’t use my name either but that’s understandable in a text message isn’t it? Using my full name, Huw Trefor Davies would take up far too much space though they could have just said Tref and I would have been fine with that. Maybe they didn’t think of that.

Perhaps their name is a really long one that would take up most of the message – like Mr Llanfairpwllgwyngyllgogerychwyrndrobwllllantysiliogogogoch. It’s plausible, isn’t it? People do get called after place names, maybe they were born there or summat!

I don’t think I’ll bother.

Categories
End User online safety piracy scams

Gone phishing

pirate flagHad a wonderful little phishing attempt over the weekend that I feel compelled to share with you. I wonder how many people got this one and what its success rate will be. I imagine these guys are running a business with a dashboard and KPIs. There must presumably be a ROI for them to bother.

They do need a graduate entry scheme though or to employ some former civil servants to get the lingo right because the construction of the email isn’t totally convincing. Did anyone else get this one? I would say “bless em” if they weren’t such thieving b@$%@&^%.

DIRECT GOV

LOCAL OFFICE No. 3819

TAX CREDIT OFFICER: Rodney Williams

COUNCIL TAX REFUND ID NUMBER: 983258661

REFUND AMOUNT: 324.39 GBP

Dear Applicant,

Unless expressly authorised by us, any further dissemination or distribution of this email or its attachments is prohibited.

I am sending this email to announce: After the last annual calculation of your fiscal activity we have determined that you are eligible to receive a tax refund of 274.39 GBP

The dispute follows miscalculations of Pay As You Earn (PAYE) liabilities last year, which DIRECT GOV originally also denied when reported in this space but later admitted affected millions of people. You can now reclaim your over paid tax now by complete the tax return form attached to this message.

After completing the form, please submit the form by clicking the SUBMIT button on form and allow us 5-9 business days in order to process it.

Our head office address can be found on our web site at DIRECT GOV

Rodney Williams

DIRECT GOV Credit Office

Preston

COUNCIL TAX REFUND ID: UK983258661-HMRC

DIRECT GOV denies profiting from tax refund delays which leading accountants claim are becoming more widespread and make taxpayers wait months to get back what they are due.

Copyright 2013, DIRECT GOV UK All rights reserved.

Categories
End User scams

+447456700496 – another accursed intrusive PPI text

I’m sure I’ve signed my mobile up with the Telephone Preference Service but I just got another sms from +447456700496:

“We have been trying to contact you regarding your PPI claim, we now have details of how much you are due, just reply POST and we will posts you a pack out”

Either they are lying or they know that I am due nothing whatsoever in which case you wonder why they would go to the effort of sending me a “pack”.

The power of the www suggests to me that this number is owned by Gladstone Brookes and looking at their website there is indeed a section to fill in to start your PPI miss-sold claim.

I do wonder what sort of individual runs this sort of operation. I also wonder whether, in the light of what I said re the TPS, there is any comeback against them for sending me a text. I will enquire & let you know.

Categories
Business Cloud internet online safety piracy scams

Should we regulate the cloud?

Today I am at a CIO event in London discussing the topic “Too important to be regulated and too important to be left alone” (Forbes) – Should we regulate the cloud?

You could extend this question to encompass the whole internet. Really there is no difference between the internet and the cloud.

When you think about it, as the whole world drags its living and breathing self into the cloud, it is natural that we should expect laws that exist on terra firma to apply to the cloud. There is no reason why they should not. What is illegal on earth should also be illegal in the heavens. The notion of being robbed or assaulted is just as unattractive in cyberspace as it is in the high street.

It is reasonable therefore that regulations should apply.

Categories
End User scams security

Great phishing season

All you anglers out there will appreciate this little phishing effort from “Lloyds Bank”. I picked it up from our spam filter – pleasing to see that it works. I do wonder what percentage of recipients of this kind of email actually fall for it.

This one isn’t a bad attempt though as is the nature of these things they have speled departament wrong & the use of grammar isn’t quite how I like it. Should have worked harder for their English GCSE. They might have got a proper job instead of having to resort to crime. The italics are mine.

The inset photo is of me with a phishing rod on the pier at Whitby, Summer 2008 (fwiw – it’s the nearest I could find that had anything to do with the subject).

Dear Customer,

This is an important Lloyds TSB Bank Security Message. We reviewed your account and we suspect that it may have been compromised. Assuring the security of your account and of Lloyds TSB Bank’s Network is our primary concern. Therefore, as a preventive measure, we have temporarily limited your account. Please take the following steps in order to restore your account access and ensure that your account has not been compromised:

1. Please Download the Login Form attached to your e-mail.

2. Login to your Lloyds TSB Bank account and fill in all required information.

3. We will review your activity to confirm that you are the account holder and we will remove any restrictions placed on your online banking account.

If you choose to ignore our request you leave us no choice but to suspend your online account indefinitely.

IMPORTANT NOTICE: You are strictly advised to match your information rightly to avoid service suspension.

Kind regards,
Lloyds TSB Bank Online Security Departament.

Please send us any scam/phishing emails you have received. Please do not reply to this e-mail. Mail sent to this address cannot be answered. For assistance, log in to your Lloyds TSB Online Bank account and choose the “Help” link on any page.

Copyright Lloyds TSB Bank Plc. 2012 – All rights reserved. Email ID # 705