Home Tech Updates Oculeus discusses the current state of telecom fraud and more

Oculeus discusses the current state of telecom fraud and more

by Helen J. Wolf
0 comment

We are all exposed to telecom fraud – from communication service providers to enterprises, organizations, and individual consumers.

This is nothing new, as cyber criminals have always used advanced technologies to outdo the telecom fraud practices of telcos and their corporate clients over time. However, as telcos improve their technology stack to fight telecom fraud, there is hope that the threats will be minimized.

We recently spoke with software solutions provider for telecommunications service providers, Oculeus Vice President Gavin Stewart, to learn more about his company’s perspective.

Oculeus discusses the current state of telecom fraud and more

Today, cybercriminals use the most advanced technologies to execute telecom fraud attacks quickly. We’ve seen several recent incidents where fraudsters used innovations such as AI to continually refine and adapt their evasion methods and outsmart traditional anti-fraud solutions that rely on static rules.

Unfortunately, at the same time, telecom fraud is currently one of the good forms of cybercrime and is relatively easy to carry out.

The pandemic has jump-started and even accelerated the digital transformation of many organizations. Many of these projects were needed to support new work-from-home scenarios during the long lockdown periods in many places.

While many of these projects have enabled enterprises to maintain the continuity of their operations, working from home has significantly increased the attack surface for cybercrime during the pandemic.

Studies have identified several broader trends that contribute to this scenario. First, corruption and fraud activities generally increase in all sectors during times of economic downturn or crisis. Second, criminal activity usually moves away from physical crimes and towards online crimes as part of a general shift toward a digital society.

Pumping. So from a telco standpoint — and taking into account the additional restrictions on people’s rights to physically congregate during the pandemic — it’s much easier to conduct an account hijack or make calls to a premium destination from the comfort of your own home. PThe disruption of IT security controls associated with telecommuting or hybrid models exacerbates this, making potential vulnerabilities more difficult for an organization’s IT teams to manage fully.

The position is complex because in the telco B2B customer relationship, the negative effects are quite complex and varied, and the issue of commercial liability is also nuanced.

Telcos have a contractual duty of care and, as such, are at significant risk if they fail to protect their B2B customers from fraud attacks and fail to implement a rapid, effective service recovery approach in the aftermath of an attack, where if they are exposed to potential commercial losses, penalties, and compensation, as well as the possibility of customer churn.

Business customers are at risk because some or all liability could fall on them anyway. While they may reasonably expect their telecom provider to ‘cover their losses’ in the event of a fraud attack, there may be limitations and restrictions on the telco’s obligation to do so. For example, if a company experiences a hijacking of its PBX, the blame for the attack may lie with the telco due to insufficient vigilance or slow response. Likewise, the responsibility could be shared or only with the company, perhaps due to its inadequate security controls or even nefarious actions by one of its employees.

So if a telecom company doesn’t have a sophisticated anti-fraud solution, it may even take a somewhat simple approach of temporarily limiting or shutting down customer telephony services as part of its immediate response to a fraud attack.

In other cases, the telco may happily compensate a corporate customer for a first attack. Still, if a second similar attack occurs within a certain period, the customer may be required to refund all previous fees and bear the costs.

The messy landscape highlights the critical need for avoidance and advanced anti-fraud measures to protect good B2B customer relationships. In addition, responsiveness becomes crucial in limiting the potential for fraud losses – it is far better to discuss a $50 loss with a customer than a $5,000 loss.

There is a lot of common ground between the two in that illegal cybersecurity activities and telco fraud often share a desire to make a financial gain.

However, cybersecurity attacks have different motivations, such as state-sponsored malicious actors seeking to disable essential services to hinder the general public or terrorism.

Perhaps an important distinction between the two is that telecom fraud essentially stems from the activities of people. This is both in terms of the fraudster’s ability to analyze and understand how other people typically behave according to a normal expectation and then apply ingenuity and skill to act with fraudulent intent while disguising what they do to ‘appear normal’ to avoid suspicion.

Therefore, effective fraud prevention requires highly sophisticated techniques to detect that something abnormal and unexpected is taking place.

Our main recommendation is never to stand still.

Fraudsters adopt a dynamic approach to adapt and outsmart attempts to detect them constantly. Therefore, telecom fraud checks must also be active and avoid only looking for pattern matches that the fraudster no longer has.

In practice, this follows by applying advanced monitoring and not just focusing on fraudulent behavior. For example, Simbox fraudsters generally don’t start as big companies; they grow slowly, attract more customers, and evolve.

You can’t always spot a ‘big bang’ from day one, but you can catch them early with advanced monitoring. Machine learning is an essential ally in this regard, as it allows a fraud-fighting system to adapt, train and learn without direct intervention to make more accurate predictions. With machine learning, you outsmart the other person’s attempts to evade detection. Conversely, if a telco only applies a rules-based anti-fraud solution, it becomes too easy for the fraudster to avoid suspicion.

You may also like