Solved

International Long Distance Fraud

Posted on 2014-10-22
11
198 Views
Last Modified: 2014-10-28
Recently we lost the ability to place international calls because someone called Latvia 252 times in the span of 60 minutes. Absolutely fraudulent phone calls but, we are not able to find any trace of these calls being made from our phone system. We have had a third party review our log files as well as the phone system vendor and no one is able to find anything.

This leads me to believe someone is spoofing our number to make long distance calls and I am curious how is this possible and why doesn't the phone company recognize these are not coming from our circuit?

Also what is the benefit from doing this? The calls are mostly around 5 minutes long to a group of numbers in Latvia. Is this just for malicious purposes to try and cost our company a truck load of money in Long distance fees or is there some other benefit they might be receiving? Why the 5 minute phone calls. About 240 of the 252 were all right around 5 minutes in length.
0
Comment
Question by:licorbiosciences
  • 6
  • 5
11 Comments
 
LVL 61

Expert Comment

by:gheist
ID: 40398977
Run numbers through this:
http://www.numuri.lv/default.aspx
Do they go to same provider? Are they premium numbers?

Can your provider provide you with VOIP logs to confirm calls were placed from your gateway?
0
 

Author Comment

by:licorbiosciences
ID: 40399297
I ran most of them through and the translation I get is that the numbers are not assigned to a merchant. It looks like they are all the same provider as the only change is the last two digits.

Our Phone system connects to a PRI so our vendor is going to pull the circuit logs to see if the calls originated at our location.

Thanks for the assistance.
0
 
LVL 61

Expert Comment

by:gheist
ID: 40399361
So why you are charged for calling dead end phones?
0
 

Author Comment

by:licorbiosciences
ID: 40399470
Our vendor is going to credit all the charges but how someone can spend 5 minutes on a call to a number that does not exist is a great question.

I am really interested in how is it possible for someone to spoof our numbers and have this billed to our account and get to the point where Verizon and WINDSTREAM block our international calling.
0
 
LVL 61

Expert Comment

by:gheist
ID: 40399654
is there a provider for your number? (2nd line) - if it is a big provider it is worth asking them
Is it premium number? (3rd line says that)
371.png
0
VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

 

Author Comment

by:licorbiosciences
ID: 40399671
Our number is a US number. The numbers that were called were in Latvia.

We have a fraud case open with our provider. Since technically nothing has changed on our side and nothing so far has changed with our provider I am concerned this will happen again and our ability to dial internationally will be blocked.

Thanks for the help.
Tony
0
 
LVL 61

Expert Comment

by:gheist
ID: 40399691
Do you receive voip calls to your gateway from anywhere? like 123@myvoip.company.com?
If not - restrict voip access to your providers gw only.
0
 

Author Comment

by:licorbiosciences
ID: 40399914
We do not receive VoIP calls. I am not sure how to restrict VoIP access to our gateway. I will contact our provider for help.
0
 
LVL 61

Expert Comment

by:gheist
ID: 40399958
Because if you dont have call record - can they find it on their end...
0
 

Author Comment

by:licorbiosciences
ID: 40406555
WINDSTREAM came out today and found that HTTP and HTTPS was open on their router that splits the voice and data connection. They blocked http and https along with snmp, smtp, telnet and ssh. They said this was not configured properly by them when they first setup the device.

The thought is they are accessing the router and setting up SIP profiles to make calls. We could not find any SIP profiles so the tech thought they might be removing them once the block is placed on our line.

Thanks for your help.
Tony
0
 
LVL 61

Accepted Solution

by:
gheist earned 500 total points
ID: 40407880
You are welcome.
You see when evildoers exploit http:// their backdoor process runs on your SIP gateway and evildoers can connect provider SIP without touching SIP components on the system (or SIP logs etc)
I would bet it will be longer journey for windstream to combat them being charged for a call to nonexistent numbers...
0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
VOIP Setup through a Watchguard BOVPN 4 67
Charge computer battery during travelling 8 74
VOIP System 9 56
Need help with VLAN issue 6 39
In this article you will get to know about pros and cons of storage drives HDD, SSD and SSHD.
Great sound, comfort and fit, excellent build quality, versatility, compatibility. These are just some of the many reasons for choosing a headset from Sennheiser.
This Micro Tutorial demonstrates using Microsoft Excel pivot tables, how to reverse engineer competitors' marketing strategies through backlinks.
Many functions in Excel can make decisions. The most simple of these is the IF function: it returns a value depending on whether a condition you describe is true or false. Once you get the hang of using the IF function, you will find it easier to us…

895 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now