Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 241
  • Last Modified:

International Long Distance Fraud

Recently we lost the ability to place international calls because someone called Latvia 252 times in the span of 60 minutes. Absolutely fraudulent phone calls but, we are not able to find any trace of these calls being made from our phone system. We have had a third party review our log files as well as the phone system vendor and no one is able to find anything.

This leads me to believe someone is spoofing our number to make long distance calls and I am curious how is this possible and why doesn't the phone company recognize these are not coming from our circuit?

Also what is the benefit from doing this? The calls are mostly around 5 minutes long to a group of numbers in Latvia. Is this just for malicious purposes to try and cost our company a truck load of money in Long distance fees or is there some other benefit they might be receiving? Why the 5 minute phone calls. About 240 of the 252 were all right around 5 minutes in length.
0
licorbiosciences
Asked:
licorbiosciences
  • 6
  • 5
1 Solution
 
gheistCommented:
Run numbers through this:
http://www.numuri.lv/default.aspx
Do they go to same provider? Are they premium numbers?

Can your provider provide you with VOIP logs to confirm calls were placed from your gateway?
0
 
licorbiosciencesAuthor Commented:
I ran most of them through and the translation I get is that the numbers are not assigned to a merchant. It looks like they are all the same provider as the only change is the last two digits.

Our Phone system connects to a PRI so our vendor is going to pull the circuit logs to see if the calls originated at our location.

Thanks for the assistance.
0
 
gheistCommented:
So why you are charged for calling dead end phones?
0
New Tabletop Appliances Blow Competitors Away!

WatchGuard’s new T15, T35 and T55 tabletop UTMs provide the highest-performing security inspection in their class, allowing users at small offices, home offices and distributed enterprises to experience blazing-fast Internet speeds without sacrificing enterprise-grade security.

 
licorbiosciencesAuthor Commented:
Our vendor is going to credit all the charges but how someone can spend 5 minutes on a call to a number that does not exist is a great question.

I am really interested in how is it possible for someone to spoof our numbers and have this billed to our account and get to the point where Verizon and WINDSTREAM block our international calling.
0
 
gheistCommented:
is there a provider for your number? (2nd line) - if it is a big provider it is worth asking them
Is it premium number? (3rd line says that)
371.png
0
 
licorbiosciencesAuthor Commented:
Our number is a US number. The numbers that were called were in Latvia.

We have a fraud case open with our provider. Since technically nothing has changed on our side and nothing so far has changed with our provider I am concerned this will happen again and our ability to dial internationally will be blocked.

Thanks for the help.
Tony
0
 
gheistCommented:
Do you receive voip calls to your gateway from anywhere? like 123@myvoip.company.com?
If not - restrict voip access to your providers gw only.
0
 
licorbiosciencesAuthor Commented:
We do not receive VoIP calls. I am not sure how to restrict VoIP access to our gateway. I will contact our provider for help.
0
 
gheistCommented:
Because if you dont have call record - can they find it on their end...
0
 
licorbiosciencesAuthor Commented:
WINDSTREAM came out today and found that HTTP and HTTPS was open on their router that splits the voice and data connection. They blocked http and https along with snmp, smtp, telnet and ssh. They said this was not configured properly by them when they first setup the device.

The thought is they are accessing the router and setting up SIP profiles to make calls. We could not find any SIP profiles so the tech thought they might be removing them once the block is placed on our line.

Thanks for your help.
Tony
0
 
gheistCommented:
You are welcome.
You see when evildoers exploit http:// their backdoor process runs on your SIP gateway and evildoers can connect provider SIP without touching SIP components on the system (or SIP logs etc)
I would bet it will be longer journey for windstream to combat them being charged for a call to nonexistent numbers...
0

Featured Post

How to Use the Help Bell

Need to boost the visibility of your question for solutions? Use the Experts Exchange Help Bell to confirm priority levels and contact subject-matter experts for question attention.  Check out this how-to article for more information.

  • 6
  • 5
Tackle projects and never again get stuck behind a technical roadblock.
Join Now