Solved

International Long Distance Fraud

Posted on 2014-10-22
11
194 Views
Last Modified: 2014-10-28
Recently we lost the ability to place international calls because someone called Latvia 252 times in the span of 60 minutes. Absolutely fraudulent phone calls but, we are not able to find any trace of these calls being made from our phone system. We have had a third party review our log files as well as the phone system vendor and no one is able to find anything.

This leads me to believe someone is spoofing our number to make long distance calls and I am curious how is this possible and why doesn't the phone company recognize these are not coming from our circuit?

Also what is the benefit from doing this? The calls are mostly around 5 minutes long to a group of numbers in Latvia. Is this just for malicious purposes to try and cost our company a truck load of money in Long distance fees or is there some other benefit they might be receiving? Why the 5 minute phone calls. About 240 of the 252 were all right around 5 minutes in length.
0
Comment
Question by:licorbiosciences
  • 6
  • 5
11 Comments
 
LVL 61

Expert Comment

by:gheist
Comment Utility
Run numbers through this:
http://www.numuri.lv/default.aspx
Do they go to same provider? Are they premium numbers?

Can your provider provide you with VOIP logs to confirm calls were placed from your gateway?
0
 

Author Comment

by:licorbiosciences
Comment Utility
I ran most of them through and the translation I get is that the numbers are not assigned to a merchant. It looks like they are all the same provider as the only change is the last two digits.

Our Phone system connects to a PRI so our vendor is going to pull the circuit logs to see if the calls originated at our location.

Thanks for the assistance.
0
 
LVL 61

Expert Comment

by:gheist
Comment Utility
So why you are charged for calling dead end phones?
0
 

Author Comment

by:licorbiosciences
Comment Utility
Our vendor is going to credit all the charges but how someone can spend 5 minutes on a call to a number that does not exist is a great question.

I am really interested in how is it possible for someone to spoof our numbers and have this billed to our account and get to the point where Verizon and WINDSTREAM block our international calling.
0
 
LVL 61

Expert Comment

by:gheist
Comment Utility
is there a provider for your number? (2nd line) - if it is a big provider it is worth asking them
Is it premium number? (3rd line says that)
371.png
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 

Author Comment

by:licorbiosciences
Comment Utility
Our number is a US number. The numbers that were called were in Latvia.

We have a fraud case open with our provider. Since technically nothing has changed on our side and nothing so far has changed with our provider I am concerned this will happen again and our ability to dial internationally will be blocked.

Thanks for the help.
Tony
0
 
LVL 61

Expert Comment

by:gheist
Comment Utility
Do you receive voip calls to your gateway from anywhere? like 123@myvoip.company.com?
If not - restrict voip access to your providers gw only.
0
 

Author Comment

by:licorbiosciences
Comment Utility
We do not receive VoIP calls. I am not sure how to restrict VoIP access to our gateway. I will contact our provider for help.
0
 
LVL 61

Expert Comment

by:gheist
Comment Utility
Because if you dont have call record - can they find it on their end...
0
 

Author Comment

by:licorbiosciences
Comment Utility
WINDSTREAM came out today and found that HTTP and HTTPS was open on their router that splits the voice and data connection. They blocked http and https along with snmp, smtp, telnet and ssh. They said this was not configured properly by them when they first setup the device.

The thought is they are accessing the router and setting up SIP profiles to make calls. We could not find any SIP profiles so the tech thought they might be removing them once the block is placed on our line.

Thanks for your help.
Tony
0
 
LVL 61

Accepted Solution

by:
gheist earned 500 total points
Comment Utility
You are welcome.
You see when evildoers exploit http:// their backdoor process runs on your SIP gateway and evildoers can connect provider SIP without touching SIP components on the system (or SIP logs etc)
I would bet it will be longer journey for windstream to combat them being charged for a call to nonexistent numbers...
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

We recently endured a series of broadcast storms that caused our ISP to shut us down for brief periods of time. After going through a multitude of tests, we determined that the issue was related to Intel NIC drivers on some new HP desktop computers …
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now