Solved

International Long Distance Fraud

Posted on 2014-10-22
11
214 Views
Last Modified: 2014-10-28
Recently we lost the ability to place international calls because someone called Latvia 252 times in the span of 60 minutes. Absolutely fraudulent phone calls but, we are not able to find any trace of these calls being made from our phone system. We have had a third party review our log files as well as the phone system vendor and no one is able to find anything.

This leads me to believe someone is spoofing our number to make long distance calls and I am curious how is this possible and why doesn't the phone company recognize these are not coming from our circuit?

Also what is the benefit from doing this? The calls are mostly around 5 minutes long to a group of numbers in Latvia. Is this just for malicious purposes to try and cost our company a truck load of money in Long distance fees or is there some other benefit they might be receiving? Why the 5 minute phone calls. About 240 of the 252 were all right around 5 minutes in length.
0
Comment
Question by:licorbiosciences
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 5
11 Comments
 
LVL 62

Expert Comment

by:gheist
ID: 40398977
Run numbers through this:
http://www.numuri.lv/default.aspx
Do they go to same provider? Are they premium numbers?

Can your provider provide you with VOIP logs to confirm calls were placed from your gateway?
0
 

Author Comment

by:licorbiosciences
ID: 40399297
I ran most of them through and the translation I get is that the numbers are not assigned to a merchant. It looks like they are all the same provider as the only change is the last two digits.

Our Phone system connects to a PRI so our vendor is going to pull the circuit logs to see if the calls originated at our location.

Thanks for the assistance.
0
 
LVL 62

Expert Comment

by:gheist
ID: 40399361
So why you are charged for calling dead end phones?
0
Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

 

Author Comment

by:licorbiosciences
ID: 40399470
Our vendor is going to credit all the charges but how someone can spend 5 minutes on a call to a number that does not exist is a great question.

I am really interested in how is it possible for someone to spoof our numbers and have this billed to our account and get to the point where Verizon and WINDSTREAM block our international calling.
0
 
LVL 62

Expert Comment

by:gheist
ID: 40399654
is there a provider for your number? (2nd line) - if it is a big provider it is worth asking them
Is it premium number? (3rd line says that)
371.png
0
 

Author Comment

by:licorbiosciences
ID: 40399671
Our number is a US number. The numbers that were called were in Latvia.

We have a fraud case open with our provider. Since technically nothing has changed on our side and nothing so far has changed with our provider I am concerned this will happen again and our ability to dial internationally will be blocked.

Thanks for the help.
Tony
0
 
LVL 62

Expert Comment

by:gheist
ID: 40399691
Do you receive voip calls to your gateway from anywhere? like 123@myvoip.company.com?
If not - restrict voip access to your providers gw only.
0
 

Author Comment

by:licorbiosciences
ID: 40399914
We do not receive VoIP calls. I am not sure how to restrict VoIP access to our gateway. I will contact our provider for help.
0
 
LVL 62

Expert Comment

by:gheist
ID: 40399958
Because if you dont have call record - can they find it on their end...
0
 

Author Comment

by:licorbiosciences
ID: 40406555
WINDSTREAM came out today and found that HTTP and HTTPS was open on their router that splits the voice and data connection. They blocked http and https along with snmp, smtp, telnet and ssh. They said this was not configured properly by them when they first setup the device.

The thought is they are accessing the router and setting up SIP profiles to make calls. We could not find any SIP profiles so the tech thought they might be removing them once the block is placed on our line.

Thanks for your help.
Tony
0
 
LVL 62

Accepted Solution

by:
gheist earned 500 total points
ID: 40407880
You are welcome.
You see when evildoers exploit http:// their backdoor process runs on your SIP gateway and evildoers can connect provider SIP without touching SIP components on the system (or SIP logs etc)
I would bet it will be longer journey for windstream to combat them being charged for a call to nonexistent numbers...
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

As companies replace their old PBX phone systems with Unified IP Communications, many are finding out that legacy applications such as fax do not work well with VoIP. Fortunately, Cloud Faxing provides a cost-effective alternative that works over an…
Stuck in voice control mode on your Amazon Firestick?  Here is how to turn it off!!!
In a recent question (https://www.experts-exchange.com/questions/29004105/Run-AutoHotkey-script-directly-from-Notepad.html) here at Experts Exchange, a member asked how to run an AutoHotkey script (.AHK) directly from Notepad++ (aka NPP). This video…
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question