Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

International Long Distance Fraud

Posted on 2014-10-22
11
Medium Priority
?
234 Views
Last Modified: 2014-10-28
Recently we lost the ability to place international calls because someone called Latvia 252 times in the span of 60 minutes. Absolutely fraudulent phone calls but, we are not able to find any trace of these calls being made from our phone system. We have had a third party review our log files as well as the phone system vendor and no one is able to find anything.

This leads me to believe someone is spoofing our number to make long distance calls and I am curious how is this possible and why doesn't the phone company recognize these are not coming from our circuit?

Also what is the benefit from doing this? The calls are mostly around 5 minutes long to a group of numbers in Latvia. Is this just for malicious purposes to try and cost our company a truck load of money in Long distance fees or is there some other benefit they might be receiving? Why the 5 minute phone calls. About 240 of the 252 were all right around 5 minutes in length.
0
Comment
Question by:licorbiosciences
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 5
11 Comments
 
LVL 62

Expert Comment

by:gheist
ID: 40398977
Run numbers through this:
http://www.numuri.lv/default.aspx
Do they go to same provider? Are they premium numbers?

Can your provider provide you with VOIP logs to confirm calls were placed from your gateway?
0
 

Author Comment

by:licorbiosciences
ID: 40399297
I ran most of them through and the translation I get is that the numbers are not assigned to a merchant. It looks like they are all the same provider as the only change is the last two digits.

Our Phone system connects to a PRI so our vendor is going to pull the circuit logs to see if the calls originated at our location.

Thanks for the assistance.
0
 
LVL 62

Expert Comment

by:gheist
ID: 40399361
So why you are charged for calling dead end phones?
0
Take our survey for a chance to win!

As a valued customer of Targus, we’d like to ask you a few questions about us. As thanks, you will be automatically entered for a chance to win a $500 VISA gift card. To enter, just complete the survey by September 15, 2017.

 

Author Comment

by:licorbiosciences
ID: 40399470
Our vendor is going to credit all the charges but how someone can spend 5 minutes on a call to a number that does not exist is a great question.

I am really interested in how is it possible for someone to spoof our numbers and have this billed to our account and get to the point where Verizon and WINDSTREAM block our international calling.
0
 
LVL 62

Expert Comment

by:gheist
ID: 40399654
is there a provider for your number? (2nd line) - if it is a big provider it is worth asking them
Is it premium number? (3rd line says that)
371.png
0
 

Author Comment

by:licorbiosciences
ID: 40399671
Our number is a US number. The numbers that were called were in Latvia.

We have a fraud case open with our provider. Since technically nothing has changed on our side and nothing so far has changed with our provider I am concerned this will happen again and our ability to dial internationally will be blocked.

Thanks for the help.
Tony
0
 
LVL 62

Expert Comment

by:gheist
ID: 40399691
Do you receive voip calls to your gateway from anywhere? like 123@myvoip.company.com?
If not - restrict voip access to your providers gw only.
0
 

Author Comment

by:licorbiosciences
ID: 40399914
We do not receive VoIP calls. I am not sure how to restrict VoIP access to our gateway. I will contact our provider for help.
0
 
LVL 62

Expert Comment

by:gheist
ID: 40399958
Because if you dont have call record - can they find it on their end...
0
 

Author Comment

by:licorbiosciences
ID: 40406555
WINDSTREAM came out today and found that HTTP and HTTPS was open on their router that splits the voice and data connection. They blocked http and https along with snmp, smtp, telnet and ssh. They said this was not configured properly by them when they first setup the device.

The thought is they are accessing the router and setting up SIP profiles to make calls. We could not find any SIP profiles so the tech thought they might be removing them once the block is placed on our line.

Thanks for your help.
Tony
0
 
LVL 62

Accepted Solution

by:
gheist earned 2000 total points
ID: 40407880
You are welcome.
You see when evildoers exploit http:// their backdoor process runs on your SIP gateway and evildoers can connect provider SIP without touching SIP components on the system (or SIP logs etc)
I would bet it will be longer journey for windstream to combat them being charged for a call to nonexistent numbers...
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This is about my first experience with programming Arduino.
This paper addresses the security of Sennheiser DECT Contact Center and Office (CC&O) headsets. It describes the DECT security chain comprised of “Pairing”, “Per Call Authentication” and “Encryption”, which are all part of the standard DECT protocol.
Video by: ITPro.TV
In this episode Don builds upon the troubleshooting techniques by demonstrating how to properly monitor a vSphere deployment to detect problems before they occur. He begins the show using tools found within the vSphere suite as ends the show demonst…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …

715 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question