Payday Loan/TDoS Scam

There has been a lot of press about recent Telephony Denial of Service (TDoS) attacks and the payday loan scam. The FBI issued a warning back in January and since then, there has been a ton of press and articles on the attack (see links in previous posts):

Twist In Payday Loan Phone Scams Affects Emergency Services

Here is some info on the scam that I have assembled from customers seeing the attack, prospective customers we have had discussions with, and service providers having to deal with the attack. The attackers call a number and state that the callee or other individual owes money on a "pay day" loan. If they don't pay, their number will be overwhelmed with calls - a TDoS attack

The attack seems to have originated with the attackers gaining access to a list of individuals and numbers who have had pay day loans. This makes some sense - these individuals may owe and could be likely to fall for the scam and pay. The attack is affecting Intensive Care Units (ICUs), other emergency facilities at hospitals, Public Service Answering Point (PSAP) adminsitrative lines, and other critical services. It isn't clear to me if these targets just happen to have numbers on the list or much more likely, the attacker has expanded their attack and targets to victims equally likely to pay.

I have heard that so far, as much as $4,000,000 has been paid as part of  this scam!!! One individual has been the victim of multiple attacks and paid $60,000 to date!!! I would not have predicted that this many individuals and enterprises would pay, but apparently they have. This number may be quite a bit higher - certainly not all victims will have reported the issue.

This shows a way for attackers to make money off of TDoS. One usually thinks of DoS, DDoS, and TDoS as occurring simply for disruption or as a cover for other attacks. In this case, someone is directly making money off of it, so we will certainly see more.

The attacker requests that the victim load funds onto pre-paid VISA debit cards. The attacker then uses funds on the cards at their leisure.

Those who report being attacked have complained about a persistent flood of calls, that overwhelm their numbers or even their entire voice system. Some victims have obviously went ahead and paid the extortion, but that is the worst thing you can do. There is no assurance that the attack will stop and there is a good chance it will just continue or get worse, because the attacker now knows that they have a gullible victim. You will be much wiser to look for a means to mitigate the attack, such as voice firewall/IPS solutions from SecureLogix, which work for SIP and TDM networks. You can also try to ride the attack out.