Here is a recent article on toll fraud on mobile devices.
This is one of the best articles I have read in a while. It covers how Pakistan captured multiple individuals on the FBI's most wanted list
Here is a link to a good article in a national publication, the New York Times, on the growing issue of toll fraud. Toll fraud has been around for many years, but continues to get worse for a number of reasons.
Back in 2011, a firm was hit with toll fraud and racked up a $35,000 bill. The firm refused to pay and fought the issue in court.
Here is a link to a good video on VoIP and SIP security.
Patrick McNeil covers how to hack SIP servers, at service providers and enterprises, to make money. The presentation is useful because it covers why someone might bother to hack these servers, namely:
- Toll fraud or International Revenue Sharing Fraud (IRSF) - basically using someone elses PBX to generate calls to premium numbers set up by the hacker or where the hacker has an agreement with the owner to generate traffic.
- Telephony Denial of Service (TDoS) - using someones PBX to target a business or individual. The attacker makes money through extortion.
- Robocalling/SPAM - using someone's PBX to make many SPAM or vishing calls to individuals (this was briefly mentioned).
At the end of the presentation, there is a brief TDoS demo.
Note that another way to make money is call pumping, where the calls are to 1-800 numbers and the attacker gets a share of the revenue, but this arrangement is more difficult to set up.
J. Oquendo has created the "VoIP Abuse Project" or "VoIP Blacklist Project"
Here is a site with some decent toll fraud (and other fraud) alerts.
Here is a link to a recent presentation for an analysis of a massive scan of the entire IPV4 address range for SIP servers:
A small business, a Remax realtor, was hit with $600,000 of Dial Through Fraud (DTF). I included an article below:
Here is a video describing a Dial Through Fraud (DTF) attack. DTF is a form of toll fraud, there the attacker dials into a compromised PBX, gains dial tone, and then dials a new destination, usually an international number.
Here is yet another article about toll fraud. This one makes a particularly scary point - that being that toll fraud can seriously affect, even put SME's out of business is a very short amount of time.
Here is some information on a number of toll fraud attacks against small business in New York.
Here is a link to an article where Communicates Regulator warns businesses that phone hacking (toll fraud) will be increasing over the holidays.
Gary Audin posted a nice summary covering different types of toll fraud, based upon the most recent CFCA report (from last year)
There were a number of articles out the past week describing malware that generates text/SMS message to premium services.
Here is another example of toll fraud. Likely the most common and financially significant voice, VoIP, UC security issue.
Here is a recent article on voice, VoIP, UC security. 50 recommendations.
The Communications Fraud Control Association (CFCA) put out their semi-annual fraud report last year.
This is the first I heard of this, but apparently, a small manufacturing business had some $900,000 (thats right, almost 1 million dollars!!!)
British Telecom (BT) reports that in 98% of data attacks, that the attacker is also executing toll fraud.