We'll try to make this quick, but the overall topic is anything but
limited.
First, nobody is safe when it comes to being a victim. Fraud
happens in both fixed and mobile networks of all technologies. There
is no such thing as a technology that cannot be compromised -- those
intent on fraud will find a way. They always do. As one
vulnerability is closed, a creative criminal will find another.
Sometimes the telephone company (seldom the BIG ones, just those
pesky upstarts) gets you: One method is "cramming," the addition of
charges to your phone bill that cover services you didn't order and
fees for things that you may have been led to believe were free.
Then there's "slamming," which is when your long distance or DSL
carrier is changed -- usually via a telemarketer who you said NO to.
You suddenly find yourself doing business with "Bingo Crapshoot's
Pool Hall and Long Distance Provider" and their charges are as
outrageous as their name.
If you own a business that uses a PBX system, a fraudster can call
into the company and then ask to be transferred to an outside toll
number. Most operators are smart enough to not let this happen, but
once in a while a good line of patter will sneak through. The most
common ruses are system tests, although collusion with inside
employees will also work. ("Hey, Joe. Patch me through to
1-900-Hot-Sexy off your company line and I'll buy you a beer on
Friday.")
Beware of 809 area codes on call-backs -- or, in fact, any area code
that you do not recognize. 809 goes to the offshore Atlantic
Islands, those that are not subject to US laws. The numbers can be
set up to bill in a fashion similar to a 1-900 number, and by the
time you ask for whomever allegedly left the urgent message you can
be on the hook for hundreds of dollars.
Fraud can be external or internal. It may come from the customer
base or it may come from inside of the company.
Within communications, fraud has two main categories. Revenue Fraud
involves money to the person perpetrating the fraud. Non-revenue
fraud is motivated by more personal objectives, and it often
involves helping out a friend (even though the intent is criminal)
or just defeating the system for the sheer thrill of it.
In a few cases, it is the criminal network who is perpetrating the
fraud. For instance, a smuggling ring may want to understandably
avoid surveillance and the threat of phone-tapping -- so they figure
out a backdoor into the telephone network and steal communications
services. This may be day-by-day, hour-by-hour, or even call by
call. Most cases, however, are motivated by pure financial greed.
Recently, AT&T was attacked by scammers who made off with the
records of 2500 customers. These fraudsters are likely selling the
information to other crooks or, perhaps, to one of the those data
mining companies that are everywhere on the net where you pay the
price for the information that was illegally obtained.
There are many kinds of Phone Revenue Fraud:
- Call Selling -- services are stolen and then sold at a
discount. The buyers may be fully aware that they are
purchasing "hot minutes" or they may be clueless.
- Putting unintended calls through to a revenue 900 line.
- Subscription fraud: obtaining service by using a false
identity. In some cases, the person is unable to get credit
in his own name, so even if he uses another person's
identity, he pays his bills because he wants to keep the
line. In other cases, however, it is referred to as a "No
Intention To Pay" fraud because the criminal will simply
obtain line after line after line, never once settling a
bill. This one is commonly used in the drug trade where
numbers are constantly changed within the course of doing
business.
- Surfing: This is thievery of services on a call by call
basis. It may involve cloning, obtaining calling card
details from an innocent third party.
- Ghosting -- a techie way of deceiving the network and
getting free or discounted calls. Past scams have included
suppressing the answer signal so that no charge is generated
for the call, getting cash refunds on bills, stealing
customer information to use in future identity theft
schemes, etc.
- It's nearly impossibly to quantify the amount that is
stolen from companies by fraudsters, but it is not
impossible to determine who pays the eventual price of this
thievery. YOU do.
Consider a single reported case:
A night janitor picked up an office telephone of a large corporation
and dialed a 900 number. He left the phone off the hook during a
Saturday afternoon janitorial visit. From that time until Monday
morning when the employee arrived to work, the line was building up
charges at a rate or $8 per minute. The employee thought nothing of
the line being off the hook, assuming that it was inadvertently
knocked over, and hung the phone up. The charges? $480 per hour for
more than 40 hours. Not only did the 900 operator benefit from this
call, but the phone company simply shuffled the $20,000 into their
uncollectible line item and dropped the charge from the customer's
bill. To the phone company, uncollectibles are a cost of doing
business, one that is passed off to the consumer block.
Who is in that block?
YOU are.