Lanck Telecom Raises Fraud Alarm for International Brands, Enterprise Call Centers & Carriers: Beware of Wangiri 2.0

If any class of carrier feels the sting of traffic pumping fraud, it’s the international wholesalers.

A wholesaler is considered responsible for all the partners it connects to, so when a retailers gets hit with fraud, the first accusing finger is pointed at the wholesaler.

This is why a wholesaler takes drastic steps to deliver fraud-free connections: it knows the price of poor fraud-fighter diligence is too high.  As Robert Benlolo of Tata Communications puts it, “If you lose the trust, you lose the traffic”.

So whenever a wholesaler offers a fraud warning or recommends a fraud control measure, that’s industry advice worth listening to.

Such is the case with Lanck Telecom who contacted me about a new form of traffic pumping it has recently discovered.  St. Petersburg-based Lanck is a mid-tier wholesaler who carries 3 billion minutes of international voice traffic a year.

I spoke with Sergey Okhrimenko, Lanck Telecom’s Chief Operating Officer.  And in our interview, he gives details on the new fraud, a variation of Wangiri they’ve named “Wangiri 2.0”.  Lanck also supplies a real-time FMS solution that detects and blocks this kind of fraud.

	Dan Baker, Editor, Black Swan Telecom Journal: Sergey, please tell us a bit about Lanck Telecom, your customers and experience as an international wholesaler.

Sergey Okhrimenko: Happy to, Dan.  Since we’ve been in the international carrier business for 19 years, we are recognized today as a reliable partner with a solid reputation.

In terms of big operator partners, we have Verizon, Orange, Vodafone, Deutsche Telekom and many others.  We are also working with big mobile and VoIP operators as partners.  And we have a global presence with offices in Massachusetts, plus Madrid, London, Hong Kong, Johannesburg and Cyprus.  We have a new focus on Latin America.

In fraud industry forums (FASG GSMA, CFCA, etc.) we attended over the past year we’ve given presentations about this Wangiri 2.0 fraud and there’s been great interest in it.

	I’ll admit that Wangiri 2.0 is a clever name.  It gets your attention.  So how did you discover this fraud and what makes it different from the classic Wangiri “one ring and hang up” callback to a premium number scheme?

Well, as an international carrier, Lanck Telecom constantly analyzes the traffic that flows to us from other operators.  Late last year we discovered a new pattern of traffic going to suspicious number ranges.  These were calls originating from call centers and enterprises.  And when we discovered a massive case in one of our partner’s traffic, we blocked it and opened a trouble ticket.

However, our partner insisted on continuing this service since it was voice traffic from a very large enterprise.  Their position was that such traffic should not be blocked since it is unacceptable to deny service to important customers.  So we had to let the traffic through, even though our system was correct to deduce it was fraud.

So this was a curious case.  The classic Wangiri fraud is targeted at retail customers/users.  The customer reads his “missed call” notification and a certain percentage of them call back the number, incurring high cost per minute.

So we asked ourselves, “Why would businesses call numbers that are usually associated with Wangiri?” Then we discovered that fraudsters found ways to lure businesses towards this Wangiri-style scheme.

Here’s how the Wangiri 2.0 fraud scenario works and why it is a particularly tough fraud to catch:

1. Fraudsters target Big Businesses doing International Calling — The target is businesses who do a significant volume in international voice calls.  These are usually call centers or the customer support services of large corporations.

2. A Sales Inquiry initiates the Fraud — This kind of Wangiri is not a “one ring and hang up” affair.  Since the target is often the sales function of a company, a salesperson needs to know who is calling and why before they call back the premium number left in voice mail. 
   
   Alternatively, the fraudster will use bots or scripts to initiate the fraud via the company’s on-line form which the fraudster fills out.
   
   [NOTE: A simple example of an international business "call back" form is pictured at right.]
3. Harder to Detect than “Classic” Wangiri — One of the key differences: there is no “wave” of incoming call attempts from unusual ranges.  The fraudster can spread out the calls so you don‘t normally notice a spike in duration or volume of calls per client.  Also, remember these are usually large businesses who do a significant amount of international outgoing voice traffic.
4. Greater Likelihood of Callbacks — With classic Wangiri, the only people who call back are the curious people — a relatively small percentage.  So with classic Wangiri, it requires hundreds of thousands of calls for the fraudster to earn a decent return. 
   
   In the case of Wangiri 2.0, however, the businesses treat these filled-out sales inquiry forms as important sales leads and are eager to follow up.  Many businesses consider “talk-and-listen” or a personalized approach to sales as a cornerstone of their customer communications.  They need this channel and heavily rely on it.
5. Authentication by One Time Passwords are Compromised — When a brand uses IVR to deliver One Time Passwords (OTP), fraudsters will fill up the form with a fraudulent B-number and initiate password delivery.  We notice that several large brands — including well-known IT giants on the Fortune 500 — have sustained losses through this type of fraud.
6. Enterprises tend to Not Recognize the Problem as a Fraud Loss — It’s hard for many enterprises to acknowledge these Wangiri calls as fraud losses because they inclined to believe the losses are from bad sales conversion.  Enterprises tend to blame a lack of salespeople skills and failed marketing.  Fraud is often not suspected.
7. Financial Losses Seem to be Greater — Compared to classic Wangiri, we believe Wangiri 2.0 is far more dangerous to businesses, operators and carriers because of the high conversion to call backs.  Businesses treat these inquiries as sales leads and try to reach out to 100% of the cases.  We’re finding average financial loss per in case are larger than classic Wangiri.  While there are fewer calls — these calls have a much longer average duration.

I suspect there are many FMS’s out there they do not detect Wangiri 2.0, but it’s catching frauds like this that are a crucial threat to the international voice business.  It’s also important to develop and implement an effective protection against such threat and that’s what we’ve done in our FMS product.

	This variation of Wangiri where the victim is a business, is an important trend to watch.  There are many free or low-cost on-line services that help a business design its own web forms.  So you longer need to hire a web developer, and this is a key reason forms have become so popular.  Yet the security considerations of using forms is not always appreciated as it needs to be.

Yes, we’ve noticed the trend towards on-line forms.  One practice that certainly helps is the "Captcha" screen that confirms a human being is filling out the form — and not a bot.  Still, we suspect many companies are lax about requiring this verification. 

And something else to consider: the conversion rates on this business-victim Wangiri fraud are high enough that the fraudsters can afford to hire low cost mules to go online and fill out the forms.

	Tell us about your fraud management system.  Are you moving into the software business?

Well, our mission at Lanck Telecom is to remain an international transit carrier.  And we offer our FMS to all carriers since we believe retail operators would prefer to deal with carriers who can secure their traffic with such anti-fraud systems.

Our Lanck Telecom Real-Time Fraud Management System offers great protection against numerous frauds, including Wangiri 2.0, and the proof is we’ve been operating and steadily improving this product for 7 years.

When we first developed the FMS, our main idea was to simply secure the traffic coming through our servers.  We wanted to avoid disputes with partners because wherever fraudulent traffic exists, by definition someone is not getting paid who should be.

So while we first built this as our in-house solution, it’s been tested over several years now time and achieves good results, so this is why we now offer it to other carriers.

The Lanck Telecom FMS works in real-time.  We analyze SIP signaling, rather than CDRs, and we can not only alert our clients, but also stop the attacks.  Our analysis is based on proactive monitoring based on our database of suspicious ranges, behavioral analysis (machine learning/AI) and custom/high usage rules.

The solution is easily integrated as it requires no capital expenses and no CDR uploads.  It can work side-by-side with other existing solutions.  Lanck Telecom provides our FMS in alerting mode for free for all our partners.  The FMS features a web-based control screen with custom settings the client can apply.

It’s also easy to install since most of the setup is done remotely.  Another advantage is we enable customizable rules.  You can set it up to complete all legitimate calls while also limiting a destination’s number of minutes to a certain threshold.  There are many options to choose from.

Lanck Telecom continues to work on our anti-fraud products and services.  Recently we developed a prototype of the real time Global FMS aimed at all types of fraud connected with international voice.  We will present it at upcoming industry forums.

	Well, thanks Sergey for this fraud alert briefing.  Lanck Telecom is being true to its mission.  Alerting the industry and providing a software solution is not only good for the industry, it’s a great way to build your reputation as a wholesaler.

Thanks, Dan.  From my experience of the international carrier business, somewhere between the caller and the destination, there’s often a fake station or node.  It is a virus that affects the whole industry and the fraud can happen at any level.

The most important thing — for everybody involved — is when a person sees something unusual, he reports it so others are made aware of it and can investigate.  It’s all about being alert to unusual behaviors and unusual patterns.

Telecom fraud is a big issue now.  We think that it is very important for all major stakeholders to cooperate and commit to some sort of understanding with each other.  This is why we have joined the Code of Conduct developed by the i3 Forum.

We think developing a trust between operators and carriers is a key element for effectively minimizing fraud attacks.  We may not be able to eliminate fraud completely but we can certainly minimize it.