The global telecommunications market is constantly experiencing an increase in the number of different fraud types.
Most of the threats are well-known by the community, and the modern Fraud Management Systems can at least detect and alert about the fraudulent activity or even block the suspicious calls before they actually cause the damages.
But sometimes fraudster find fresh approaches and the market faces new suspicious algorithms that could be very hard to detect.
In this article we would like to share with you an experience in fighting a novel fraud type – Wangiri 2.0. First of all, this type of fraud affects enterprises: online-shops, social networks, audio/video chats, etc. But it also affects operators in the traffic supply chain.
According to our data, the number of Wangiri 2.0 attacks is gradually rising: In Q2 2021 the number of attacks increased by 20% compared to Q1 2021. The main reason for it is that many enterprises (as well as operators) do not even know about the existence of Wangiri 2.0.
Let’s look at the general fraud scheme of Wangiri 2.0:
Step 1: A fraudster uses different phone numbers of real subscribers to request one-time passwords (PIN-codes) from an enterprise.
Step 2: The enterprise automatically calls back to these numbers via an operator (each call contains a voice record with password).
Step 3: The operator sends this traffic through its transit carrier
Step 4: In the chain of transit carriers, the traffic passes to a fraudulent carrier that hijacks these calls connecting them to answering machine (without passing the calls to real subscribers) and thus bills them
Step 5: After the fraud attack finishes, the unsuspecting enterprise originates a payment flow that reaches the fraudulent carrier, who shares the money with the initial fraudster.
How fraudsters make the attacks more difficult to detect, but it appears to be:
- Mix of natural and fraudulent traffic.
- Constant switching between lots of different hijacked B-ranges.
- Dynamic hijacking of calls (i.e., calls are being hijacked during a very short time period – that is why it is impossible to find the presence of a hijack via test. calls).
Outcomes of fraud attacks
As most antifraud systems do not identify Wangiri 2.0 fraud, the attacks can last for hours, or even days. It leads to huge amounts of financial losses (up to many thousands of USD per attack) for an enterprise, because it pays for all the hijacked calls, which have zero-conversion for its business.