PBX Services Limited* (PSL) has been operating for a number of years providing PBX services to small to medium businesses. They are a small business but have been reasonably successful in providing their services to an established group of customers. PSL Management are aware of the fraud risks associated with PBX’s, however have never been a victim of any significant fraud, and because they are a small company, did not expect that they were likely to be targeted by organised fraudsters.
During a long weekend in Q3 of 2013, the CEO of PSL received a phone call from his Account Manager at his Wholesale Carrier. He was advised that over the previous 30+ hours, 18,000 calls had originated from his PBX’s to destinations such as Gambia, Bosnia, Serbia, Latvia, East Timor and others. The value of these calls was around $US120,000, and his Wholesale Carrier, recognising that PSL may struggle to repay this debt, demanded payment in full within 48 hours, or their Network Services would be withdrawn. PSL had been the victim of PBX Hacking and International Revenue Share Fraud (IRSF). Despite the fact that the PSL average monthly spend on international calls up to that point was around $US100, and such a huge increase in calling should have been identified through fraud monitoring, PSL was contractually obliged to make this payment. PSL did not have the cash reserves to make this payment as required by their Wholesale Provider, and without a Network Carrier, they could not remain in business.
PSL was not a PRISM customer, however was aware of the services provided by the PRISM developer in the area of fraud investigation (The Investigator). The Investigator was contacted and offered to help, receiving full details of the 18,000 fraudulent calls that were made.
Within these 18,000 calls almost 750 unique numbers were identified, and 261 hits were confirmed.
Many of these 261 numbers were called within the first 1,000 calls associated with this fraud, and had PRISM been used as a hotlist by either PSL or their Wholesale Carrier, 261 fraud alerts would have been raised.
The losses that would have resulted would then have been reduced to less than $US5,000, and this was a perfect example of how a minimal investment in PRISM, along with an associated FMS if one does not already exist within the organisation, can generate impressive fraud savings. It also highlighted the fact that IRS fraudsters are not concerned with the size, location or business interests of the victims they are going to attack. They will continue to search for the ‘weakest link’, put in place a strategy to maximise their fraudulent profits, decide on a time and date of commencement of the fraud, and then commence their attack. In this case the fraud was organised, with simultaneous PBX hacks originating from Germany, Palestine, Israel and other locations.
In this case, the end result for PSL was not as bad as it could have been. From using the data within PRISM, the Investigator was able to identify the likely IPRN Reseller who controlled most of the numbers used during this fraud, and also confirm that many of them were hijacked ranges which did not terminate in the countries to which the relevant country codes applied. Because of this information, the Wholesale Carrier agreed to reduce the amount owed, allowing PSL time to pay this reduced amount and save their business. However this was still a significant loss that could have been avoided had either PSL or their Wholesale Carrier made a small investment in what is generally accepted as the most effective IRSF detection tool available.