Russian Fraudsters Use VoIP for Bogus Identification

The security bloggers at Flashpoint believe they have identified a new trend in the scams run by Russian fraudsters. One of the newer anti-fraud techniques is to force customers to identify themselves by making or receiving a phone call. This discourages organized crime by driving up the costs whilst creating a new mechanism to verify the customer’s identity – and hence new ways to spot which ones are lying. However, some criminals are now using Voice over Internet Protocol (VoIP) services to address this additional challenge. It also seems some of the VoIP providers are making it suspiciously easily for criminals to use their services…

Flashpoint has recently observed three VOIP services in particular that have been gaining traction among Russian-speaking cybercriminals seeking to make fraudulent online transactions

They name Narayana, SIP24 and SIP Killer as the three VoIP providers most loved by fraudsters, concluding:

Given cybercriminals’ longstanding interest in online transaction fraud and widespread determination to circumvent anti-fraud protections, VOIP services that enable users to rent virtual phone numbers and purchase SIM cards for countries around the world will likely continue to proliferate throughout the Deep & Dark Web, and it is important to recognize that instances of online transaction fraud have the potential to increase as a result. This information is especially relevant for financial institutions and e-commerce retailers, many of which may be unable to differentiate between legitimate transaction confirmation calls and fraudulent ones made and/or received by criminals using VOIP services.

Flashpoint‘s reviews of Narayana, SIP24 and SIP Killer, and the explanation of how they are suited to criminal purposes, can be found here.

Eric Priezkalns
Eric Priezkalns
Eric is a recognized expert on communications risk and assurance. He was Director of Risk Management for Qatar Telecom and has worked with Cable & Wireless, T‑Mobile, Sky, Worldcom and others.

Eric was lead author of Revenue Assurance: Expert Opinions for Communications Providers, published by CRC Press. He was a member of Qatar's National Committee for Internet Safety and the first leader of the TM Forum's Enterprise Risk Management team. Eric currently sits on the committee of the Risk & Assurance Group. He is a qualified chartered accountant, with degrees in information systems, and in mathematics and philosophy.

Commsrisk is edited by Eric. Look here for more about Eric's history as editor.