19.5k unique visitors in the last 3 days

Premium Rate Fraud Exploit for Google, Microsoft and Instagram

Any business that automatically generates a phone call, even if it is designed to verify a customer, must be wary of PRS fraud.

Bug finder Arne Swinnen likes to make money by spotting the flaws in other people’s software. He identifies their mistakes, then reports them to developers in order to claim a cash bounty as his reward. It is lucky for Google, Microsoft and Instagram that Swinnen is an honest guy, because he recently found flaws in their services that would lead them to make premium rate telephone calls… and we all know how that can be exploited by fraudsters to generate a lot of cash, a lot less honestly.

The weaknesses found by Swinnen all stem from the desire for consumer tech firms to make money from the mobile ecosphere. All tech giants have realized that smartphones can be a great tool for generating revenues – the user pushes a few buttons at any time, wherever they are, and the cash flows instantly. But setting up the services to grab this revenue may necessitate a phone call or two, and these tend to be automated. So when they also allow the user to control which number will be dialled… you can see where this is headed. Arne documented his exploits here, but only after telling the tech firms so they could close the loopholes with their systems.

Swinnen’s insight leads me to a serious observation. Many developers want to take advantage of the huge and growing number of smartphones. A tiny share of an enormous marketplace can be worth a lot. But if tech giants like Google can be caught out, how many start-ups are going to cut corners and make mistakes, paying for calls to verify what they hope will be lucrative customers, without recognizing the danger that they can be abused? Telcos find it difficult enough to differentiate between a call to a legitimate number and those to a premium rate line managed by a scammer. How many tech firms will have implemented the kind of fraud monitoring needed to identify an unusual pattern of calls or very high volumes of usage? Telcos have got used to the parasites of organized crime, always looking for ways to steal via a network. Some software developers and cloud providers are going to learn that these leeches will suck the blood from their business too.

Eric Priezkalns
Eric Priezkalnshttp://revenueprotect.com

During his career, Eric has been a Director of Risk Management for a national telco, the Chief Executive of the Risk & Assurance Group, a Chief Marketing Officer for a software business, a consultant, a public speaker and the publisher of Commsrisk since its launch in 2006. Look here for more about the history of Commsrisk and the role played by Eric.

The comms providers that Eric has worked for include Qatar Telecom, Cable & Wireless, T‑Mobile, Sky and Worldcom. In addition to his proficiency at speaking about the current scamdemic, Eric is also a qualified chartered accountant and a subject matter expert in consumer protection, enterprise risk management, fraud prevention, data integrity and billing accuracy. Eric was the lead author of Revenue Assurance: Expert Opinions for Communications Providers, published by CRC Press. He can be reached through the contact form on this website.

Related Articles

The Commsrisk Global Fraud Dashboard


Our Global Fraud Dashboard uses AI-powered search to collate, update and visualize data about scams and other network abuses from around the world. New charts are added each month. See it here.

Get Our Weekly Newsletter by Email