20.5k unique visitors in the last 3 days

Anti-fraud Vendor Names 5 “Trusted” Countries Linked to Hidden Telecoms Fraud

An American business with an international clientele cited various examples of crime that challenge cultural assumptions.

An intriguing blog post by 1Route, a supplier of anti-fraud and STIR/SHAKEN call verification services, argues phone numbers associated with the following countries are being used for fraud more than the public realizes.

  1. United Kingdom
  2. United States of America
  3. Japan
  4. Sweden
  5. Australia

I know some people will question at least one or two countries in this list. 1Route’s method was not scientific, but they made valid observations about real-life networked crimes that should challenge our preconceptions. The relationship between the way people perceive risk and the actual threat posed by criminals is not straightforward. For example, I have tended to praise Australia for the work being done to protect Australians from phone scams, but how much is being done to stop Australian phone numbers being used for crimes committed in other countries? Phone numbers are part of a global system. Some kinds of crime will not be stopped until countries start systematically exchanging intelligence at a much larger scale than has ever been attempted before. The abuse of a number can have consequences across the planet, not just in the country which owns that number.

Consider the example of Sweden. 1Route praises the work they have done to prevent Swedish phone users receiving calls that spoof Swedish phone numbers. But what if a Swedish number is spoofed while calling the inhabitant of a neighboring country? There are about 40,000 Swedish nationals in Norway, 25,000 in Denmark and 35,000 in Finland. The latter also has a much larger population that speaks Swedish because of the history of the two countries, with approximately 285,000 Finns having Swedish as their native language. Groups like these could potentially be at risk of scam calls that are spoofed to appear as if they come from Sweden, especially as AI and other forms of automation will make it increasingly cost-effective for criminals to devise scam campaigns that target smaller groups.

Too much fascination with technology and too little interest in people can sometimes undermine well-intentioned attempts to reduce fraud. Some years ago I was listening to a boring webinar arranged by the SIP Forum, a group of people who rate themselves highly for their technical expertise but who desperately need an introductory course to teach them about the human race. It is no coincidence that men tend to work in engineering, women tend to work in human resources, and it is impossible to find a technical standard promoted by the SIP Forum that was written by a woman. During the webinar, a male representative of Canada’s comms regulator, the Canadian Radio-television and Telecommunications Commission (CRTC), made much of the fact that Canada has two languages, with the implication that Canada has a more complex fraud environment than that understood by most of the audience, who were American. Presumably he was unaware that 14% of the US population speaks Spanish as their mother tongue, compared to the 20% of Canadians who natively speak French. But more importantly, Mandarin Chinese is the fastest growing language in Canada. Over half a million Canadians speak Mandarin in their own homes. This group is especially vulnerable to scams. It was a shame that a regulator trying to show off their cultural sensitivity actually revealed their limited understanding of how scammers target members of society who are most at risk.

Perhaps I should be more forgiving of national regulators who may struggle with the international aspects of telecoms crime. They have no good resources to educate them. Plenty of multinational businesses will enthusiastically teach them about technology, but the obsession with using technology to mitigate crime obscures the need to analyze and evaluate risks before we choose which methods are used to tackle those risks. Networked crime is increasingly international in nature. Some of the risk is connected to culture. Nevertheless, it is considered normal for members of the anti‑fraud community to learn about crime by simply waiting to see what crime has occurred in their country so they can then determine how to respond. This leads to an almost comical ineptness in understanding and predicting the spread of crime across borders. The cultural myopia was painfully demonstrated earlier this year by numerous parties who thought the international use of SMS blasters was exemplified by the only known case of an SMS blaster being used for fraud in New Zealand, without any of them mentioning the Chinese connections of the man who was arrested in Auckland or the hundreds of SMS blaster arrests that have been made in China.

I get frustrated because I am trying to help regulators through self-funded activities like Commsrisk’s Global Fraud Dashboard and its SMS blaster map. Only a few regulators appreciate that there are big businesses that attack me because I draw attention to crimes in ways that challenge the narratives they want to push instead. Those businesses do not attack me through open criticism. That would be too obvious. They go after my income by putting pressure on businesses that use my services. They attack my sources of income in ways that would be difficult to prove in court. Some of the countries deemed most trustworthy are also home to businesses that are the most aggressive when I question assumptions about how well fraud is being tackled. Their robust defense of their corporate profits is putting the already meager defense of the public in further jeopardy.

Waiting to see what crime will occur was a bad approach even when telecoms businesses tended to be the biggest victims of telecoms crimes. It should be unacceptable now that developments in the technology available to criminals mean ordinary members of public face the greatest criminal threat. Most of the comms industry continues to take a ‘wait and see’ approach that reacts to crime rather than anticipating it. They console themselves that fighting crime is a game of ‘whac‑a‑mole’ where it is impossible to predict where the moles will appear, and what the criminals will do next. Anyone who talks like this is just kidding themselves. There is a simple and obvious explanation for the abject failure to predict what criminals will do next: nobody devotes any resources to trying to predict what criminals will do next.

Imagine a military commander who makes no effort to gain intelligence about the enemy’s disposition, plans no training exercises to learn about the weaknesses in their own defenses, keeps all their troops in locations based on where the enemy has attacked previously, and spends no time thinking about where the front line is weakest because they intend to wait for new attacks before choosing how to respond. That commander would be a loser that needs to be urgently replaced. Passivity is flawed in cyberwarfare just as it is flawed in physical warfare. The comms industry should be adopting more of a military mindset to fighting the war against fraud, especially as state-sponsored actors have blurred the boundary between cybercrime and cyberwarfare. We need greater urgency and we need to think ahead. The most important improvement that would come from adopting a military thought process would not relate to the increased investment in the hardware used to fight this battle — although technology vendors would obviously be glad of increased spending on their wares. The greatest improvement would be that we start planning where to deploy resources to improve our defenses. That would be a radical change from the way decisions are currently made about how to tackle networked crime.

So I give credit to 1Route for performing the kind of thought experiment that military commanders may perform when wargaming where an enemy would attack. There are plenty of signs of cultural bias that unhelpfully influence decisions about how to tackle fraud. Articles like this one from 1Route are a basic step towards the new kinds of threat analysis needed to effectively defend networks and their users at scale. It is appropriate to challenge assumptions about what can be trusted and where we are safest. History teaches us that big egos, national pride and expensive equipment will not guarantee success in a war against an enemy with a superior strategy, superior tactics, superior intelligence, superior motivation and a superior understanding of the terrain. 1Route’s analysis was not scientific, but it represents an encouraging step towards a wider appreciation of the need to identify and evaluate risk by being brave enough to consider those risks that others are neglecting. Weaknesses that allow the misuse of phone numbers associated with the world’s most trusted countries represent a greater threat than is typically acknowledged.

You can read 1Route’s blog about the “Top 5 “Trusted” Countries Used in Hidden Telecom Fraud” by looking here.

Eric Priezkalns
Eric Priezkalnshttp://revenueprotect.com

During his career, Eric has been a Director of Risk Management for a national telco, the Chief Executive of the Risk & Assurance Group, a Chief Marketing Officer for a software business, a consultant, a public speaker and the publisher of Commsrisk since its launch in 2006. Look here for more about the history of Commsrisk and the role played by Eric.

The comms providers that Eric has worked for include Qatar Telecom, Cable & Wireless, T‑Mobile, Sky and Worldcom. In addition to his proficiency at speaking about the current scamdemic, Eric is also a qualified chartered accountant and a subject matter expert in consumer protection, enterprise risk management, fraud prevention, data integrity and billing accuracy. Eric was the lead author of Revenue Assurance: Expert Opinions for Communications Providers, published by CRC Press. He can be reached through the contact form on this website.

Related Articles

The Commsrisk Global Fraud Dashboard


Our Global Fraud Dashboard uses AI-powered search to collate, update and visualize data about scams and other network abuses from around the world. New charts are added each month. See it here.

Get Our Weekly Newsletter by Email