Mobile Identity at Risk: Tackling IRSF Fraud in the Telecom Sector

For years, IRSF, also known as toll fraud, targeted telcos with the aim of grabbing revenue shares from premium international numbers. Fraudsters, seeking to seize the revenue share from premium international numbers, would typically engage in activities like traffic pumping to artificially inflate call volumes. However, recent developments have seen a shift in focus, with IRSF becoming a substantial problem for digital businesses. An article by Joe Burton from Telesign highlights that IRSF has grown six-fold over the past decade, with total losses soaring from $1.8 billion in 2013 to a staggering $10.76 billion today.

Another point to consider is the alarming rise of synthetic identities created through IRSF. Fraudsters exploit the inter-carrier trust within the telecom industry, manipulating the flow of traffic to commit activities such as fraud and money laundering. This dynamic has given rise to the creation of millions of fake identities, taking advantage of two-factor authentication methods via SMS - a phenomenon later named as Artificial Identity Trafficking (AIT).

Shift from Telco to Enterprise

What makes the evolution of IRSF noteworthy is its shift from targeting telecommunication infrastructure to impacting online businesses of various scales. Initially, the motive was to gain revenue from premium numbers, but the evolution of tactics now includes the creation of fake identities impacting digital-native enterprises. The criminals orchestrating IRSF attacks have seamlessly blended telco and enterprise fraud, exploiting vulnerabilities in both realms. This shift introduces a new dimension to the fraud, significantly expanding its scope and potential consequences.

Digital enterprises now face the threat of IRSF attacks leading to financial loss and compromising the integrity of their services. Fraudsters no longer merely focus on revenue share from premium numbers; they exploit IRSF to create synthetic identities and generate revenue through fake numbers. These fake identities are then traded on the dark web or used for various illicit activities such as cheating in video games, deceiving e-commerce platforms, or manipulating social media algorithms.

IRSF's Impact on the Digital Age

Historically confined to telco infrastructure, IRSF has now infiltrated the digital-native enterprise world. Toll fraud involved conventional PBX hacking and reconfiguration. However, the landscape changed with the emergence of new tactics like roaming fraud using stolen SIM cards and SMS spam. Fraudsters, once content with revenue shares from premium numbers, have adopted new tactics. They now exploit the opportunity to create synthetic identities and generate revenue from fake numbers, severely impacting customer experiences on apps and websites. The notorious Wangiri fraud, meaning "one ring and cut" in Japanese, became a common attack vector. Fraudsters would robocall individuals from premium international numbers, encouraging call-backs to generate revenue.

Jagdish Mohite's insights underscore the complexity of IRSF attacks, involving methods such as Wangiri fraud, PBX hacking, SIM box fraud, false answer supervision, subscription fraud, and international revenue share abuse. These attacks not only lead to financial losses but also jeopardize the integrity of enterprise services through the creation and sale of fake accounts on the dark web.

As technology advances, so do the tactics of IRSF. A significant parallel has emerged – the transition from voice-centric telco fraud to the creation of millions of fake identities through SMS authentication. Fraudsters, once focused on premium numbers, now exploit SMS messages to achieve similar goals.

This evolution highlights the adaptability of cybercriminals and the dynamic nature of cybersecurity challenges. The interplay between telco-centric fraud and enterprise-focused attacks showcases the need for a holistic approach to security.

Nation-State Involvement & Countermeasures

The threat landscape has expanded further with nation-state actors employing IRSF to manipulate social media algorithms. By creating vast numbers of fake accounts, hackers aim to sow discord and confusion around sensitive social issues, especially during election times. This alarming trend highlights the potential for IRSF to be used as a tool for broader cyber-espionage activities.

The complexity of IRSF has grown, with attackers utilizing techniques like SIM box fraud, false answer supervision, and subscription fraud. These attacks extend beyond traditional telephony, now encompassing digital platforms, making them harder to detect and mitigate.

As the sophistication of IRSF attacks grows, so do the technologies employed to counter them. Security professionals must stay ahead by continuously studying attack methods and patterns. Leveraging comprehensive number intelligence and global fraud databases becomes crucial for flagging risky calls. Burton emphasizes the importance of security professionals staying abreast of evolving attack methods and patterns.

Artificial intelligence and machine learning play pivotal roles in detecting new IRSF patterns and intelligence gathering at the early stages. Implementing a "reputation score" based on phone number intelligence, traffic patterns, and real-time insights offers an effective prevention strategy.

Education is equally vital. Businesses must be aware of the risks posed by IRSF, as it not only drains revenue but also harms customer satisfaction and trust. Measures such as customer education on changing PINs, turning off PBX ports, and avoiding calls from unknown international numbers are critical in preventing IRSF attacks.

What’s next?

From its roots in telco-centric fraud to its current state as an enterprise menace, IRSF has become a multifaceted challenge. The interconnected nature of telecommunications and digital services has created an environment where fraudsters exploit vulnerabilities, creating fake identities through AIT. And as the battle against IRSF intensifies, mobile identity is at risk, caught in the crossfire of IRSF's evolution from a telco-centric concern to a multifaceted enterprise threat.

The parallel between telco fraud and the creation of synthetic identities through SMS authentication emphasizes the interconnectedness of cyber risks. Only through a comprehensive and evolving approach to cybersecurity can we effectively combat the ever-changing tactics of cyber adversaries.

The digital landscape always has and will continue to evolve. As immediate consequences, businesses, security professionals, and regulators are expected to collaborate as the only means to stay one step ahead of cyber threats at all times. Put plainly, collaboration between public and private sectors becomes imperative to provide information sharing, timely policies placement, efficient and concrete evaluations - only a few of the many countermeasures that will likely be required in the near future to effectively battle IRSF fraud.

Stay vigilant, stay informed, and adapt to the evolving landscape of cybersecurity, protecting mobile identities from the growing number of menaces.