Telecoms fraud costs the industry and end customers over €29bn ($33bn) each year, according to a new report from Europol and Trend Micro.
The duo claimed in their detailed 57-page Cyber Telecom Crime Report 2019, that increasingly, crime in the sector is seen as a low-risk alternative to traditional financial crime.
However, crucially the anti-money laundering controls that prevent bulk cybercrime in the finance sector are not present in telecoms, where SIM cards are used instead of traditional banking methods.
The report highlighted failed states as a growing perpetrator of this cross-border crime, using it to top-up government coffers.
“The drivers of this simultaneous awakening are the reduced cost and increased availability of telecom equipment capable of hacking inter-carrier trust, the availability of information on the topic, and the flattening (homogenization) of telecom deployments in 4G,” it continued.
“These drivers will continue in 5G, and be further multiplied by the effect of the nested tiers of automation (and attack effect amplification) contained in the core cost-reducing design drivers of 5G architecture.”
International Revenue Sharing Fraud (IRSF) is perhaps the best known and longest-running form of phone fraud. This often involves the use of premium rate phone numbers under the control of the fraudster, which victims are tricked into calling, thereby generating revenue for them.
One technique for doing so is the “wangiri” scam popular in Japan, where fraudsters call a victim and hang up after one ring, encouraging them to call the number back.
IRSF “chaining” can also be used to launder money across multiple jurisdictions and telecoms providers, the report claimed.
Vishing was highlighted as a popular tactic, but as it requires more skill and carrier knowledge to execute, it is reserved mainly for harvesting of high value resources like card details, and access to the victim’s phone and/or bank account.
The report’s authors encouraged telecoms providers to engage with Europol’s EC3 CyTel working group to share intelligence, resources and training for the greater good, in combating what is a major trans-national form of cybercrime.