X

Need cloud computing? Get started now

Akamai logo
+1-8774252624
+1-8774252624
Login
Control Center
Access the Akamai platform
Cloud Manager
Manage your cloud resources
Try Akamai
Under Attack?
Login
Control Center
Access the Akamai platform
Cloud Manager
Manage your cloud resources

Understanding International Revenue Share Fraud

Jagdish Mohite

Written by

Jagdish Mohite

August 31, 2023

Jagdish Mohite

Written by

Jagdish Mohite

Jagdish Mohite is an experienced cybersecurity professional with 20 years of experience working for Akamai as a Principal Security Consultant. He holds a Master’s degree in Cyber Security from Purdue Global and has multiple certifications, including OSCP, OSWP, CRTP, CEH, CISSP, CHFI, CISA, and PMP.

Preventing and mitigating IRSF requires a multifaceted approach, including proactive monitoring, real-time alerts, fraud detection systems, and industry cooperation.

Executive summary

  • International Revenue Share Fraud (IRSF) is a pervasive and financially damaging telecommunications fraud that exploits carrier revenue-sharing agreements

  • In this sophisticated scheme, fraudsters generate an inflated volume of international calls or messages to premium rate services, aiming to profit from the revenue-sharing arrangements. 

  • The complexities of IRSF make detection challenging, as it involves legitimate international calls to high-cost destinations, which makes it difficult to distinguish fraudulent activities from legitimate traffic. 

  • The impact of IRSF is substantial, leading to significant financial losses for both telecommunications carriers and their customers. 

  • Preventing and mitigating IRSF requires a multifaceted approach, including proactive monitoring, real-time alerts, fraud detection systems, and industry cooperation. 

  • Regulatory support and customer awareness play essential roles in combating IRSF, as collaboration among carriers, authorities, and customers is crucial to identifying and preventing future fraudulent activities.  

What is IRSF?

Telecommunications carriers often have agreements that allow them to share revenue with other carriers for services such as international calling, premium rate, and content-based services. These revenue-sharing arrangements are intended to be mutually beneficial for the carriers involved. 

In IRSF, fraudsters inflate the volume of international calls or messages to premium rate services, often by using automated dialers or botnets, to generate revenue from the revenue-sharing agreements.

Fraudsters typically target international numbers or premium rate services with higher call charges; they may use SIM cards with unlimited international calling plans or compromise private branch exchange (PBX) systems to make many calls.

According to Telesign, the total number of IRSF attacks has grown 6x since 2013 and the associated total losses have multiplied from US$1.8 billion to US$10.76 billion.

IRSF attack methods

IRSF attacks involve various methods to exploit revenue-sharing agreements between telecommunications carriers. These attacks are designed to generate revenue for fraudsters by manipulating call volumes and directing traffic to high-cost destinations or premium rate services. Some standard IRSF attack methods include:

  • Wangiri fraud

  • PBX hacking

  • SIM box fraud

  • False answer supervision

  • Subscription fraud

  • International revenue share abuse

Wangiri fraud

In a Wangiri fraud, also known as "one ring fraud,” fraudsters use automated systems to make short calls to many phone numbers. The calls are often terminated after one ring, enticing recipients to return the call. When the recipients call back, they are redirected to premium rate numbers, incurring high call charges shared with the fraudsters.

PBX hacking

In PBX hacking attacks, fraudsters compromise businesses’ or organizations' PBX systems. They gain unauthorized access to these systems, allowing them to make many international calls using the victim's telephony infrastructure. The calls are directed to high-cost destinations or premium rate numbers, resulting in significant financial losses for the victim.

SIM box fraud

In SIM box fraud, fraudsters use a device known as a SIM box gateway, which contains multiple SIM cards. The SIM cards allow them to make international calls using local rates, bypassing international call charges. The calls are then redirected through the SIM box to premium rate numbers, generating revenue for the fraudsters.

False answer supervision

False answer supervision fraud occurs when the called party's telecom network falsely indicates that the call has been answered when it has not, which leads to triggered call charges and generated revenue, even if the intended recipient did not answer the call.

Subscription fraud

Subscription fraud involves fraudulently signing up customers for premium services or content subscriptions without their consent. The fraudsters use stolen (or fake) identities to create accounts and incur charges for premium services that are then shared with the fraudsters through revenue-sharing arrangements.

International revenue share abuse

In this method, fraudsters identify high-cost international destinations with generous revenue-sharing agreements. They artificially inflate the call volume to these destinations, making it appear as though legitimate calls are being made although the calls are fraudulent.

Indicators of IRSF

Detecting IRSF can be challenging because it often involves legitimate international calls to high-cost destinations. However, some indicators may raise suspicion, including: 

  • A sudden spike in international call volume

  • Multiple calls to the same number in a short period

  • An unusually high number of calls to premium rate numbers

IRSF can result in significant financial losses for telecommunications carriers and their customers. The fraudsters generate revenue from the revenue-sharing arrangements, while the legitimate customers or businesses that are carrying the costs are left with inflated bills.

Detecting and preventing fraud

Preventing and mitigating IRSF requires a multilayered approach that involves: 

  • Monitoring call patterns

  • Analyzing traffic

  • Implementing fraud detection systems 

  • Setting up real-time alerts for unusual activities

Telecommunications carriers and businesses must be vigilant and proactive in detecting and preventing fraudulent activities.

Mitigating attacks

To combat IRSF attacks, telecommunications carriers and businesses must implement:

  • Robust fraud detection systems

  • Real-time monitoring

  • Analytics to identify suspicious call patterns and activities

Collaborative efforts among carriers, regulatory authorities, and industry organizations are essential for sharing information about known fraudulent activities and statistics to prevent future attacks.

Additionally, customer awareness and education can empower users to promptly detect and report suspicious activities, contributing to the early mitigation of IRSF attacks.

How Akamai can help

Akamai Bot Manager can help customers mitigate IRSF fraud. Our customers reported a significant reduction in attack traffic, thereby increasing their revenue.

Conclusion

IRSF poses a significant and persistent threat to the telecommunications industry, leading to substantial financial losses for carriers and businesses worldwide.

The complex nature of IRSF makes it challenging to detect, as it often involves a blend of legitimate and fraudulent activities.

Organizations can mitigate IRSF attacks effectively by adopting a proactive and multifaceted approach. Collaborative intelligence and information sharing among carriers, regulatory bodies, and industry organizations can help prevent the spread of known fraud patterns.

Contact us
Jagdish Mohite

Written by

Jagdish Mohite

August 31, 2023

Jagdish Mohite

Written by

Jagdish Mohite

Jagdish Mohite is an experienced cybersecurity professional with 20 years of experience working for Akamai as a Principal Security Consultant. He holds a Master’s degree in Cyber Security from Purdue Global and has multiple certifications, including OSCP, OSWP, CRTP, CEH, CISSP, CHFI, CISA, and PMP.

Related Blog Posts

A good bot management strategy will allow you to take action on one specific bot within a category.
A good bot management strategy will allow you to take action on one specific bot within a category.

Managing AI Bots as Part of Your Overall Bot Management Strategy

November 20, 2024
Learn about the potential impacts of AI bots and the importance of having a holistic bot management strategy.
by Ilia Bromberg and Christine Ferrusi Ross
Read more
A primary goal of Zero Trust is to minimize the attack surface — and microsegmentation is key to achieving this.
A primary goal of Zero Trust is to minimize the attack surface — and microsegmentation is key to achieving this.

Segmenting Hybrid Clouds: What to Look for in a Solution

November 19, 2024
Learn how to select a microsegmentation solution to fortify your organization’s cloud security strategies and protect your assets across multiple public clouds.
by Jacob Abrams
Read more
Proactive, holistic ransomware prevention and protection measures are crucial to your enterprise’s continued success.
Proactive, holistic ransomware prevention and protection measures are crucial to your enterprise’s continued success.

Five Ways to Prevent and Protect Against Ransomware Attacks

November 18, 2024
Ransomware is a pervasive threat to modern enterprises. Learn five key ransomware prevention strategies to protect your business, customers, and data.
by Jacob Abrams
Read more