Phone fraud

Phone fraud, or more generally communications fraud, is the use of telecommunications products or services with the intention of illegally acquiring money from, or failing to pay, a telecommunication company or its customers.

Many operators have increased measures to minimize fraud and reduce their losses. Communications operators tend to keep their actual loss figures and plans for corrective measures confidential.

According to a 2011 survey by CFCA, an industry group created to reduce fraud against carriers, the five top fraud loss categories reported by operators were:
 * $4.96 billion – compromised PBX/voicemail systems
 * $4.32 billion – subscription/identity theft
 * $3.84 billion – International Revenue Share Fraud
 * $2.88 billion – by-pass fraud
 * $2.40 billion – cash fraud

Fraud against users by phone companies

 * Cramming is the addition of charges to a subscriber's telephone bill for services which were neither ordered nor desired by the client, or for fees for calls or services that were not properly disclosed to the client. These charges are often assessed by dishonest third-party suppliers of data and communication service that phone companies are required, by law, to allow the third-party to place on the bill.
 * Slamming is any fraudulent, unauthorized change to the default long-distance/local carrier or DSL Internet service selection for a subscriber's line, most often made by dishonest vendors desiring to steal business from competing service providers.
 * False Answer Supervision is a misconfiguration of telephone company equipment, by negligence or design, which causes billing to start as soon as the distant telephone begins ringing, even if a call is busy or there is no answer. The cost is typically subtle but recurring as subscribers repeatedly pay some small amount for calls which were never completed.

Fraud against customers by third parties

 * PBX dial-through can be used fraudulently by placing a call to a business then requesting to be transferred to "9-0" or some other outside toll number. (9 is normally an outside line and 0 then connects to the utility's operator.) The call appears to originate from the business (instead of the original fraudulent caller) and appears on the company's phone bill. Trickery (such as impersonation of installer and telecommunications company personnel "testing the system") or bribery and collusion with dishonest employees inside the firm may be used to gain access.
 * A variant is a call forwarding scam, where a fraudster tricks a subscriber into call forwarding their number to either a long-distance number or a number at which the fraudster or an accomplice is accepting collect calls. The unsuspecting subscriber then gets a huge long-distance bill for all of these calls.
 * A similar scheme involves forwarding an individual PBX extension to a long-distance or overseas number; the PBX owner must pay tolls for all of these calls. Voice over IP servers are often flooded with brute-force attempts to register bogus off-premises extensions (which may then be forwarded or used to make calls) or to directly call SIP addresses which request outside numbers on a gateway; as they are computers, they are targets for Internet system crackers.
 * Autodialers may be used for a number of dishonest purposes, including telemarketing fraud or even as wardialing, which takes its name from a scene in the 1983 movie WarGames in which a 'cracker' programs a home computer to dial every number in an exchange, searching for lines with auto-answer data modems. Sequential dialing is easy to detect, pseudo-random dialing is not.
 * In the US, owners of customer-owned coin-operated telephones (COCOTs) are paid sixty cents for every call their users make to a toll-free telephone number, with the charges billed to the called number. A fraudulent COCOT provider could potentially auto-dial 1-800 wrong numbers and get paid for these as "calls received from a payphone" with charges reversed.
 * Autodialers are also used to make many short-duration calls, mainly to mobile devices, leaving a missed call number which is either premium rate or contains advertising messages, in the hope that the victim will call back. This is known as Wangiri (literally, "One (ring) and cut") from Japan where it originated.
 * 809 scams take their name from the former +1-809 area code which used to cover most of the Caribbean nations, since split into multiple new area codes, adding to the confusion. The numbers are advertised as offering services to callers in, typically, North America; they look like Canadian or US telephone numbers but are actually costly premium international calls that bypass consumer-protection laws that regulate premium numbers based in the victim's home country. Some advertise phone sex or other typically premium content. Ways to elicit calls include leaving unsolicited messages on pagers, or making bogus claims of being a relative in a family emergency to trick users into calling the number, then attempting to keep the victim on the expensive call for as long as possible. A later version of the 809 scam involves calling cellular telephones then hanging up, in hopes of the curious (or annoyed) victim calling them back. This is the Wangiri scam, with the addition of using Caribbean numbers such as 1-473 (Grenada) which look like North American domestic calls.
 * Pre-paid telephone cards or "calling cards" are vulnerable to fraudulent use. These cards show an access number that can be dialed to bill worldwide toll calls to the card via a passcode printed on a particular card. Anyone who obtains the passcode can make calls charged to the card.
 * Carrier access codes were widely misused by phone-sex scammers in the early days of competitive long distance; the phone-sex operations would misrepresent themselves as alternate long-distance carriers to evade consumer protection measures which prevent US phone subscribers from losing local or long-distance service due to calls to +1-900 or 976 premium numbers. This loophole is now closed.
 * In the US, area code 500 and its overlays permit a "follow-me routing" in which, if the number has been forwarded to some expensive and arbitrary destination, the caller is billed for the call to that location. Similar issues existed with area code 700 as the numbers are specific to long-distance carriers (except 1-700-555-4141, which identifies the carrier). Because of the unpredictable and potentially costly rate for such a call, these services never gained widespread use.
 * Telemarketing fraud takes a number of forms; much like mail fraud, solicitations for the sale of goods or investments which are worthless or never delivered and requests for donations to unregistered charities are not uncommon. Callers often prey upon sick, disabled and elderly persons; scams in which a caller attempts to obtain banking or credit card information are also common. A variant involves calling a number of business offices, asking for model numbers of various pieces of office equipment in use (such as photocopiers), sending unsolicited shipments of supplies for the machines, and then billing the victims at inflated prices.


 * Caller ID spoofing is a technique used with many frauds to impersonate a trusted caller such as a bank or credit union, a law enforcement agency, or another subscriber. When the telephone rings, the number displayed as caller is the faked trusted number. These calls may be used for vishing, where a scammer impersonates a trusted counterparty in order to fraudulently obtain financial or personal information.
 * Call clearing delays, in some United Kingdom exchanges, could be abused to defraud. For many years only the caller could disconnect a call; if the called party hung up the call it would not be disconnected. A thief would call a household and impersonate, for example, a bank or the police, and encourage them to call back, using a trusted number known to the victim. The caller could then play a recording of dial tone to trick the victim into thinking they were making a new call, while actually remaining connected to the original call; someone impersonating a bank or police officer would then come on the line.


 * Cordless phones had additional vulnerabilities; with some models a scanner radio could intercept analogue conversations in progress, or a handset of the same or a similar model as the target system may be usable to make toll calls through a cordless base station which does not authenticate calls. Obsolete analogue mobile telephones have stopped working in areas where the AMPS service has been shut down, but obsolete cordless phone systems may remain in service as long as analog telephony is supported.
 * A scam involving Indian call centers targeting American or Canadian customers demanding "unpaid taxes" by impersonating government officials was reported in 2016. Similar government impersonation scams include the SSA impersonation scam.
 * Every day, hundreds of scam calls are received on the US mainland which offer the recipients grant money from the Federal Government, but requesting a "small administration fee", although there are no fees associated with applying for or receiving a government grant.
 * During the 1980s, a common form of premium-rate fraud involved manipulating children (often through television commercials, such as during Saturday morning cartoons) to call a premium-rate number without their parents' knowledge or permission, sometimes going so far as to ask a child to hold the phone receiver up to the television set as it played DTMF tones to automatically trigger the dialing of a premium number. Such practices are now illegal in the United States.
 * The Can You Hear Me? telephone scam was alleged to be used in North America in 2017: the caller would ask a question with the answer "yes", then use a recording of the "yes" to make telephone transactions.

Fraud between phone companies

 * Interconnect fraud involves the falsification of records by telephone carriers in order to deliberately miscalculate the money owed by one telephone network to another. This affects calls originating on one network but carried by another at some point between source and destination.
 * Refiling is a form of interconnect fraud in which one carrier tampers with CID (caller-ID) or ANI data to falsify the number from which a call originated before handing the call off to a competitor. Refiling and interconnect fraud briefly made headlines in the aftermath of the Worldcom financial troubles; the refiling scheme is based on a quirk in the system by which telecommunications companies bill each other – two calls to the same place may incur different costs because of differing displayed origin. A common calculation of payments between telecommunications companies calculates the percentage of the total distance over which each telecommunications company has carried one call to determine division of toll revenues for that call; refiling distorts data required to make these calculations.
 * Grey routes are voice over IP gateways which deliver international calls to countries by mislabeling them as inbound local mobile telephone calls at destination. These "SIM box" operations are common in third world nations with exorbitant official international rates, usually due to some combination of tight control by one state-supported monopoly and/or excessive taxation of inbound overseas calls. Governments who believe themselves entitled to charge any arbitrary inflated price for inbound international calls, even far above the cost of domestic calls to the same destinations, will legislate against any privately owned, independent, competitive VoIP gateway, labeling the operations as "bypass fraud" and driving them underground or out of business. As a VoIP gateway in such a regulatory environment typically does not have access to T-carrier primary rate interface or PBX-style trunks, its operator is forced to rely on a hardware configuration with Internet telephony on one side and a large number of mobile SIM cards and handsets on the other to place the calls as if they were from individual local mobile subscribers.

Fraud against phone companies by users

 * Subscription fraud: for example, signing up with a false name, or no intention to pay.
 * Collect call fraud: most automated collect call systems allow the caller to record a short audio snippet, intended to identify the caller so that the recipient can decide whether or not to accept the charges. With the system being automated, the caller could insert any message they want, free of charge, as long as it fit within the short allotted time, and the recipient could refuse charges. A variant is to refuse a collect call at the higher operator-assisted rate, then call the person back at a lower price.
 * Person-to-person call fraud: Under archaic operator assistance systems, a person-to-person call only charged a caller if they could reach a specific person at the other end of the line. Thus, if coordinated beforehand, a caller could use a false name as a code word, with the recipient rejecting the call, and no one would be charged.
 * Intentional non-return of rental equipment (such as extension telephones) when relocating to a new address. The equipment would then be used at the new location without paying a monthly equipment rental fee. This has become rare as most telephones are now owned outright, not rented.

Frauds against phone companies by third parties

 * Phreaking involves obtaining knowledge of how the telephone network operates, which can be (but is not always) used to place unauthorized calls. The history of phone phreaking shows that many 'phreaks' used their vast knowledge of the network to help telephone companies. There are, however, many phreaks who use their knowledge to exploit the network for personal gain, even today. In some cases, social engineering has been used to trick telecommunications company employees into releasing technical information. Early examples of phreaking involved generation of various control tones, such as a 2600 hertz blue box tone to release a long-distance trunk for immediate re-use or the red box tones which simulate coins being inserted into a payphone. These exploits no longer work in many areas of the telephone network due to widespread use of digital switching systems and out-of-band signaling. There are, however, many areas of the world where these control tones are still used and this kind of fraud still continues to happen.
 * A more high-tech version of the above is switch reprogramming, where unauthorized "back door" access to the phone company's network or billing system is used to allow free telephony. This is then sometimes resold by the 'crackers' to other customers.
 * Caller name display (CNAM) is vulnerable to data mining, where a dishonest user obtains a line (fixed or mobile) with caller name display and then calls that number repeatedly from an autodialer which uses caller ID spoofing to send a different presentation number on each call. None of the calls are actually answered, but the telephone company has to look up every number (a CNAM database "dip") to display the corresponding subscriber name from its records. The list of displayed names and numbers (which may be landline or wireless) is then sold to telemarketers.
 * Payphones have also been misused to receive fraudulent collect calls; most carriers have turned off the feature of accepting incoming calls or have muted the payphones internal ringing mechanism for this very reason.
 * Cloning has been used as a means of copying both the electronic serial number and the telephone number of another subscriber's phone to a second (cloned) phone. Airtime charges for outbound calls are then mis-billed to the victim's cellular phone account instead of the perpetrator's.