by Andy Gent

Cold calling is a nuisance, to the point that many people simply do not answer calls from numbers that they do not recognise or that do not display.  With the growth in automated calls, this issue just gets more frustrating.  But there is also a sinister element to some cold calls.

Fraudsters are increasingly using cold calling techniques to commit crimes against mobile phone consumers.  Posing as mobile networks, fraudsters are extracting critical user information such as address and date of birth from subscribers.  They then use this information to call the networks directly.  What follows is one of two things:

• The fraudster asks for an upgrade, receives a new phone that can then be sold on the open market
• The fraudster asks for a new SIM, meaning thousands of pounds worth of calling can be clocked up on the new SIM before the subscriber get a monthly bill.  This recent article in PC Advisor describes this kind of activity.

As always, exploiting the “system” is the key for the fraudster.  Indeed, most frauds can be categorised in three ways:

• Is there a weakness in the system that I can exploit?
• If I exploit this weakness can I gain access to something?
• Is the thing I get access to worth money?

Fraud is crime.  Fraud is theft.  Fraud does not happen when there is no financial gain from it taking place.

The mobile network operator faces an issue in that the things that they sell (phones and airtime) are both worth a lot of money.  This is exacerbated because phones are small, portable and worth a lot of money.  So the key factor for operators is to plug weaknesses in the system.   In the article outlined above the weakness is the lack of a double check before a new SIM is provisioned.  But any system has hundreds of weaknesses built in.  What is important is to identify both the weaknesses and unusual behaviour.

Most people will have experienced arriving in a foreign country and a credit card not working.  The card companies assess the likelihood of someone being there and temporarily bar the card if they believe that fraud is at play.  Mobile operators need to get much faster at doing something similar: is a phone calling premium lines for the first time?  Is it in a country that the subscriber has not visited before, just a hour after being in another country?  Is the phone making numerous calls one after the other.

No-one would advocate cutting a phone off if there is a risk of fraud (like the credit card example): after all the handset is the primary means of communication.  However, operators need to identify potential fraud quickly and flag it up to customers.  It is all part of the process of protecting revenues and customers.