Skip to Content

Call forwarding cover-up technique

by Cyrille Billon

Tracking Fraud

With 100 deployments in 50 countries, FraudBuster has a unique vision of the trends and techniques used by fraudsters. You bet our Analysts have stories to tell! This is the story of the “Call Forwarding” Cover-up Technique.

Indeed, fraudsters never cease to exploit breaches to mislead detection systems. That’s why our team is permanently on the look-out for their clever techniques.

Call Forwarding cover-up technique

In the fall of 2019, the FraudBuster Analysts uncovered a new trick used by fraudsters to cover-up their SIMbox calls. After noticing a strange trend in MSISNDs calling themselves (A calling A), we established fraudsters were using their operator’s Call-Forwarding feature to relay incoming international calls from their SIMBox MSISDNs to the destination B-number. In most cases, forwarded calls only generate partial CDRs and thus escape detection.

Here’s the simple case:

  1. An international call towards B-number arrives onto the SIMbox
  2. The fraudster configures a Call Forward from one of his SIMs (A-number) to the B-number
  3. The SIMbox generates a call from the SIM to itself (“A calling A”)
  4. The call is forwarded to the B-number and the international call goes through.

The associated CDR will generally just show a call from A to A! We logically dubbed this technique the “Call Forwarding” Cover-up…

Up to 23,000 minutes a day

Soon enough, this technique began to appear in several countries. On the network of our customer, FraudBuster detected SIMs terminating up to 23,000 minutes a day… having a huge impact on International Traffic revenue and network quality of service.

Considering this, our team reacted fast and developed appropriate detection rules to protect MNOs from such a prejudice. At its highest, this SIMBox traffic cover-hup technique was detected in more than 6 countries.

Reactivity is the key. Within days, FraudBuster has discovered more elaborate uses of this technique, and we were able to quickly adapt Detection Rules and disseminate them to the rest of our customers. All of our clients are now protected from the Call Forwarding Cover-up Technique.

To conclude, more stories to read on our website.

Back to top