Introduction 

The telecom fraud landscape is ever-changing. Methodologies, tactics, and different types of fraud are always being identified and contested. Recently, LATRO identified a shift in the telecom fraud trend towards Wangiri fraud against one of our South American clients. Wangiri fraud, although not new to the telecom fraud world, began affecting Guyana at more frequent rates and higher volumes than previously identified. 

As defined by the GSMA Fraud Manual, Wangiri fraud consists of short calls or fake missed call notifications to prompt the customer to call back. The callback number is an international premium rate number and ensures artificial inflation of traffic. The term Wangiri originates in Japan and stands for “one ring and cut”. Depending on the scale of attack, this specific type of fraud does not have as high of a financial impact on the operator being attacked as one would think.

However, it impacts the operator’s brand and reputation as customers do not want to be flooded with missed calls from unknown numbers and charged with premium rates when they call back. 

The Methodology 

LATRO has been providing fraud management solutions to clients in Guyana for many years. It was not until recently that LATRO started to detect and report Wangiri fraud affecting the operators in Guyana. Typical Wangiri attacks towards an operator’s subscribers are fast in nature and high in volume.

The purpose of a Wangiri attack is to solicit callbacks to premium-rate numbers so the fraudster will make as many calls to subscribers as quickly as possible. These calls typically happen at night or during business hours of the operator’s subscribers because it is less likely for the subscriber to answer the initial call. If the fraudster can trick a subscriber into calling back, the fraudster will utilize long messages to keep the subscriber on the call as long as possible. Typically the messages are automated once the subscriber calls back.

Since the short calls are not answered and do not generate a call record, it may be difficult for an operator to block the Wangiri numbers efficiently. There is also no cost to the fraudster for making the short call attempts. Since there are no CDRs generated from the missed call attempts, one of the best tools to defend against Wangiri attacks is LATRO’s Signaling Analytics probes. LATRO’s Signaling Analytics probes allow our analyst team to see call attempts that are made on the monitored network. 

Having the ability to see call attempts on an operator’s network allows LATRO to create and optimize detection profiles based on Wangiri fraud behavior. 

The Discovery 

On July 31, 2020, LATRO identified a large scale Wangiri attack against Guyana. Large volumes of incoming calls from Tunisia were detected starting at 6:00 AM GMT. This was early in the morning for the people of Guyana, which indicates that a knowledgeable fraudster conducted this attack and attempted to trigger as many missed calls as possible. The attack lasted for around 3 hours. During this short period, fraudsters originated 26,052 call attempts toward subscribers in Guyana.

These call attempts originated from 422 sequential MSISDNs, which were part of an unused numbering range in a Tunisian operator’s network. This is a typical characteristic of a Wangiri attack; to send thousands of calls in a small amount of time. Each Tunisian MSISDN averaged 60 call attempts towards Guyana. This Wangiri attack elicited 2,268 call-backs from Guyana subscribers (8.7% call-back ratio).  

Figure 1: Visualization of incoming calls vs outgoing return calls 

On average, LATRO identifies a Wangiri attack against Guyana about one to two times a month. The 422 identified Tunisian numbers were reported by LATRO to the Guyana operator in real-time. However, these detections were not blocked in real-time. 

If these had been blocked in real-time, the operator would have been able to significantly decrease the fraudster’s incoming calls and return calls from their subscribers. The goal is not only to block the identified Wangiri number ranges from calling into an operator’s subscribers but to limit the amount of callbacks to the fraudster’s premium-rate numbers and decrease the fraudsters’ profitability as well. 

Based on the characteristics of the identified Wangiri attack, LATRO was able to optimize the detection profiles for even better results. The below graphic provides a visualization of the number of incoming calls towards Guyana vs the number of return calls made to the premium rate numbers. 

Conclusion 

LATRO has included Wangiri monitoring in all of our Signaling Analytics projects. This creates an opportunity for LATRO to continue to learn and adapt from different Wangiri attacks against operators throughout the world. LATRO also participates in the RAG Wangiri Blockchain project, which compiles a list of identified Wangiri numbers for operators to block.

Although Wangiri fraud does not have a direct effect on an operator’s revenue, subscribers who become victim to constant Wangiri attacks can tarnish a brand, lead to customer dissatisfaction, and cause subscribers to switch operators. LATRO is proud to provide diverse fraud management solutions and to help operators recover lost revenues as well and provide optimal service to their customers. 

Our team of experts are always open and ready for questions concerning your fraud management needs. Connect with us via LinkedIn, Instagram, and at LATRO.com.