A case of IVR fraud?? Can you help me??

Forums › VoIP › A case of IVR fraud?? Can you help me??

PonderousPolly

2 posts

Wannabe Geek

#92519 31-Oct-2011 21:39

I need some help please. To paint a picture - I am new to a company, roaming international IT service desk, very basic phone system managed by an external low grade host, existing limited knowledge onsite. Too many questions, nowhere to obtain answers..

My issue is I manage 5 toll free 0800 numbers into a call centre. One 0800 number in particular has an IVR and a roaming group so the termination point varies between 6 different extensions. The basic system in use means I am unable to track a specific call to a specific termination point and the information I can pull only shows the inbound call information such as date, time, duration, number called from and cost of call. I am unable to generate any report showing outbound calls from specific DDIs to marry up the number inbound/outbound to find where it terminates each time.

I have a nuisance caller that is phoning one of my 0800 numbers from a mobile phone at various times of the day and on weekends (we operate Mon - Fri, 8am - 5pm and after that time the 0 option for a human operator is removed and reverts to an after hours message termination message) and is showing that each time the call terminates within the roaming group within my dept, the duration is between 15-27mins. I have nobody in the office at 2.36am (verified by security) so am wondering if this person, who has knowledge of our phone system, has circumvented the system somehow.

My theories;

1) Internal phone has been redirected to a specific external phone number and the nuisance caller is entering that extn when prompted to be redirected to the same person

2) Nuisance caller follows IVR prompt (>push 1 if you know the extn, >please enter the extn and then press #) but is then able to dial out externally. (I tried this today but was unable to dial externally using our standard 1 for an outside line).

3) Nuisance caller has a mate at Telecom and has hooked up 0800 Follow Me on a virtual extn that does not have a physical phone. Very basic phone system does not allow regular reporting of active extn's hence why it hasn't been captured previously.??

My external low grade host has graciously offered to charge me $5 to have the caller's number blocked but isn't really interested in assisting to resolve the issue. However that may be due to the nuisance caller accounting for 62% of my recent invoice from them. If I block that number, the nuisance caller will simply use a different inbound mobile number so I need to find out how it's happening. Telecom are only able to issue a nuisance warning which may be appropriate in the future however I need to find out how it's happening to avoid it happening again. I have identified the caller so I am not concerned they will be hard to find, I just have no idea what or how they are doing this.

Does anyone have any ideas/suggestions/questions/advice? My company has long used this 0800 number so changing it is not an option. Nor is investing in a more suitable phone management solution at present.

sbiddle

30853 posts

Uber Geek

Retired Mod

Trusted

Biddle Corp

Lifetime subscriber

#539775 1-Nov-2011 06:23

What sort of phone system do you have? And who are they calling?

Wade

2225 posts

Uber Geek

#539776 1-Nov-2011 07:06

Speaking from a laymans view, can you go in after hours and check which of those extensions has an auto forward on? I would start with anyone in the 20 something age group :P

gzt

17140 posts

Uber Geek

Lifetime subscriber

#539804 1-Nov-2011 09:14

Will you not have a billing record which will identify the outgoing number at 2.36am? From there you can go through and see the other times the same number is billed. This information may be useful and may correlate to other things.
You have the inbound number. Is that not enough for the law to find out who it is in most cases?
Calling it while everyone is at work might be classic ; ).
If someone answers you might have to be creative to get the information you need. "You have won lotto, please tell me your full name and address" lol.
If it is a very dumb fraud - just blocking that one incoming number might be the end of your problems.
If it is a work problem sending an email to everyone at work advising of the problem, the incoming number, the cost so far, and that you are investigating future billing, might bring a simple end to the problem.
Find out more about the phone system you are using. If exploitation is possible, there is most likely a documented how-to on the net, which you can then mitigate.

freitasm

BDFL - Memuneh
79294 posts

Uber Geek

Administrator

ID Verified

Trusted

Geekzone

Lifetime subscriber

#539812 1-Nov-2011 09:46

Even though it's managed by an external provider, aren't you able to request access - even if it's read only - to check the rules in place in the system?

It's pretty hard to implement security if you have no knowledge of how it works. Obviously someone else knows about it more than you and this needs to be fixed.

Once you have access to the rules and find out how people managed to get access to these resources then you can request your provider to change the rules.

And yes, make sure people know you are on to it.

nate

6473 posts

Uber Geek

Retired Mod

Trusted

Lifetime subscriber

#539904 1-Nov-2011 13:46

PonderousPolly: My company has long used this 0800 number so changing it is not an option. Nor is investing in a more suitable phone management solution at present.

You can port your 0800 number to a better provider without having to change the number.

Sounds like your only options is to find a better service provider to support you. It'll only get worse from here.

cisconz

cisconz
1341 posts

Uber Geek

ID Verified

Trusted

Lifetime subscriber

#539996 1-Nov-2011 17:57

Give me a call and I can see if I can help you. Work DDI is in a PM to you

Hmmmm

PonderousPolly

2 posts

Wannabe Geek

#540042 1-Nov-2011 20:24

Thank you for your replies!! I really appreciate your assistance as this is driving me batty!

The phone system is an archaic ISDN PABX set up with the call monitoring software installed as an afterthought. I have previously used Nortel Symposium applications/VOIP and this is nowhere even close to that.
We have 6 DDI's for each person along with 5 additional virtual DDI's that have no fixed termination point and are part of a hunt group. The preferred path for the hunt group has been established so if the inbound caller selects option 2, the call will present at extn 0001 and will then hunt the next available extn (I'm not sure if the hunt is dictated by how long the next available agent has been idle, this cannot be answered by our IT or external provider). If the caller selects option 3, the call will present at extn 0005 and so forth.

I cannot confirm where the call is actually terminating so am unsure who the caller is speaking to. All reports show the call terminates at one of my virtual DDI's but there is no physical person in the department at these times physically receiving these calls so my assumption is they show as terminating internally but must be actually terminating externally. I reviewed the call history today and found calls lasting 59min in duration occuring after business hours and the termination point is a virtual DDI. I cannot track the call beyond the inhouse termination point to verify if the nuisance caller is being call forwarded to the same number each time or if they have somehow figured out how to use our 0800 number as a switchboard.

I have checked every desk phone in my department for the last 2 weeks and found none were call forwarded. I even rang them from my mobile to ensure the unanswered calls went to voicemail which they did. I have also asked the 20 somethings if any of their drunk partners were calling to leave love song messages for them for Monday morning. They assure me this is not the case..

I have phoned the nuisance caller and used the ploy "My name is xx from xx and I have a missed call from this number" which then prompted them to identify themselves. The awkward thing is this person is associated with our business yet not an employee so a quick meeting with HR isn't going to solve the problem as this person may elect not to reveal what's happening. Hence why I really want to get to the bottom of it to avoid a recurrance. There is no doubt the nuisance caller is involved in some sort of fraudulant behaviour which is worth a significant sum of money, I just need to know how they have done it and would prefer to present to them knowing what happened and have the ability to avoid anyone else doing this while my business case for a new phone system is reviewed.

I will enquire about rule information from my provider, thank you for suggesting that. Based on their lack of knowledge of our PABX, I'm not overly confident.

Staff are aware I am investigating an issue with calls to our 0800 number and coincidentally I have had contact with HR quite a bit lately for unrelated issues but hopefully the HR presence is working to make any associated parties uncomfortable.

Sharesies

Trade NZ and US shares and funds with Sharesies (affiliate link).

chevrolux

4962 posts

Uber Geek
Inactive user

#540125 1-Nov-2011 22:56

If you are running a call center wouldnt it be worth installing a proper phone system? Get a whole bunch of sip trunks. port your 0800's to them and then program the system to within an inch of it's life until it is how you like it.

One of the systems we do is Samsung which are a great system for a low cost. (A very basic system with voicemail starts around $3000).

So your system routes all call's straight to voicemail (or your IVR as you call it). Then the voicemail gives options (opt 1, opt 2) and also gives the option to enter an extension (as you said). So they enter an extension number but nobody is there to answer the phone so it goes to that extensions mailbox. from here the caller can leave a message and then 'hold for more options'. one of these options will be to enter the mailbox password. if the password has never been changed the caller knows (assuming his intentions are malicious) there are only a few different combinations (0000, 1234, 1111, etc..). Once he is in the mailbox he has the option to make an external call from the system.

so basically, whoever set the system up didnt really know what was going. you need to disable trunk-to-trunk dialing to stop this happening.
also, even if it is an old system, you should be able to block incoming callers too. There will be a table for "block incoming cli's" or something like. The system will see the caller id from the cell and then just stop the call. He will get a busy tone. However, it will rely on caller id which is obviously not hard to block.