Taiwan Tati Cultural and Educational Foundation

 
  • Increase font size
  • Default font size
  • Decrease font size
Home Editorials of Interest Taipei Times Three strategies to stop phone fraud

Three strategies to stop phone fraud

Perpetrators carrying out transnational telecommunications fraud originally came from Taichung. The typical pattern of attack is Taiwanese fraudsters relocate to a third country, such as Cambodia, to lure victims living in another country, such as China, to hand over money to local mules in person or deposit it in a local bank or virtual service account.

Initially, these fraudulent activities ran on telecommunications networks that required strong authentication, but since 2006, fraudsters have learned to exploit voice-over IP technology to evade detection and tracking by law enforcement agencies.

More recently, they have evolved to leverage more modern communication tools such as short message service, Facebook and other social networking sites.

As telecom fraud has grown more sophisticated and proliferated, it has become a major social problem. As a result, failure to eradicate telecom fraud has consistently ranked very high on surveys of public complaints about the government.

To curb telecom fraud, the National Communications Commission said it has urged telecoms to adopt the following two measures. First, the system should automatically block calls originating from numbers that have been blacklisted in a government-managed anti-fraud database. Second, when an incoming call begins with the numbers “+886,” indicating that the true source caller ID is masked, the system should display an alert to notify the callee.

Although these two measures might be helpful in stopping telecom fraud, they are not enough. Instead, the telecommunications industry should consider this pain point as a business opportunity, and take the initiative to leverage the massive amount of information available and the unique service position of a telecom to develop an easy-to-deploy solution that could solve the problem.

The following are three ideas that could effectively stop telecom fraud. They can operate independently, but also complement one another.

The first is to aggressively detect phone numbers that perpetrators use to carry out telecom fraud based on their specific usage patterns. Telecom fraudsters need to continuously make tens or hundreds of phone calls a day before they succeed in defrauding someone. As such, the caller’s number usually shows a unique combination of the following three call patterns: (1) the number of calls it makes within a unit of time is many times higher than that of phones used by ordinary people; (2) the numbers it calls are rarely repeated, and the callee numbers are not correlated in any obvious way; and (3) it rarely receives calls.

Based on the above patterns, after a telecom allocates a phone number to a new user, it should keep track of the usage pattern of this number for a period to determine whether it is being used for fraud.

The operator could work with law enforcement authorities to carry out an in-depth content analysis of some of the calls initiated by a suspect number to ascertain whether it is indeed being used for fraud. The implementation of the above mechanism is relatively straightforward, and the false positive rate is likely to be close to zero.

Telecom fraudsters take advantage of victims’ confusion and panic to induce them to make rash judgements. To combat this, telecoms could, using the latest telecom fraud techniques, mount high-fidelity simulated attacks on a target user, and, after each drill, explain to the “victim” the attacker’s specific techniques and their mistakes in the process, thereby enhancing each target user’s overall readiness to handle real-world fraudulent calls.

A similar drill mechanism has achieved great success in protecting users against malicious e-mail attacks, and should be equally effective in improving users’ immunity against telecom fraud. Moreover, since telecoms have access to subscribers’ personal information, they could leverage this to increase the degree of believability of simulated fraud attacks.

The third is to deploy a robot telephone assistant to answer calls from a unknown number, filter out fraudulent, advertising, sales or harassing calls, and then decide whether to transfer them to the user it serves. To do its job well, this robot assistant must keep abreast of the latest wording, routines and tricks used by telecom fraudsters. It should also have the capability to identify the caller’s organization, look up the organization’s number and call back. Such call-back capability would significantly increase the difficulty of perpetrating telecom fraud.

With the advent of ChatGPT, people are worried that telecom fraudsters might use the technology to automate and scale up their operations. However, the good guys could apply the same ChatGPT technology to, for example, facilitate the implementation of the three anti-telecom-fraud ideas described above.

In the constant technological tug-of-war between telecom fraudsters and their nemesis, which side eventually wins out would depend critically on the extent to which they could innovate on top of ChatGPT.

Chiueh Tzi-cker is a joint appointment professor in the Institute of Information Security at National Tsing Hua University.


Source: Taipei Times - Editorials 2023/08/03



Add this page to your favorite Social Bookmarking websites
Reddit! Del.icio.us! Mixx! Google! Live! Facebook! StumbleUpon! Facebook! Twitter!  
 

Newsflash

Residents in Urumqi demanded further action yesterday after the sacking of two top officials in the restive Xinjiang region over syringe attacks that sparked deadly protests.

The Communist Party chief of Xinjiang’s capital Urumqi and the region’s top police official were dismissed on Saturday in the wake of the protests that left five people dead, but residents said the sackings were not enough.