Protect Your Business from IRSF: How Arkose Labs Stops SMS Toll Fraud

February 2, 20237 min Read

Telecommunications and finance are both complex and ever-changing industries. With the emergence of mobile technology, businesses in these areas, as well as online gaming and many others, have had to adjust their strategies and tactics to stay competitive. One of the most concerning trends preventing them from staying one step ahead of attackers is a type of fraud known as International Revenue Share Fraud (IRSF), also called SMS toll fraud or SMS pumping.

IRSF is telephony fraud that uses certain technology to initiate unauthorized calls to premium numbers. This attack exploits the SMS infrastructure of a company to make bogus calls. These calls are then charged to the victim’s phone bill, resulting in significant financial losses. And when performed at scale, the costs for businesses can quickly rise to millions of dollars. 

IRSF is not a new phenomenon and has been around since the early days of mobile technology. However, it has become a much bigger problem in recent years due to the proliferation of international calling and increased use of mobile phones. So, what do businesses need to know? 

To learn more about how Arkose Labs is protecting businesses from IRSF, 

How IRSF Works

Fraudsters engaged in IRSF or SMS toll fraud use a variety of techniques to access victims’ phone numbers and make fraudulent calls. In some cases, they use brute force attacks to guess the victim’s PIN or password. Other tactics include spoofing, which involves sending a fake SMS message from a legitimate number to the victim’s phone. The fraudsters then use the victim’s phone number to make the calls. 

Fraudsters also employ social engineering techniques such as phishing to access victims' phone numbers and make fraudulent calls. In phishing scams, bad actors send victims an email, text message, or social media post that appears to be from a legitimate source, like their bank or mobile provider, and trick them into revealing personal information, such as phone numbers or passwords. They may also use malware or spyware to gain access to victims' devices, allowing them to access their phone numbers and other sensitive information. Once the scammers have the phone number, they use it to make the fraudulent calls. 

Fraudsters engaged in IRSF may also use SIM swapping, a technique that involves swapping SIM cards on a phone number to gain control of the number and use it for their own purposes. In some cases, fraudsters may even purchase stolen phone numbers from the dark web, which they can use to make unauthorized purchases or to access other accounts. Cybercriminals may also use this information to open new accounts in the victim’s name and commit further fraud.

The financial losses associated with SMS toll fraud can be significant. The fraudsters typically charge exorbitant rates for the calls, leaving the victim with an unexpected and expensive phone bill. In some cases, the losses can be even greater if the fraudsters gain access to sensitive data such as bank account information. 

Ways to Fight IRSF

Fortunately, there are steps businesses can take to protect themselves from SMS toll fraud. The most important step is to make sure that all employees are aware of the risks associated with international calls and other telecom services. Employees should be informed of the potential risks and instructed on how to handle suspicious calls or messages. 

Businesses should also consider implementing a system that alerts them when a suspicious call or message is received. This system should be able to detect any unusual patterns or activities that may indicate the presence of fraud. In addition, businesses should ensure that their employees are using secure passwords and PINs for their accounts. 

Finally, businesses should be proactive in monitoring their telecom services for any suspicious activity. Telecom providers often offer monitoring tools that can help detect suspicious activity on their networks. Businesses should take advantage of these tools to help protect their networks from potential fraudsters, as well as their ROI. 

Early Detection Prevents Costly IRSF Losses

IRSF can be difficult to detect until it is too late, leaving businesses vulnerable to the damage fraudsters can cause. Criminals have access to a variety of tools that make it difficult for businesses to gain early visibility into these attacks, making it difficult to prevent them from occurring.

Businesses can protect themselves from these attacks by using strong anti-automation technology, like the solution provided by Arkose Labs. Fraudsters use automated scripts to commit these attacks on a large scale, so businesses need methods of identifying and stopping ”human-like” bots. As fraudsters often change their strategies to get around security measures, businesses should have a security platform that can stay up-to-date on the newest threats and adjust to them.

Businesses should also have strong fraud defenses in place in order to be resilient against the ever-evolving innovations in offensive machine learning. Accurately detecting and stopping advanced bots is essential for stopping IRSF attacks, and having access to phone intelligence data and an understanding of unused PRN ranges can provide insight into the possibility of these attacks occurring and aid in preventing them. Implementing these strategies can help to reduce the cost of fraud and IRSF attacks, allowing businesses to save money and increase their bottom line.

Arkose Labs Fights IRSF

Arkose Labs for Telecom and banking/finance incorporates any touchpoint that requires one-time passwords, such as the login flow or new account registration, in order for businesses to detect fraudulent traffic. Furthermore, thanks to its innovative in-session authentication that combines real time risk classification with interactive challenges, businesses can reduce their reliance on multi-factor authentication methods.

Accurate classification: Arkose Labs utilizes hundreds of data points, including device, network, behavior, and location, to create "telltales" which help to discern between suspicious and non-suspicious traffic. The telltales are partially informed by data obtained from our worldwide network that has been obtained from previous attacks. Furthermore, we are able to customize telltales to fit the individual needs of a merchant based on their industry, resulting in segmented traffic that can be identified as either legitimate, a bot, or a malicious human. This allows for the platform to determine if any additional screening is necessary and the type of enforcement challenge required.

Challenge and interact: To understand the purpose of traffic in a foreseeable manner, risk assessments must be integrated with secondary screening. The platform employs interactive technology which is intended to impede even the most sophisticated automation, in order to examine and impede high-risk traffic. Simultaneously, more intricate challenges are presented to human attackers, which boosts the time it takes them to complete a task, thus diminishing their return on investment. This encourages them to abandon their attempts. The platform modifies the type of challenge in accordance with the kind of attack.

Summary of SMS Toll Fraud

SMS toll fraud is a serious problem that can have significant financial implications for businesses. It is important to be aware of the risks associated with international calls and other telecom services. By educating their employees about the risks and taking steps to protect their networks, businesses can minimize the chances of becoming victims of fraud. To learn more about how Arkose Labs can help your business stay protected from SMS toll fraud, while also finding a better ROI, contact us anytime for a demo.

Trusted by Global Brands

With 20% of customers being Fortune 500 companies, Arkose Labs protects the world’s leading enterprises in major industries such as financial services, e-commerce, travel, technology, and telecommunications.