/projects‎ > ‎ss7/ОКС7‎ > ‎

Fraud schemes

Here we explain known/popular fraud schemes. For educational use only!

Roaming fraud

posted 1 Sep 2010, 22:21 by Fyodor Bom

Typically abuses delay in billing information transfer from one operator to another. SMS fraud techniques are applicable to monetize on these fraud schemes.

Phishing schemes using SMS payment

posted 1 Sep 2010, 21:27 by Fyodor Bom

Common to see phishing web sites which abuse sms payment gateways.  Typical services, which are offered by these gateways are: SMS-key, SMS-safe, SMS-bank.

SMS-key -> user sends sms to a number and enters verification code (max. payment around $5USD)
SMS-safe -> similar to SMS-key with the only difference that the available balance is higher ($30USD) and each transaction needs to be confirmed by Operator.
SMS-bank -> larger transactions. typically require additional paper work.

The actual fraud scheme is quite straight-forward. The billing is registered with one of billing providers (i.e. www.smscoin.com ) for fake shop that sells *air* and then promoted using spam-dvertising. The goal is to collect a small amount of money from a large number of people. To prevent "blacklisting" by the billing system, refund requests are honored.  Initiator of the fraud is typically collecting 45% of SMS "value".

Various methods utilized to trick users into sending SMS messages to fraudilent numbers. (scareware, "to unlock your number, send message to X", etc..)

SMS fraud schemes using SMS2<online currency> exchange points

posted 1 Sep 2010, 21:15 by Fyodor Bom   [ updated 1 Sep 2010, 21:26 ]

This is a variation of "short number" fraud. Also abuses billing system delays/down times.

 SMS2WMZ services are widely available (i.e. http://smsobmen.com/) and frequently used in these schemes. The prepaid numbers are main target in this case. Primarily small Operators with slow "balance update" are targetted. (there are known operators in Russia where it takes up to 30 minutes for them to "sync" balance. Nuts!)

- Abuse of "free balance" in exchange for registration schemes. (after balance is increased, it is converted into WMZ via such exchange points)

- Abuse of "pay via SMS" services.

"Direct" Fraud with SMS short numbers

posted 1 Sep 2010, 20:54 by Fyodor Bom

Ref: http://www.fssr.ru/hz.php?name=News&file=article&sid=9409
This scheme uses prepaid SIM cards, which can send SMS messages to so called short numbers (http://en.wikipedia.org/wiki/Short_code) The person coducting fraud  rents these numbers so he collects fees from each incoming SMS.

Fraud scheme:
For each number, the prepaid number balance is periodically requested from the Carrier. As soon as billing system becomes temporally unavailable,the time window is used to launch a flood of SMS messages to "short numbers" so prepaid card balance becomes negative.

Status: to be verified

1-4 of 4