Voice Business: Preventing intrusion attempts across your network

Are your voice channels truly secure?

In today’s hyperconnected enterprise environment, voice remains a mission-critical channel for communication—especially for contact centres, global support desks, and customer engagement hubs. But this indispensable medium is increasingly under attack. As more organisations adopt cloud-based voice infrastructure, fraudsters have found new vulnerabilities to exploit.

The dual-layer defence: Outbound + Inbound

While many businesses have implemented outbound traffic monitoring, both inbound and outbound surveillance are essential for a secure voice network. Inbound traffic, especially via Toll-Free and Direct Inward Dial (DID) numbers, is often overlooked—creating a blind spot for threats that can lead to outbound fraud. For instance, what happens when an International Toll-Free Services (ITFS) number is hijacked and used to trigger outbound fraud? And what if the alert comes too late?

Will your inbound carrier alert you to suspicious traffic patterns and/or sudden spikes on your Toll-Free and DID numbers? If yes—you’re already protected. If not, here’s why it matters:

• Outbound voice traffic flows from the customer’s IP network through Tata Communications to global destinations/suppliers across A–Z countries.
• Inbound voice traffic, calls made to ITFS /DID numbers originating from global countries routed via Tata Communications then onto the customer’s IP network.

A real-world case study: How one alert prevented $200,000 in fraud

A global provider of customized software solutions with over 6,000 employees, using +50 ITFS & DID numbers with Tata Communications, also sending us more than 60% of their international outbound voice traffic.

On a given Saturday 2 AM GMT, our 24/7 fraud prevention team detected a sharp 500% spike in traffic to one of the customer’s USA ITFS numbers (1800-xxx-xxxx). Since weekend volumes are typically lower than weekday traffic, this surge stood out.

An alert was immediately sent to the customer, along with call detail records (CDRs), for review. No traffic was blocked initially, as some customers conduct software migrations over the weekend, often involving long-duration calls.

20 Minutes Later – A multitude of outbound calls were observed toward high-cost/risk destinations, using the ITFS number as the CLID (caller line identification). The calls showed sequential, repeating called number series to a variety of destinations such as Lesotho, Madagascar and St. Lucia. Such patterns are a clear marker for IRSF *.

Our team immediately blocked the traffic using the fraud release code 603, a non-routable signalling release that prevents reattempts even via alternate providers, thus securing the customer even further.

Taking control before the breach spreads

While we awaited customer response to our intervention, another wave of traffic attempts was observed toward: Poland, Tunisia, Turks & Caicos and Zimbabwe.

To validate the suspect fraud, Tata Communications simulated calls samples using the same CLID (Calling Line Identification) 1800-xxx-xxxx and targeted numbers. These revealed repetitive, fake IVRs—confirming they were revenue share numbers (IRSF).

In order to protect the customer from serious financial exposure, a decision was made to block the customer’s entire outbound traffic (A–Z destinations) for the weekend.  This, based on blocked attempts ultimately prevented losses estimated at $200,000.

Breach Confirmation

Subsequent to customer investigation, it was confirmed that their USA ITFS number had been compromised through brute-force PIN intrusion and/or stolen credentials. Once inside the call centre platform, hackers launched outbound calls to revenue share numbers.

Conclusion

No one really thinks about inbound/outbound call surveillance before it’s too late.

Using Tata Communications as both your inbound and outbound telecom carrier enhances the protection of your business. Our comprehensive monitoring and detection capabilities ensure that suspicious traffic patterns and sudden spikes are identified and addressed promptly. By leveraging our expertise and technology, businesses can safeguard their communication channels and prevent potential fraud.

Don’t wait for fraud to occur. Build a secure voice foundation today.

Learn more about our voice solutions at www.tatacommunications.com

*Telephone numbers within a country are typically assigned from the Regulator to various licensed carriers. Such carriers allocate them to mobile subscribers, businesses, residences etc. Some carriers also engage in allocating number(s) / ranges to resellers that use them for services, i.e. chat lines, horoscope, gaming etc. Often what happens in certain situations is that no real services actually exists and/or fake IVRs/recordings are heard as a pre-text for a service. The traffic is sent to the official number range owner then the reseller who shares the revenue with call initiator/hacker. Often carriers who perform such activity typically increase their per minute rate as a result of offsetting yearly declines due to alternate forms of communications. Since these numbers and/or ranges are often part of the same “pricing breakout” and are not openly advertised it is exceedingly difficult to identify them without a fraud monitoring system as well as testing platform. What ultimately occurs following a customer’s telecom system breach through which such traffic is funneled is called in the industry International Revenue Share Fraud (IRSF). The 7 countries mentioned in the article all have revenue share numbers that Tata Communications has identified and blocked for all its customers worldwide.  Note that revenue share numbers exist in hundreds of networks worldwide.