Cybersecurity threats are constantly evolving, but there’s one type of fraud that has telecom companies, VoIP providers, and enterprises losing millions of dollars annually while flying under the radar of many organizations. Welcome to the world of International Revenue Share Fraud (IRSF)—a sophisticated scam exploiting telecom systems to rake in profits for fraudsters at the expense of unsuspecting businesses.
IRSF is more than just toll fraud; it’s a complex, global operation that targets vulnerabilities in telecom networks, leverages insider tactics, and manipulates communication channels. If you’re in the telecom, enterprise VoIP, or communications sector, this is a risk you can’t afford to ignore. Read on to understand how IRSF attacks work, who the typical targets are, and what you can do to prevent becoming a victim of this costly exploitation.
What is IRSF?
International Revenue Share Fraud (IRSF) involves bad threat actors exploiting telecom systems to artificially generate international call traffic toward premium-rate numbers. These premium numbers often belong to overseas carriers or shell entities owned by fraudsters.
Here’s how it works in simpler terms:
Attackers compromise a telecom system (like a PBX or VoIP platform).
They artificially route large quantities of call traffic to high-fee international numbers.
These premium numbers generate revenue that is then shared between the fraudsters and the overseas telecom organizations involved.
Think of it as selling a product no one wants, inflating demand, and splitting the profits with your accomplices.
Why is IRSF a growing concern?
The revenue leakage caused by IRSF is staggering. Businesses can lose tens of thousands of dollars in fraudulent call traffic in a matter of hours. And that’s not to mention the reputational damage and operational disruption.
Here are some shocking examples:
A doctor’s office in Maryland became a victim of telephony fraud when its voicemail system was compromised over a weekend, resulting in a $2 million phone bill. (transnexus.com)
A ReMax real estate office in St. Petersburg, Florida, faced a $600,000 phone bill after their AT&T phone system was hacked to generate over 2,000 international long-distance calls. (transnexus.com)
Add to this the low detection rates in legacy systems and the increasing reliance on unified communications platforms, and it’s clear why IRSF remains such a lucrative avenue for cybercriminals.
How IRSF attacks work
IRSF attacks are methodical and use a combination of technical expertise and system vulnerabilities. Here’s a breakdown:
Methods of access
PBX Hacking
Hackers exploit outdated or poorly configured PBX (Private Branch Exchange) systems to gain access to a business’s internal communications.
VoIP System Compromise
Vulnerabilities in VoIP systems are exploited using brute force attacks, credential stuffing, or phishing to control call routing.
Call Forwarding Misconfiguration
Open call forwarding options allow attackers to redirect legitimate calls to premium numbers without the organization’s knowledge.
Once Access Is Gained
Massive Automated Call Traffic
Fraudsters use scripts to route thousands of calls to premium-rate international numbers.
Revenue Sharing
Fees from these high-cost numbers are shared between the fraudsters, overseas carriers, and sometimes even shell companies acting as accomplices.
The result? Devastating financial losses for the victimized organization.
Key targets of IRSF attacks
Who’s most at risk? Any organization reliant on VoIP, PBX, or telecom systems is vulnerable.
Here are the top targets:
VoIP Service Providers: Often targeted for their access to voice services and international call routes.
Mobile Network Operators (MNOs): Mobile carriers can suffer major revenue leakage from compromised international call features.
Unified Communications Systems: Services like Zoom Phone and Microsoft Teams are becoming lucrative targets for fraudsters.
Enterprise PBX Systems: Especially SIP-based systems, these are prime targets for hackers exploiting lax security configurations.
Contact Centers and Hospitals: Organizations with open outbound dialing policies or handling sensitive data make easy prey for attackers.
Detection and prevention techniques
Stopping IRSF requires vigilance, proactive strategies, and advanced tools. Here's how organizations can detect and prevent these attacks:
Monitoring and analytics
Call Volume Anomalies: Continuously monitor for unusual spikes in call traffic.
Advanced Detection Systems: Leverage AI and machine learning tools to identify suspicious activity in real time.
System configuration
Call Limits and Geo-Fencing: Set call limits and restrict outbound traffic to pre-approved regions.
International Call Forwarding: Disable unless explicitly required, reducing potential entry points.
Regular audits
Perform routine updates and audits of PBX and VoIP configurations to patch vulnerabilities.
Use penetration testing to simulate attacks and identify weaknesses.
These steps ensure a layered defense, minimize risks, and improve responsiveness to IRSF attempts.
Why IRSF matters
IRSF is not just a telecom problem; it’s a cybersecurity issue that overlaps with other vectors like insider threats, supply chain vulnerabilities, and BEC (business email compromise). Here’s why this should be on your radar:
High-Value Financial Losses: A single attack can cost businesses tens to hundreds of thousands of dollars.
Attacks Occur During Off-Hours: Cybercriminals strike during weekends or holidays when IT teams are less vigilant.
Legacy System Vulnerabilities: Many companies still rely on outdated systems incapable of detecting IRSF.
If your organization handles communication networks, considering IRSF as part of your overall cybersecurity strategy is non-negotiable.
FAQs
IRSF, aka International Revenue Share Fraud, is like a phone system heist. Cybercriminals exploit telecom systems to flood premium-rate international numbers with calls. The scam? These fraudsters cut deals with shady overseas carriers to rake in a slice of the call revenue. IRSF often falls under the broader bucket of voice fraud, targeting systems like VoIP platforms, PBX systems, and unified communications tools.
Here’s the play-by-play for IRSF attacks:
Bad actors compromise a company’s voice infrastructure (think PBX systems or VoIP servers).
They use it to make a ton of high-cost international calls.
These calls connect to premium-rate numbers where attackers, or their sketchy partners, earn a cut of the call revenue.
What makes this nasty? Fraudulent traffic often flies under the radar, racking up jaw-dropping bills before it’s caught.
Hackers have a bag of tricks for this one. Typical moves include:
Exploiting misconfigured VoIP gateways or shaky SIP servers
Hijacking PBX systems (often using weak or default passwords 🤦)
Firing off business email compromise (BEC) scams to fool employees into setting up call forwarding
Taking advantage of weekends or holidays when no one’s watching
Once they break in, it’s time for automated call campaigns to skyrocket those bills.
Good news—there are steps you can take to block these sneaky attacks. Start with these strategies:
Set up strong passwords and airtight access controls for voice systems
Disable international or high-cost calling if you don’t need it
Use call rate limiting and fraud detection rules to flag weird activity
Make regular call log audits part of your routine
Deploy VoIP-aware firewalls and intrusion detection tools
Think of it like a digital bouncer for your phone systems.
Brace yourself—IRSF breaches can cost tens or even hundreds of thousands of dollars in unauthorized charges. Worse, these attacks usually hit during off-hours, so they can quietly bleed money until you catch them. Beyond the direct financial loss, there’s the headache of:
Service interruptions
Damaged vendor relationships
Potential fines for failing to manage telecom risks
Long story short? It’s a pricey mess.
Yep, but you’ll need the right tools for the job. Advanced telecom fraud management systems (FMS) and AI-driven anomaly detection platforms are up to the task. These tools monitor:
Call patterns
Traffic volume spikes
Unusual destinations
All in real time to flag suspicious behavior. Bonus points if you integrate this data into your SIEM platform for even sharper detection.
While both IRSF and toll fraud involve sketchy calling activity, they’re not twins.
Toll fraud is often about scammers using stolen credentials to make free long-distance or premium calls for personal reasons.
IRSF is way more organized and monetized. It’s a business model for fraudsters, complete with revenue-sharing from international call traffic. Think criminal partnerships or even telecom insiders pulling strings.
IRSF takes the scam game to a whole new level.
Strengthen your defense against IRSF
IRSF is a serious, evolving threat that businesses and telecom providers cannot afford to overlook. By understanding how these attacks work, identifying vulnerabilities, and adopting proactive measures, organizations can significantly mitigate their risks.
Collaboration is key. Security and telecom teams must work together to stay ahead of these sophisticated fraudsters. Implementing fraud detection systems, auditing configurations, and taking a proactive approach to system security are the steps you can take today to safeguard your network.
Protect What Matters
