huntress logo
Glitch effect
Glitch effect

Cybersecurity threats are constantly evolving, but there’s one type of fraud that has telecom companies, VoIP providers, and enterprises losing millions of dollars annually while flying under the radar of many organizations. Welcome to the world of International Revenue Share Fraud (IRSF)—a sophisticated scam exploiting telecom systems to rake in profits for fraudsters at the expense of unsuspecting businesses.

IRSF is more than just toll fraud; it’s a complex, global operation that targets vulnerabilities in telecom networks, leverages insider tactics, and manipulates communication channels. If you’re in the telecom, enterprise VoIP, or communications sector, this is a risk you can’t afford to ignore. Read on to understand how IRSF attacks work, who the typical targets are, and what you can do to prevent becoming a victim of this costly exploitation.

What is IRSF?

International Revenue Share Fraud (IRSF) involves bad threat actors exploiting telecom systems to artificially generate international call traffic toward premium-rate numbers. These premium numbers often belong to overseas carriers or shell entities owned by fraudsters.

Here’s how it works in simpler terms:

  • Attackers compromise a telecom system (like a PBX or VoIP platform).

  • They artificially route large quantities of call traffic to high-fee international numbers.

  • These premium numbers generate revenue that is then shared between the fraudsters and the overseas telecom organizations involved.

Think of it as selling a product no one wants, inflating demand, and splitting the profits with your accomplices.

Why is IRSF a growing concern?

The revenue leakage caused by IRSF is staggering. Businesses can lose tens of thousands of dollars in fraudulent call traffic in a matter of hours. And that’s not to mention the reputational damage and operational disruption.

Here are some shocking examples:

  • A doctor’s office in Maryland became a victim of telephony fraud when its voicemail system was compromised over a weekend, resulting in a $2 million phone bill. (transnexus.com)

  • A ReMax real estate office in St. Petersburg, Florida, faced a $600,000 phone bill after their AT&T phone system was hacked to generate over 2,000 international long-distance calls. (transnexus.com)

Add to this the low detection rates in legacy systems and the increasing reliance on unified communications platforms, and it’s clear why IRSF remains such a lucrative avenue for cybercriminals.

How IRSF attacks work

IRSF attacks are methodical and use a combination of technical expertise and system vulnerabilities. Here’s a breakdown:

Methods of access

  • PBX Hacking

Hackers exploit outdated or poorly configured PBX (Private Branch Exchange) systems to gain access to a business’s internal communications.

  • VoIP System Compromise

Vulnerabilities in VoIP systems are exploited using brute force attacks, credential stuffing, or phishing to control call routing.

  • Call Forwarding Misconfiguration

Open call forwarding options allow attackers to redirect legitimate calls to premium numbers without the organization’s knowledge.

Once Access Is Gained

  • Massive Automated Call Traffic

Fraudsters use scripts to route thousands of calls to premium-rate international numbers.

  • Revenue Sharing

Fees from these high-cost numbers are shared between the fraudsters, overseas carriers, and sometimes even shell companies acting as accomplices.

The result? Devastating financial losses for the victimized organization.

Key targets of IRSF attacks

Who’s most at risk? Any organization reliant on VoIP, PBX, or telecom systems is vulnerable.

Here are the top targets:

  • VoIP Service Providers: Often targeted for their access to voice services and international call routes.

  • Mobile Network Operators (MNOs): Mobile carriers can suffer major revenue leakage from compromised international call features.

  • Unified Communications Systems: Services like Zoom Phone and Microsoft Teams are becoming lucrative targets for fraudsters.

  • Enterprise PBX Systems: Especially SIP-based systems, these are prime targets for hackers exploiting lax security configurations.

  • Contact Centers and Hospitals: Organizations with open outbound dialing policies or handling sensitive data make easy prey for attackers.

Detection and prevention techniques

Stopping IRSF requires vigilance, proactive strategies, and advanced tools. Here's how organizations can detect and prevent these attacks:

Monitoring and analytics

  • Call Volume Anomalies: Continuously monitor for unusual spikes in call traffic.

  • Advanced Detection Systems: Leverage AI and machine learning tools to identify suspicious activity in real time.

System configuration

  • Call Limits and Geo-Fencing: Set call limits and restrict outbound traffic to pre-approved regions.

  • International Call Forwarding: Disable unless explicitly required, reducing potential entry points.

Regular audits

  • Perform routine updates and audits of PBX and VoIP configurations to patch vulnerabilities.

  • Use penetration testing to simulate attacks and identify weaknesses.

These steps ensure a layered defense, minimize risks, and improve responsiveness to IRSF attempts.

Why IRSF matters

IRSF is not just a telecom problem; it’s a cybersecurity issue that overlaps with other vectors like insider threats, supply chain vulnerabilities, and BEC (business email compromise). Here’s why this should be on your radar:

  • High-Value Financial Losses: A single attack can cost businesses tens to hundreds of thousands of dollars.

  • Attacks Occur During Off-Hours: Cybercriminals strike during weekends or holidays when IT teams are less vigilant.

  • Legacy System Vulnerabilities: Many companies still rely on outdated systems incapable of detecting IRSF.

If your organization handles communication networks, considering IRSF as part of your overall cybersecurity strategy is non-negotiable.

FAQs

Glitch effectBlurry glitch effect

Strengthen your defense against IRSF

IRSF is a serious, evolving threat that businesses and telecom providers cannot afford to overlook. By understanding how these attacks work, identifying vulnerabilities, and adopting proactive measures, organizations can significantly mitigate their risks.

Collaboration is key. Security and telecom teams must work together to stay ahead of these sophisticated fraudsters. Implementing fraud detection systems, auditing configurations, and taking a proactive approach to system security are the steps you can take today to safeguard your network.

Protect What Matters

Secure endpoints, email, and employees with the power of our 24/7 SOC. Try Huntress for free and deploy in minutes to start fighting threats.
Try Huntress for Free