Don’t let overlooked obligations become incidents. Learn how.
Utility navigation bar redirect icon
Portal LoginSupportBlogContact
Search
Close search
Huntress Logo in Teal
  • Platform Overview
    Managed EDR

    Get full endpoint visibility, detection, and response.

    Managed EDR

    Get full endpoint visibility, detection, and response.

    Managed ITDR: Identity Threat Detection and Response

    Protect your Microsoft 365 and Google Workspace identities and email environments.

    Managed ITDR: Identity Threat Detection and Response

    Protect your Microsoft 365 and Google Workspace identities and email environments.

    Managed SIEM

    Managed threat response and robust compliance support at a predictable price.

    Managed SIEM

    Managed threat response and robust compliance support at a predictable price.

    Managed Security Awareness Training Software

    Empower your teams with science-backed security awareness training.

    Managed Security Awareness Training Software

    Empower your teams with science-backed security awareness training.

    Managed ISPM

    Continuous Microsoft 365 and identity hardening, managed and enforced by Huntress experts.

    Managed ISPM

    Continuous Microsoft 365 and identity hardening, managed and enforced by Huntress experts.

    Managed ESPM

    Proactively secure endpoints against attacks.

    Managed ESPM

    Proactively secure endpoints against attacks.

    Integrations
    Integrations
    Support Documentation
    Support Documentation
    See Huntress in Action

    Quickly deploy and manage real-time protection for endpoints, email, and employees - all from a single dashboard.

    Huntress Cybersecurity
    See Huntress in Action

    Quickly deploy and manage real-time protection for endpoints, email, and employees - all from a single dashboard.

    Huntress Cybersecurity
  • Threats We Stop
    Phishing
    Phishing
    Business Email Compromise
    Business Email Compromise
    Ransomware
    Ransomware
    Infostealers
    Infostealers
    View Allright arrowView Allright arrow
    Industries We Serve
    Education
    Education
    Financial Services
    Financial Services
    State and Local Government
    State and Local Government
    Healthcare
    Healthcare
    Law Firms
    Law Firms
    Manufacturing
    Manufacturing
    Utilities
    Utilities
    View Allright arrowView Allright arrow
    Tailored Solutions
    MSPs
    MSPs
    Resellers
    Resellers
    SMBs
    SMBs
    Compliance
    Compliance
    What Gets Overlooked Gets Exploited

    Most days, nothing happens. But one day, something will.

    Huntress Cybersecurity
    Cybercriminals Have Evolved

    Get the intel on today’s cybercriminal groups and learn how to protect yourself.

    Huntress Cybersecurity
  • Pricing
  • Community Series
    The Product Lab

    Shape the next big thing in cybersecurity together.

    The Product Lab

    Shape the next big thing in cybersecurity together.

    Fireside Chat

    Real people. Real perspectives. Better conversations.

    Fireside Chat

    Real people. Real perspectives. Better conversations.

    Tradecraft Tuesday

    No products, no pitches – just tradecraft.

    Tradecraft Tuesday

    No products, no pitches – just tradecraft.

    _declassified

    Exposing hidden truths in the world of cybersecurity.

    _declassified

    Exposing hidden truths in the world of cybersecurity.

    Resources
    Upcoming Events
    Upcoming Events
    Ebooks
    Ebooks
    On-Demand Webinars
    On-Demand Webinars
    Videos
    Videos
    Whitepapers
    Whitepapers
    Datasheets
    Datasheets
    Cybersecurity Education
    Cybersecurity 101
    Cybersecurity 101
    Cybersecurity Guides
    Cybersecurity Guides
    Threat Library
    Threat Library
    Real Tradecraft, Real Results
    Real Tradecraft, Real Results
    2026 Cyber Threat Report
    2026 Cyber Threat Report
    The Huntress Blog
    When Cybersecurity and Cyber Insurance Don’t Quite Connect—And What We’re Doing Differently with Acrisure
    Huntress Cybersecurity
    When Cybersecurity and Cyber Insurance Don’t Quite Connect—And What We’re Doing Differently with Acrisure
    Huntress Cybersecurity
    How EvilTokens Turbocharges Old School Phishing with AI
    Huntress Cybersecurity
    How EvilTokens Turbocharges Old School Phishing with AI
    Huntress Cybersecurity
    “Service Agreement” Email Kickstarts Rogue RMM Tiflux Triple Threat
    Huntress Cybersecurity
    “Service Agreement” Email Kickstarts Rogue RMM Tiflux Triple Threat
    Huntress Cybersecurity
  • Why Huntress

    Go beyond AI in the fight against today’s hackers with Huntress Managed EDR purpose-built for your needs

    Huntress Cybersecurity
    Why Huntress

    Go beyond AI in the fight against today’s hackers with Huntress Managed EDR purpose-built for your needs

    Huntress Cybersecurity
    The Huntress SOC

    24/7 Security Operations Center

    The Huntress SOC

    24/7 Security Operations Center

    Reviews

    Why businesses of all sizes trust Huntress to defend their assets

    Reviews

    Why businesses of all sizes trust Huntress to defend their assets

    Case Studies

    Learn directly from our partners how Huntress has helped them

    Case Studies

    Learn directly from our partners how Huntress has helped them

    Community

    Get in touch with the Huntress Community team

    Community

    Get in touch with the Huntress Community team

    Compare Huntress
    Bitdefender
    Bitdefender
    Blackpoint
    Blackpoint
    Breach Secure Now!
    Breach Secure Now!
    Crowdstrike
    Crowdstrike
    Datto
    Datto
    SentinelOne
    SentinelOne
    Sophos
    Sophos
    Compare Allright arrowCompare Allright arrow
  • HUNTRESS HUB

    Login to access top-notch marketing resources, tools, and training.

    Huntress Cybersecurity
    HUNTRESS HUB

    Login to access top-notch marketing resources, tools, and training.

    Huntress Cybersecurity
    Partners
    MSPs

    Join our partner community to deliver expert-led managed security.

    MSPs

    Join our partner community to deliver expert-led managed security.

    Resellers

    Partner program designed to grow your cybersecurity business.

    Resellers

    Partner program designed to grow your cybersecurity business.

    Tech Alliances

    Driving innovation through global technology Partnerships

    Tech Alliances

    Driving innovation through global technology Partnerships

    Microsoft Partnership

    A Level-Up for Your Business Security

    Microsoft Partnership

    A Level-Up for Your Business Security

  • Press Release
    Huntress Announces Collaboration with Microsoft to Strengthen Cybersecurity for Businesses of All Sizes
    Huntress Cybersecurity
    Press Release
    Huntress Announces Collaboration with Microsoft to Strengthen Cybersecurity for Businesses of All Sizes
    Huntress Cybersecurity
    Our Story

    We're on a mission to shatter the barriers to enterprise-level security.

    Our Story

    We're on a mission to shatter the barriers to enterprise-level security.

    Newsroom

    Explore press releases, news articles, media interviews and more.

    Newsroom

    Explore press releases, news articles, media interviews and more.

    Meet the Team

    Founded by former NSA Cyber Operators. Backed by security researchers.

    Meet the Team

    Founded by former NSA Cyber Operators. Backed by security researchers.

    Careers

    Ready to shake up the cybersecurity world? Join the hunt.

    Careers

    Ready to shake up the cybersecurity world? Join the hunt.

    Awards
    Awards
    Contact Us
    Contact Us
  • Portal Login
  • Support
  • Blog
  • Contact
  • Search
  • Get a Demo
  • Start for Free
Portal LoginSupportBlogContact
Search
Close search
Get a Demo
Start for Free
HomeCybersecurity 101
IRSF

What Is IRSF in Cybersecurity?

Written by: Brenda Buckman

Published: 9/8/2025

woman at laptop
ChatGPT logoChatGPTOpens in new tabClaude logoClaudeOpens in new tabPerplexity logoPerplexityOpens in new tabGoogle Gemini logoGoogle AIOpens in new tab
AI sparkle iconSummarize This Page
ChatGPT logoChatGPTOpens in new tabClaude logoClaudeOpens in new tabPerplexity logoPerplexityOpens in new tabGoogle Gemini logoGoogle AIOpens in new tab
On This Page
What is IRSF?
Why is IRSF a growing concern?
How IRSF attacks work
Key targets of IRSF attacks
Detection and prevention techniques
Why IRSF matters
Strengthen your defense against IRSF

Cybersecurity threats are constantly evolving, but there’s one type of fraud that has telecom companies, VoIP providers, and enterprises losing millions of dollars annually while flying under the radar of many organizations. Welcome to the world of International Revenue Share Fraud (IRSF)—a sophisticated scam exploiting telecom systems to rake in profits for fraudsters at the expense of unsuspecting businesses.

IRSF is more than just toll fraud; it’s a complex, global operation that targets vulnerabilities in telecom networks, leverages insider tactics, and manipulates communication channels. If you’re in the telecom, enterprise VoIP, or communications sector, this is a risk you can’t afford to ignore. Read on to understand how IRSF attacks work, who the typical targets are, and what you can do to prevent becoming a victim of this costly exploitation.

What is IRSF?

International Revenue Share Fraud (IRSF) involves bad threat actors exploiting telecom systems to artificially generate international call traffic toward premium-rate numbers. These premium numbers often belong to overseas carriers or shell entities owned by fraudsters.

Here’s how it works in simpler terms:

  • Attackers compromise a telecom system (like a PBX or VoIP platform).

  • They artificially route large quantities of call traffic to high-fee international numbers.

  • These premium numbers generate revenue that is then shared between the fraudsters and the overseas telecom organizations involved.

Think of it as selling a product no one wants, inflating demand, and splitting the profits with your accomplices.

Why is IRSF a growing concern?

The revenue leakage caused by IRSF is staggering. Businesses can lose tens of thousands of dollars in fraudulent call traffic in a matter of hours. And that’s not to mention the reputational damage and operational disruption.

Here are some shocking examples:

  • A doctor’s office in Maryland became a victim of telephony fraud when its voicemail system was compromised over a weekend, resulting in a $2 million phone bill. (transnexus.com)

  • A ReMax real estate office in St. Petersburg, Florida, faced a $600,000 phone bill after their AT&T phone system was hacked to generate over 2,000 international long-distance calls. (transnexus.com)

Add to this the low detection rates in legacy systems and the increasing reliance on unified communications platforms, and it’s clear why IRSF remains such a lucrative avenue for cybercriminals.

How IRSF attacks work

IRSF attacks are methodical and use a combination of technical expertise and system vulnerabilities. Here’s a breakdown:

Methods of access

  • PBX Hacking

Hackers exploit outdated or poorly configured PBX (Private Branch Exchange) systems to gain access to a business’s internal communications.

  • VoIP System Compromise

Vulnerabilities in VoIP systems are exploited using brute force attacks, credential stuffing, or phishing to control call routing.

  • Call Forwarding Misconfiguration

Open call forwarding options allow attackers to redirect legitimate calls to premium numbers without the organization’s knowledge.

Once Access Is Gained

  • Massive Automated Call Traffic

Fraudsters use scripts to route thousands of calls to premium-rate international numbers.

  • Revenue Sharing

Fees from these high-cost numbers are shared between the fraudsters, overseas carriers, and sometimes even shell companies acting as accomplices.

The result? Devastating financial losses for the victimized organization.

Key targets of IRSF attacks

Who’s most at risk? Any organization reliant on VoIP, PBX, or telecom systems is vulnerable.

Here are the top targets:

  • VoIP Service Providers: Often targeted for their access to voice services and international call routes.

  • Mobile Network Operators (MNOs): Mobile carriers can suffer major revenue leakage from compromised international call features.

  • Unified Communications Systems: Services like Zoom Phone and Microsoft Teams are becoming lucrative targets for fraudsters.

  • Enterprise PBX Systems: Especially SIP-based systems, these are prime targets for hackers exploiting lax security configurations.

  • Contact Centers and Hospitals: Organizations with open outbound dialing policies or handling sensitive data make easy prey for attackers.

Detection and prevention techniques

Stopping IRSF requires vigilance, proactive strategies, and advanced tools. Here's how organizations can detect and prevent these attacks:

Monitoring and analytics

  • Call Volume Anomalies: Continuously monitor for unusual spikes in call traffic.

  • Advanced Detection Systems: Leverage AI and machine learning tools to identify suspicious activity in real time.

System configuration

  • Call Limits and Geo-Fencing: Set call limits and restrict outbound traffic to pre-approved regions.

  • International Call Forwarding: Disable unless explicitly required, reducing potential entry points.

Regular audits

  • Perform routine updates and audits of PBX and VoIP configurations to patch vulnerabilities.

  • Use penetration testing to simulate attacks and identify weaknesses.

These steps ensure a layered defense, minimize risks, and improve responsiveness to IRSF attempts.

Why IRSF matters

IRSF is not just a telecom problem; it’s a cybersecurity issue that overlaps with other vectors like insider threats, supply chain vulnerabilities, and BEC (business email compromise). Here’s why this should be on your radar:

  • High-Value Financial Losses: A single attack can cost businesses tens to hundreds of thousands of dollars.

  • Attacks Occur During Off-Hours: Cybercriminals strike during weekends or holidays when IT teams are less vigilant.

  • Legacy System Vulnerabilities: Many companies still rely on outdated systems incapable of detecting IRSF.

If your organization handles communication networks, considering IRSF as part of your overall cybersecurity strategy is non-negotiable.

Strengthen your defense against IRSF

IRSF is a serious, evolving threat that businesses and telecom providers cannot afford to overlook. By understanding how these attacks work, identifying vulnerabilities, and adopting proactive measures, organizations can significantly mitigate their risks.

Collaboration is key. Security and telecom teams must work together to stay ahead of these sophisticated fraudsters. Implementing fraud detection systems, auditing configurations, and taking a proactive approach to system security are the steps you can take today to safeguard your network.

ChatGPT logoChatGPTOpens in new tabClaude logoClaudeOpens in new tabPerplexity logoPerplexityOpens in new tabGoogle Gemini logoGoogle AIOpens in new tab
AI sparkle iconSummarize This Page
ChatGPT logoChatGPTOpens in new tabClaude logoClaudeOpens in new tabPerplexity logoPerplexityOpens in new tabGoogle Gemini logoGoogle AIOpens in new tab
On This Page
What is IRSF?
Why is IRSF a growing concern?
How IRSF attacks work
Key targets of IRSF attacks
Detection and prevention techniques
Why IRSF matters
Strengthen your defense against IRSF

FAQs

IRSF, aka International Revenue Share Fraud, is like a phone system heist. Cybercriminals exploit telecom systems to flood premium-rate international numbers with calls. The scam? These fraudsters cut deals with shady overseas carriers to rake in a slice of the call revenue. IRSF often falls under the broader bucket of voice fraud, targeting systems like VoIP platforms, PBX systems, and unified communications tools.

Here’s the play-by-play for IRSF attacks:

  • Bad actors compromise a company’s voice infrastructure (think PBX systems or VoIP servers).

  • They use it to make a ton of high-cost international calls.

  • These calls connect to premium-rate numbers where attackers, or their sketchy partners, earn a cut of the call revenue.

    • What makes this nasty? Fraudulent traffic often flies under the radar, racking up jaw-dropping bills before it’s caught.

Hackers have a bag of tricks for this one. Typical moves include:

  • Exploiting misconfigured VoIP gateways or shaky SIP servers

  • Hijacking PBX systems (often using weak or default passwords 🤦)

  • Firing off business email compromise (BEC) scams to fool employees into setting up call forwarding

  • Taking advantage of weekends or holidays when no one’s watching

    • Once they break in, it’s time for automated call campaigns to skyrocket those bills.

Good news—there are steps you can take to block these sneaky attacks. Start with these strategies:

  • Set up strong passwords and airtight access controls for voice systems

  • Disable international or high-cost calling if you don’t need it

  • Use call rate limiting and fraud detection rules to flag weird activity

  • Make regular call log audits part of your routine

  • Deploy VoIP-aware firewalls and intrusion detection tools

    • Think of it like a digital bouncer for your phone systems.

Brace yourself—IRSF breaches can cost tens or even hundreds of thousands of dollars in unauthorized charges. Worse, these attacks usually hit during off-hours, so they can quietly bleed money until you catch them. Beyond the direct financial loss, there’s the headache of:

  • Service interruptions

  • Damaged vendor relationships

  • Potential fines for failing to manage telecom risks

    • Long story short? It’s a pricey mess.

Yep, but you’ll need the right tools for the job. Advanced telecom fraud management systems (FMS) and AI-driven anomaly detection platforms are up to the task. These tools monitor:

  • Call patterns

  • Traffic volume spikes

  • Unusual destinations

    • All in real time to flag suspicious behavior. Bonus points if you integrate this data into your SIEM platform for even sharper detection.

While both IRSF and toll fraud involve sketchy calling activity, they’re not twins.

  • Toll fraud is often about scammers using stolen credentials to make free long-distance or premium calls for personal reasons.

  • IRSF is way more organized and monetized. It’s a business model for fraudsters, complete with revenue-sharing from international call traffic. Think criminal partnerships or even telecom insiders pulling strings.

    • IRSF takes the scam game to a whole new level.

Glitch effectBlurry glitch effect
Glitch effect

Additional Resources

  • Read more about What Is Pretexting in Cybersecurity and How to Prevent It
    What Is Pretexting in Cybersecurity and How to Prevent It
    What Is Pretexting in Cybersecurity and How to Prevent It
    Learn what pretexting is in cybersecurity, common examples, and prevention tactics. Protect your organization from social engineering threats today.
  • Read more about What Are Common Cash App Scams? Spot & Prevent Fraud
    What Are Common Cash App Scams? Spot & Prevent Fraud
    What Are Common Cash App Scams? Spot & Prevent Fraud
    Learn about common Cash App scams like phishing, fake support, and “cash flips." Protect yourself with tips to spot and report fraud.
  • Read more about What Is a Scam Likely Call and How to Stop Them
    What Is a Scam Likely Call and How to Stop Them
    What Is a Scam Likely Call and How to Stop Them
    Learn what scam likely calls are, how to identify them, and ways to prevent potential scams. Take these steps to protect yourself and your data today.
  • Read more about Anti Fraud System Defined | Benefits | How Anti Fraud Systems Work
    Anti Fraud System Defined | Benefits | How Anti Fraud Systems Work
    Anti Fraud System Defined | Benefits | How Anti Fraud Systems Work
    Learn how anti-fraud systems use AI and machine learning to detect financial crimes and protect businesses from fraudulent activities in real-time.
  • Read more about What is a Sip Proxy? Gateway to Secure Business Communications
    What is a Sip Proxy? Gateway to Secure Business Communications
    What is a Sip Proxy? Gateway to Secure Business Communications
    Learn what SIP proxy servers do, how they protect your communications, and why they're essential for VoIP security in this complete cybersecurity guide.
  • Read more about What is Bluesnarfing and How to Prevent It
    What is Bluesnarfing and How to Prevent It
    What is Bluesnarfing and How to Prevent It
    Learn what bluesnarfing is, how it works, and easy ways to protect your Bluetooth-connected devices. Stay safe from unauthorized data theft!
  • Read more about What is a sip gateway?
    What is a sip gateway?
    What is a sip gateway?
    Learn about SIP Gateways in cybersecurity. Find out how they connect traditional telephony systems with modern VoIP networks and improve communication security.
  • Read more about What is carding?
    What is carding?
    What is carding?
    Understand carding attacks in cybersecurity. Learn how fraudsters test stolen credit cards online and how to safeguard against this form of payment fraud.
  • Read more about What Is PPC Security? How to Protect Your Ad Spend from Click Fraud
    What Is PPC Security? How to Protect Your Ad Spend from Click Fraud
    What Is PPC Security? How to Protect Your Ad Spend from Click Fraud
    PPC Security protects your ad campaigns from click fraud, bots, and fake traffic. Learn how real-time monitoring and expert analysis stop wasted spend and improve ROI.
Glitch effectGlitch effect

Protect What Matters

Secure endpoints, email, and employees with the power of our 24/7 SOC. Try Huntress for free and deploy in minutes to start fighting threats.
Try Huntress for Free
Huntress Managed Security PlatformManaged EDRManaged EDR for macOSManaged EDR for LinuxManaged ITDRManaged SIEMManaged Security Awareness TrainingManaged ISPMManaged ESPMBook a Demo
PhishingComplianceBusiness Email CompromiseEducationFinanceHealthcareManufacturingState & Local Government
Managed Service ProvidersResellersIT & Security Teams24/7 SOCCase Studies
BlogResource CenterCybersecurity 101Upcoming EventsSupport Documentation
Our CompanyLeadershipNews & PressCareersContact Us
Huntress white logo

Protecting 250k+ customers like you with enterprise-grade protection.

Privacy PolicyCookie PolicyTerms of UseCookie Consent
Linkedin iconTwitter X iconYouTube iconInstagram icon
© 2025 Huntress All Rights Reserved.

Join the Hunt

Get insider access to Huntress tradecraft, killer events, and the freshest blog updates.

By submitting this form, you accept our Terms of Service & Privacy Policy