Why is it difficult to defeat telephone scammers?

Despite years of struggle by Russian authorities, companies and banks against telephone fraud, its scale is only growing. As a result, officials, security forces and businessmen have to come up with ever new measures. Thus, in 2024, we are talking about tightening the turnover of SIM cards and verifying subscribers with the participation of the Ministry of Internal Affairs, and control over the transfer of bank cards to third parties is being discussed. But the effectiveness of these steps raises questions among experts: they emphasize that it is not yet possible to influence the root causes, and fraud technologies are developing rapidly.

In 2024, the authorities are planning measures to strengthen the fight against telephone fraud. Thus, the Ministry of Digital Development, Roskomnadzor and market participants are preparing amendments to the Law “On Communications”, which should tighten the process of selling SIM cards in Russia. In particular, Roskomnadzor clarified to Kommersant, it is planned to establish a new deadline for identifying subscribers. The process currently takes up to 48 days, while regulations can reduce it to one day. Attackers buy SIM cards using dummies or without information about the owner at all, Roskomnadzor clarifies, and for 48 days they can make calls and remain anonymous: “Most often, SIM cards from large operators are distributed illegally.” The Ministry of Digital Development does not comment on the initiative.

At the end of 2023, officials also discussed connecting the Ministry of Internal Affairs to the verification of subscribers. If measures are taken, it will be possible to activate the SIM card only after checking the user’s passport data by security forces (see “Kommersant” dated November 23, 2023).

Strengthening regulation can be justified by the aggravation of the problem: according to a Central Bank report, in 2023, the volume of funds stolen from citizens by fraudsters amounted to 15.8 billion rubles, and the number of illegal transactions increased by 33%. The Central Bank does not differentiate fraud by type in its statistics, but Kommersant clarified that “the telephone remains the main tool of criminals.” In 2023, the Central Bank initiated blocking of 575.6 thousand numbers. In January, 19% of users encountered fraudulent calls, which is 5 percentage points more year-on-year, Kaspersky Lab said. According to the Ministry of Internal Affairs, crimes in the field of information and communication technologies (ICT) currently account for a third of all offenses in the country.

Mutual verification system

The state intensified the fight against fraud back in 2022: after the outbreak of hostilities in Ukraine, the total number of cybercrimes increased sharply. Taking into account the increase in the number and scale of data leaks, a Kommersant source on the market explains, “the level of recognition of citizens online, including their place of work and field of activity,” has increased. As a result, “attackers can conduct more targeted attacks.” Kommersant’s interlocutor adds that in the current situation, the goal of scammers is not only money, but also “manipulation and pressure” on citizens.

In mid-2022, the Prosecutor General’s Office and the FSB intensified checks of operators to check for calls from spoofed numbers, which are often used by scammers, and for traffic from abroad (see Kommersant, September 5, 2022). By the beginning of 2023, Roskomnadzor launched the Antifraud telephone call verification platform. According to the regulator, thanks to the system, the share of calls from spoofed numbers from the total number of verified calls (12.2 billion) does not exceed 1%. At the beginning of March, Roskomnadzor reported to Vedomosti, 904 out of 1,183 operators were connected to the system.

Market participants consider Antifraud to be their merit. “The construction of a mutual verification system began back in 2019,” MegaFon explains. “In 2022, the Big Four were already checking their traffic and blocking calls with numbers spoofed for each other.” It was this system, they say in the company, that became the technical basis for Antifraud.

“The operators have combined anti-fraud systems and implemented an algorithm for blocking fraudulent calls,” explained VimpelCom. “The principle is this: if operator B receives an incoming call with a Russian number, he sends a request to the system,” MegaFon clarified. “Operator A connected to it checks whether this call was initiated from his network, and if the call is not confirmed, then operator B must block it.”

But for a “global solution” to the problem, VimpelCom explained, it was necessary to organize verification of the incoming number between all market participants – and this is how Antifraud came into being. The advantage of the system is in the architecture, Tele2 believes: it allows a large number of operators to connect simultaneously. But, the company admits, the system can effectively solve the problem of number spoofing only when 100% of operators are connected, and before that, fraudulent traffic will continue to pass through. The priority should be to connect mobile numbering owners to the system, since spoofed traffic comes from abroad, MegaFon adds. The operators’ investments in the platform are not disclosed; the state, one of Kommersant’s sources clarified, spent about 4 billion rubles on Antifraud.

Non-system bypass

Meanwhile, protection against number substitution does not always save you from scammers. Since 2024, market participants say, attackers have become increasingly active in using the real numbers of large operators (see Kommersant on February 15). The latter believe that the change in strategy is connected precisely with the successes of Antifraud. As the Ministry of Internal Affairs explained to Kommersant, “the unregulated circulation of SIM cards has led to the emergence in Russia of individuals and organizations providing remote rental services for subscriber numbers,” which is also used by criminals.

According to TelecomDaily, at the beginning of 2024 there were about 6.5–7 million “active gray SIM cards” in the Russian Federation. According to the company’s general director Denis Kuskov, they are “distributed by wholesalers in large quantities, bypassing the official showrooms of operators” (see flash interview). Kommersant’s interlocutors at the market talk about the sale of batches of SIM cards through the darknet and Telegram: “In the messenger you can buy large batches of SIM cards, including foreign ones, for example, from Lithuania or Kazakhstan.”

“Kommersant” found offers on Telegram for the purchase of different batches: from 10 pcs. for 2.5 thousand rubles. with shipping via Russian postal services, from 1 thousand pieces. 60 rub./pcs. with sending, including illegal methods (through caches and bookmarks). There are offers for SIM cards that are already registered to an individual, but have lost their link to the subscriber (under the terms of the contract, the operator will cancel the link of the number to the person’s data if the number is not used for more than three months).

You are called online

Meanwhile, operators clarify, fraudulent calls via cellular communications are already being replaced by calls via the Internet. According to VimpelCom statistics, in 2024, about 68% of fraudulent calls occur through instant messengers. For example, numbers with codes 900 and 1000 are used when calling on Viber and mobile numbering of Russian operators on WhatsApp. These data are confirmed by Informzashita: they note a threefold increase in the activity of scammers in instant messengers in 2023.

Another 22% of attacks occur using products of large operators, for example, through cloud-based PBXs (automatic telephone exchanges), applications for calls over the Internet (IP telephony – communication using the Internet protocol, in which telephone numbers are replaced with IP addresses) and SIM -cards (cellular communications), VimpelCom clarifies: “The number was replaced only in 10% of cases.”

Kommersant’s interlocutors in the cybersecurity market note that attackers use different Internet protocols, DEF numbers (a virtual number that does not have a geographical reference) and IP telephony. Executive Director of Vox Link LLC Vitaly Shelest emphasizes that IP telephony is also used for legal communications – the market volume in 2023 grew by 18%, to 70.4 billion rubles. Another way to bypass blocking on communication networks used by scammers is SIP, a type of communication similar to IP telephony that uses the Session Initiation Protocol.

“IP and SIP telephony are controlled by telecom operators, but to combat calls through instant messengers, the use of anti-fraud systems of companies is impossible, which also allows fraudsters to make calls,” says Igor Dusha, director of the Nota Kupol product portfolio. The head of the investigation department at T.Hunter, Igor Bederov, estimates the share of fraudulent traffic from the total volume of calls via Internet protocols at 6–7% (see interview).

“Attackers are forced to constantly improve their tools,” says Alexey Novikov, managing partner of the Criminal Defense Firm. “Including methods for withdrawing the victim’s funds.” The Ministry of Internal Affairs confirms that “one of the most pressing problems has become the use of remote methods of receiving money.” For example, bank cards of individuals are actively used, who provide them voluntarily for a fee, the Ministry of Internal Affairs clarifies: “Because of this, there has been a need to regulate the illegal transfer of bank cards to third parties.”

Intelligence vs. Intelligence

But even as tools for combating fraudsters develop, they still have a strong ally in artificial intelligence (AI). One of the effective methods of fraud has already become voice falsification, notes FAC.C.T. specialist. on combating financial fraud Dmitry Dudkov: “In recent months, we have counted at least three schemes using audio deepfakes, namely audio messages generated using AI. For example, a request from a relative to borrow money.” The threat to business is growing as fraudsters fake the voices of executives as part of the FakeBoss scheme.

Also, FAS.S.T. notes, “a huge shadow business has emerged selling pre-recorded voice messages, often female voices,” which can be taken from phishing dating sites or hacked messenger accounts. FACCT is confident that “serious criminal groups will increasingly use AI, which will significantly increase the risks for subscribers.” Angara Security considers it important to formulate methods and methods for recognizing fake materials and resolve the issue at the legislative level.

Meanwhile, experts emphasize that telephone fraud requires fighting not only at the technology level. “The most effective thing for the state is to set up the work of the investigation,” says RTM Group manager Evgeniy Tsarev. For example, he explains, this could be the operational consolidation of cases, the creation of specialization for investigators: “We need high-quality operational investigative activities.”

Tatiana Isakova, Alexey Zhabin