Roskomnadzor plans to create a technology for blocking substitution numbers. The Federal State Unitary Enterprise “Main Radio Frequency Center” (GRC) subordinate to him ordered a study of a technology that will make it impossible to change numbers on the networks of telecom operators. Works worth 8.2 million rubles will be carried out under the code “Identification”. Izvestia investigated how acute the problem of replacement numbers is in Russia and why Roskomnadzor decided to take it on.
Lock technology
In Russia, they plan to create a technology for blocking substitution numbers. The Federal State Unitary Enterprise “Main Radio Frequency Center” (GRCHTS), subordinated to Roskomnadzor, ordered a study of a technology that will make it impossible to replace numbers on the networks of telecom operators.
Contract worth 8.2 million rubles was concluded at the end of December, the tender was played behind closed doors, therefore technical documentation and data about the winner are unknown. The work is carried out under the code “Identification”.
In GRCHTS explained, what the study is necessary to determine the principles of interaction between telecom operators: when making a call, they must “exchange a valid subscriber number, excluding the possibility of its substitution.”
In the same time The operators themselves assure that they have been using their own methods of blocking suspicious calls for a long time. So, in MegaFon, Izvestia was told that about 500 thousand such connections are prevented daily.
“Today, there is a technical solution that allows operators to check and block calls with number spoofing. The main principle of the service is that it must be installed both in the network of the operator receiving calls and in the network of the operator initiating the call, – said Sergey Khrenov, director of fraud and income loss prevention at MegaFon, noting that such technologies used by other major operators.
According to the Ministry of the Interior, in 2021, phone scammers stole over 45 billion rubles from Russians. In just six months (from January to July), criminal cases were initiated on the fact of about 126.7 thousand fraudulent calls. The perpetrators posed as bank or police officers and persuaded people to transfer money to supposedly secure accounts, and then kidnapped them.
In December 2021, Vladimir Putin signed a law imposing fines of up to 1 million rubles. for telecom operators for failure to fulfill the obligation to block replacement numbers.
How do replacement numbers work?
As Yevgeny Tsarev tells Izvestia, Basically, scammers use fake numbers through digital telephony, posing as employees of financial organizations and law enforcement agencies. Less often – by forging the numbers of people close to potential victims.
“Digital telephony can be used both as a smartphone application and as a desktop application, or even using special SIP equipment,” says the Izvestia interlocutor.
As the expert points out, most often scammers used fake numbers in 2019–2020. Since then, the spoofing rate (in relation to the total number of fraudulent calls) has been no more than 20%. This is mainly due to the high cost of the technology – and deception schemes do not always significantly benefit from its use.
– Basically, scammers use replacement numbers in combination with other social engineering techniques. For example, first they send the victim a fake letter on behalf of a bank or law enforcement agency with a contact number,” says Yevgeny Tsarev.
After that, scammers call from the same number “for reliability” or send SMS with a contact number. This works when you need to “amplify the effect” produced on a potential victim through several tools.
According to Evgeny Sukhanov, director of the information security department at Oberon, three to five years ago, fake numbers were used by scammers pointwise and in a “manual” mode. The attackers did not have the technology and infrastructure to deploy a full-fledged call center, which allows them to reach a large audience of potential victims.
Today, the situation has changed dramatically – most fraud attacks are carried out in an automated mode. Attackers began to use automated call centers in their schemes.
“When a robot leads a person to transfer payment card data and other personal data, the process includes an “operator” who, posing as a bank employee, completes the fraud scheme,” explains Evgeny Sukhanov.
old tricks
Experts interviewed by Izvestia note that the idea of linking someone else’s phone number to a subscriber is not new: they began to fight this phenomenon back in the era of landline communications. The greatest resonance according to Evgeny Tsarev, caused numerous thefts that took place two or three years ago and related to the substitution of numbers of large banks.
According to the expert, Technically, cellular operators do not have the tools to combat spoof numbers: a whole range of measures, including regulatory ones, is needed.
Yevgeny Sukhanov agrees with this: according to him, from a technical point of view, individual financial institutions also do not have the ability to influence the situation with replacement numbers.
“The only effective weapon in the fight against fraudsters at financial institutions would be a program to raise awareness of citizens in the field of information security and counter fraud,” Sukhanov notes.
According to Tsarev, there is no hidden meaning in the fact that Roskomnadzor (RKN) has taken care of the problem of replacement numbers only now: the department is only reacting to the situation, and nothing more.
— It should be mentioned that the telephone number regulation projects are a logical continuation of the laws on the landing of international IT companies or the already existing Yarovaya Law. That is, if there is a need and opportunity, the RKN operates, – says Evgeny Tsarev.
In turn, Sukhanov considers the reason why the ILV turned on the regulatory mechanisms is that the problem with replacement numbers in Russia “acquired a national scale.”
Meanwhile, according to lawyer Venera Shaydullina, number spoofing technology is used not only for criminal purposes: it is taken by companies during promotions to determine the sites from which new customers come. Number spoofing is also used in the settings of online classifieds services to maintain the confidentiality of sellers’ personal numbers.
— In 2021, about 70% of all calls to mobile phones from unknown numbers were spam, but citizens began to receive such calls more often, as they actively use delivery services, the lawyer notes.
Looking for a solution
As Venera Shaidullina says, today in Russia there is no law that prohibits the use of spoof phone numbers. On March 20, 2021, amendments to 126-FZ “On Communications”, the Penal Code of the Russian Federation, 103-FZ came into force, allowing to block telephone numbers that are used in colonies and pre-trial detention centers.
A On December 1, 2021, amendments to Federal Law 126 “On Communications” came into force, which oblige mobile operators to block calls and SMS messages from abroad using spoof Russian numbers.
“From May 1, 2022, when establishing a connection, operators will have to transfer numbers and unique subscriber codes to each other unchanged,” says Shaydullina.
However, work in terms of control over replacement numbers is not only Russian, but also world practice. So, at the beginning of 2020, a law came into force in the United States that expands the powers of the Federal Communications Commission in matters related to the collection of fines from the organizers of illegal calls.
— In the first three months of the law, the Department of Justice filed charges against 400 people who extorted money from the elderly population. This is twice as much as in the whole of 2019,” says Shaidullina.
According to the expert, the solution to the problem of telephone fraud may lie in international cooperation on the example of the general fight against terrorism. Through such cooperation, banking operations will become transparent and the traceability of international transactions will increase.
“Until Russia integrates into the global single base/platform, where there are resources to fight fraudsters, the situation may not change,” the lawyer warns.
In turn, Yevgeny Tsarev believes that only one scheme works against scammers – everything is prohibited, except for what is allowed: according to the principle of the Internet in North Korea.
– Here is a scheme that will tie the hands of fraudsters with a probability close to 100%. But is society ready to pay that price? the expert asks.
How to spot a scammer
According to lawyer Oleg Matyunin, Distinguishing a fraudster from a real specialist is better for those who are constantly interested in new ways of deception, observant and well acquainted with the area with which the attacker is trying to associate himself.
And if a criminal tries to impersonate, for example, an employee of the financial security service of a bank, such a person is already fully armed, since he has well studied the procedure for working with clients in banks. He will be able to distinguish the permitted actions of the caller from the unlawful, no matter how confident the voice sounds on the phone.
– If you are not familiar with these areas at all, then the crooks are much more likely to confuse your head. It’s enough for them to talk smoothly and keep you in fear,” says the lawyer.
Therefore, the interlocutor of Izvestia notes, it is very important to be able to extract dry information from the message, clearing it of psychological props – for example, the background sounds of a call center. Fraudsters always imitate someone or something, playing with the emotions of the victim.
– In fact, they are too “narrow specialists”, acting according to the instructions. A few control questions on your part will confuse them and save your money, Matyunin notes.
In turn, the manager of the RTM Group and an expert in the field of cybersecurity and law in IT, Evgeny Tsarev, cites several signs by which you can recognize a fraudster who is “armed” with a substitution number.
– When the caller asks you to do something urgent – call the number, confirm, transfer as soon as possible – you can be sure that this is a criminal and immediately end the conversation, says the expert.
In addition, you should be alerted if the caller asks for personal information. The fact is that along with the phone number, attackers often receive (buy databases on the dark web or use other channels) data such as the series and number of the passport, card number, and so on.
– In a conversation with a potential victim, scammers give this data, hoping to inspire more confidence. Do not believe: most likely, they want to deceive you, Tsarev warns.
#Dangerous #calls #Russia #create #system #blocking #substitution #numbers