Toll fraud block list

macjacfish · July 31, 2022, 5:31am

I periodically will get an extension hacked and the fraudsters will try and make outbound calls to certain numbers which allow them to collect money from the connection time. I have created a trunk called “Blocked” and I create an outbound route with dial matching definitions that when there is a match, the call can’t complete because the “Blocked” trunk isn’t connected to anything…so the call fails. I also use the notification section to email and text me when an attempt is made. This is only one of the security things I employ, but it helps a lot from time to time. This week and new number, 16057251933 came up and I added the 605 Area Code to the list.

I’m adding the import file in case some of you may want to use it.

macjacfish · July 31, 2022, 5:37am

prepend	prefix	match pattern	callerid
		7165212543
		17165212543
		1242xxxxxxx
		1246xxxxxxx
		1264xxxxxxx
		1268xxxxxxx
		1284xxxxxxx
		133222623XX
		13322262XXX
		1345xxxxxxx
		1441xxxxxxx
		1473xxxxxxx
		151668523XX
		151668524XX
		151668525XX
		151668526XX
		151668528XX
		151821628XX
		15182162XXX
		15189052XXX
		156161833XX
		1605XXXXXXX
		1641793XXXX
		1649xxxxxxx
		1664NXXXXXX
		1664xxxxxxx
		1680237XXXX
		1701717XXXX
		1715689XXXX
		17165212XXX
		1721xxxxxxx
		1758xxxxxxx
		1767xxxxxxx
		1784xxxxxxx
		1809xxxxxxx
		1829xxxxxxx
		1838210XXXX
		1849xxxxxxx
		1868xxxxxxx
		1869xxxxxxx
		1876xxxxxxx
		1900xxxxxxx
		1900xxxxxxx
		19295182XXX
		1976xxxxxxx
		242xxxxxxx
		246xxxxxxx
		264xxxxxxx
		268xxxxxxx
		284xxxxxxx
		33222623XX
		3322262XXX
		345xxxxxxx
		441xxxxxxx
		473xxxxxxx
		51668523XX
		51668524XX
		51668525XX
		51668526XX
		51668528XX
		51821628XX
		5182162XXX
		5189052XXX
		56161833XX
		605XXXXXXX
		641793XXXX
		649xxxxxxx
		664NXXXXXX
		664xxxxxxx
		680237XXXX
		701717XXXX
		715689XXXX
		7165212XXX
		721xxxxxxx
		758xxxxxxx
		767xxxxxxx
		784xxxxxxx
		809xxxxxxx
		829xxxxxxx
		838210XXXX
		849xxxxxxx
		868xxxxxxx
		869xxxxxxx
		876xxxxxxx
		92951824XX
		9295182XXX
		976xxxxxxx
		1929518XXXX
		929518XXXX
		1929537XXXX
		929537XXXX

cdsJerryw · August 1, 2022, 7:18pm

So that means you can never call someone in South Dakota right?

macjacfish · August 2, 2022, 3:09am

That’s right, while we assess what is out there in Premium Rate Service numbers in that Area Code. Luckily this weeks breach was caught quickly and we only lost about $80. But with 40ish platforms a hack can get costly. I’ve had that day when we lost $7K in 15 minutes.

dicko · August 2, 2022, 4:00am

Have you ever considered not accepting INVITES sent to UDP/5060 ?

BlazeStudios · August 2, 2022, 12:07pm

The real question here is, have you considered tightening the security on the systems? Because either the passwords are too easy to hack and simple generators are finding them or the system(s) itself is compromised in someway and that is how they are getting credentials. Which, by the way, wouldn’t matter about the port since they would already know by having access to things.

There is a big difference between “I was listening on 5060 and they used a dictionary attack on me” vs “I was listing on 9050 and they hacked my server and have passwords”. That would leave the follow up of, how are these 40+ boxes being secured and setup? What is being left open to the public on them that isn’t being protected that they could get in through? Have the boxes themselves been compromised?

So your customers pay you to be their provider? They pay you directly for their usage? If so, you do not have the luxury of blocking US destination within the 48 states. It’s illegal. You are not allowed to block destinations because they might cost you (the provider) more than you’d like. Your customers not being able to call a destination because it’s too much for you doesn’t matter. You eat the costs and that’s that.

system · September 2, 2022, 12:08pm

This topic was automatically closed 31 days after the last reply. New replies are no longer allowed.