Throughout the past year, we observed an increase in the availability of malicious (DIY) tools and services that were once exclusively targeting sophisticated cybercriminals, often operating within invite-only cybercrime-friendly Web communities. This development is a clear indication that the business models behind these tools and services cannot scale, and in order to ensure a sustainable revenue stream, the cybercriminals behind them need to change their tactics – which is exactly what we’re seeing them do.
By starting to advertise these very same malicious (DIY) tools and services on publicly accessible forums, they’re proving that they’re willing to sacrifice a certain degree of OPSEC (Operational Security) for the sake of growing their business model and attracting new customers. Just like the managed SMS flooding as a service concept, which we previously profiled and discussed, there’s yet another tactic in use by cybercriminals who want to assist fellow cybercriminals in their fraudulent “cash-out schemes’ – and it’s called ‘phone ring flooding as a service’.
In this post, I’ll profile a popular, publicly advertised service, which according to its Web site, has been in operation for 3 years and has had over a thousand customers.
More details:
Sample screenshot of the logo of the ‘phone ring flooding’ service:
Sample screenshot of the Web site of the ‘phone ring flooding’ service:
Description of the underground service:
Why is it necessary to use the services of the service?
1) You can order a test flood for 5 minutes for free
2) We guarantee that the phone will be unavailable during the time you paid for
3) We have a flexible system of discounts and installment payment available
4) Calls are made with a lot of numbers that start with different numbers. Because of this unrealistic add all the numbers in the black list by specifying a range!
5) If you order more than one number to flood you get to the next number 25% discount
6) Even if the numbers will be added to a blacklist. Phone of the victim will still be busy.
7) The first 10 customers ordering a flood of 1 week 15% discount
The cost of services performed under the price-list:
From 1 hour to 1 day – 3 USD per hour 1 number
From 1 day to 1 week – 40 USD per night 1 number
From 1 week to 2 weeks – 30 USD per night 1 number
From 2 weeks to 1 month – 25 USD per night 1 number
1 month – the price is negotiated individually
Often pitched as a service for “taking care of your competitor’s phone lines”, just like the managed SMS flooding service, it has a much more dangerous and pragmatic applicability in the world of cybercrime, namely DoS-ing (Denial of Service) the phone of a bank’s/payment service’s customer in an attempt to prevent their financial institution of choice from reaching them regarding a suspicious real-time withdrawal/transaction that took place.
Not surprisingly, these services often work in combination with ‘social engineering on demand’ also known as “fraud assistants as a service” type of underground market propositions, consisting of trained staff of fraud assistants speaking multiple languages, allowing a cybercriminal to choose whether they want to “rent” a male or a female voice in order to socially engineer a user/their bank or payment processing service.
We’ll continue monitoring the development of these services, and post updates as soon as new developments emerge.
You can find more about Dancho Danchev at his LinkedIn Profile. You can also follow him on Twitter.
I was just a victim of this type of attack. I advertise phone dating chatlines on my website, The Chatline Guide. I have an arrengement with some of the chatline providers where they let me see the call stats. For the past week, there was an increase of 60% in phone calls under 30 seconds. All the numbers were unique, so we couldn’t block them. Is there a way to know if a call comes from a real phone vs a faked caller id using a flooding system?
These type of attacks/operations are very nefarious and tricky to catch with how they spoof valid phone numbers. As far as I am aware, there is no easy way to tell if it is from a real phone # vs. a spoofed one. There are definitely steps you can take to help educate yourself to ensure you are never taken advantage of by one of these attempts:
http://www.tripwire.com/state-of-security/security-awareness/how-to-protect-yourself-from-caller-id-spoofing/
I have been flooded with telemarketing calls for the last.three days. I only have a land based phone. I am 83 years old and have to use a walker to get around. I need the phone to keep in touch with my large family so I have to hurry to see if it is marketing or family. calling. I have had to go to the phone 45 times in three days. I don’t know what can be done about this. I just hang up on these calls.
Mary, I sincerely apologize for the inconvenience these pestering callers have caused you.
I suggest contacting your Telephone Provider directly and asking them what options they have for blocking phone numbers.
They should be able to further help you out with this. I hope that you are able to resolve this soon so that you can rest easy.
Warm Regards,
Josh P.
Social Media Coordinator
I’ve been pestered by an abusive emailer, I would like to get even with is business because of his constant and abusive tactics. Can you please tell me what would be the minimum (I would probably want 1 week or at least a few days of service because I’m sure he will change his number once this starts.
The Company is
US Business Funding
Eric Johnson
949-390-5411
Email: ejohnson@usbfund.com
Thank you for any assistance you can provide.
Jonathan
Jonathan, please view these pages for additional information on reporting spam and other abuse.
https://www.abuse.net/users.phtml
https://www.consumer.ftc.gov/articles/0038-spam
Warm Regards,
Josh P.
Digital Care Coordinator