Blog

Ireland’s Call, Careful Now! Wangiri Scam Calls to Ireland

There has been a surge of reports recently in Ireland about missed calls being received by Irish mobile phone users, who then ring back these numbers generating the missed calls and are then charged large amounts of money. What is happening here is a form of mobile fraud called Wangiri, and the goal here is to social engineer/trick people into ringing back these numbers, causing their account to be deducted several euros at a time.

Wangiri

Wangiri is a Japanese word that literally means ‘one ring and cut’. Initially used to describe a form of communication using number of ring-tones, it now means specifically this kind of fraud. As could be guessed from the name, a fraud type based on this seems to have been first used and reported in the early 2000’s (2002) in Japan. How the scam works is as follows:

  1. the fraudsters will initiate thousands of calls, often to random target numbers.The number that is displayed as being the dialling (originating) number is normally a foreign phone number, which is unknown to the owner of the target number
  2. The fraudster will cease (cut) the call immediately after it rings If a recipient is fast enough to answer the call in this initial ring period they will hear silence or sometimes a meaningless pre-recorded message like “You are on hold for the finance department”
  3. For a certain percentage of people, due to curiosity or habit, will see this missed call and dial it back, at this point they will be charged money for making this call (and staying on it) and the fraudsters will receive a % of this money.This percentage of people that rings back is called the callback rate, and fraudsters will try to maximise this as much as possible

The originating number that will appear in the missed call is normally a number in a foreign country, and crucially, this is a Premium Rate Number (PRN) or some other high-cost number. A PRN is a number billed at a different rate to ordinary numbers, normally much higher, and this money comes directly from the victim who makes the call back to it.

Missed call log linked to Wangiri spammers

Example volume of received Wangiri calls by Irish Mobile Subscriber

In these cases, the fraudsters have obtained (through legal or illegal means) ranges of Premium Rate Numbers in countries around the world, ensuring that they get a percentage cut of the money that accrues to these numbers when people dial them. One technical fact most don’t realise is that the calling number displayed – the Premium rate number – doesn’t actually mean that the phone ringing you is in that country. i.e. even though the number you receive says it is in Liberia (+231), this does not mean that a phone in Liberia is ringing you. In most cases the Fraudster will have connected to systems that allows them to dial remotely and set these PRN numbers as the dialling party. This allows the fraudster to cycle through different Premium Rate Number ‘ranges’ over time, and can make blocking after the fact quite difficult.

Camscéim Aisghlaoch

There have already been a few incidents of Wangiri calls in Ireland in 2017, however, this latest attack over the last few days seems to have been of particularly high volumes. Basing it on our own experiences (AdaptiveMobile Ireland personal) up to 30% of Irish numbers could potentially have been affected. If this is repeated throughout the country it would be an enormous volume of call requests, and initial news reports do indicate that it was indeed at an unprecedented scale.

More typical, is that the calls seem to be using a range of numbers from several different countries. In Ireland, over the last few days, Wangiri calls with numbers from the following countries have been reported:

  • (+43) Austria
  • (+212) Morocco
  • (+216) Tunisia
  • (+231) Liberia
  • (+235) Chad
  • (+247) Ascension Island
  • (+252) Somalia
  • (+269) Comoros

Map of the sources of Premium Rate Numbers targeted by Wangiri spam callers

Map of Origin of Callback Numbers used in Recent Wangiri Attacks

And there is highly likely to be others. The recent attack ins the last week are not an isolated attack however, in the past few weeks PRNs from several other countries including:

  • (+678) Vanuatu
  • (+381) Serbia
  • (+676) Tonga
  • (+222) Mauritania
  • (+248) Seychelles
  • (+674) Nauru

had been reported in an earlier ‘wave’. This use of multiple country ranges over time is to be expected. As explained earlier, it’s not that the Wangiri calls are actually coming from these countries, but that ranges from these countries are being used. Fraudsters performing Wangiri attacks will normally have many PRN ranges they can swap and cycle through to execute the attack, and the attacks will continue for as long as the Fraudsters believe they can make money.

On that point, it’s too early to judge the success rate for these attacks. But within the telecom fraud industry, call back rates for Wangiri can potentially be surprisingly high – an ‘effective’ attack can be up to between 10 to 15%. Even assuming a lower call back rate of 1% – based on the potential volume – the impact to Irish mobile phone user of tens of thousands of calls each being charged several euro over the course of a few days can quickly add up over time.

Missed Call Scam

As stated earlier, it’s likely, that even if incoming Wangiri calls using these numbers are blocked in the future, that more attacks will continue with new PRN ranges from additional countries. In the long-run the best defences would be for the mobile operators affected to invest in systems that identify the attacks pro-actively as they happen, and block before they can affect Irish mobile phone users

For now, the best advice would be to:

  1. Do not answer calls that you don’t recognise from abroad
  2. If you do ring back, hang up as soon as possible – even if you still hear a ‘ringing tone’. In many cases the fraudsters will play a recording of a ringing tone and you may think the call has not connected, but you will be charged the longer you stay on
  3. Report this call, and the sender of it, to your operator, so they can try to prevent the source range
    1. As additional counter-measure if you are getting really hassled with incoming calls would be to block numbers or number ranges on your handset. However, for this you may always be playing ‘catch-up’ as the fraudster use new numbers and ranges.

Ireland certainly isn’t alone in being targeted by these scam calls, Wangiri is a common phenomenon and there are many examples of equivalent attacks in other countries now and in the past. Sometimes the fraudsters make unique modifications that are performed to improve the call back rate but in general the pattern is quite similar since those first attacks in Japan 15 years ago. In the short-term Irish mobile phone users will have to stay vigilant, and if in doubt when receiving a call, don’t answer.

You may also be interested in reading our post on iCloud attacks.

Related insights

Commsrisk logo

Enea CTO Cathal Mc Daid Recognized by Commsrisk for Threat Intelligence Research

Read more

Tags: Cybersecurity

Enea Kaleido Champion Signaling Security Vendor

Enea Recognized as a Champion Vendor by Kaleido for Our Comprehensive Signaling Security. 

Read more

Watch Webinar: Boosting A2P SMS Revenues – Using AI to Uncover Hidden Gems

Read more

Tags: A2P Messaging, A2P Revenues

Woman looking at her phone on public transport

Apple Announces Support for RCS. What Happens Next?

Read more

Tags: RCS

Forbes logo

Enea’s Research on The Mobile Network Battlefield Featured in Forbes Magazine

Read more

Tags: Mobile Security