On Thu, 21 Nov 2013, Vijay Balasubramaniyan wrote:

The report is split into 2 sections: A) What we are seeing at call centers B) What individual consumers are seeing.

The 2.4 million comments are with respect to B) not A). So this is not with respect to a call center. At FI call centers we are seeing 1 in 2500 calls being an attempt to take over an account (ATO). So if you get 1 million calls a month you are likely to see 400 attempts at ATO. Our last report was purely consumer focussed and in this report we are showing what we believe are both sides of the coin. Please let me know if this clarifies your concerns and appreciate your feedback. Let me know if you have any follow up questions.

This is also a great way to finally send a mail on this group which I have been following for all the information it provides.

So it is just as I expected. I will give you an example. We have all seen/read/experience 'ye phantom call' that Sandro Gauci clarified last week. I have a client with a couple of trunks, Audiocodes gateway thing-a-ma-bob. She calls us up telling us she is receiving hundreds of calls a day. With this data, how accurate would it be if I averaged her calls, multiplied the number ghost calls, then reported: "Man, I am seeing 10,000,000 fraud attempts per month!" The realities behind those numebrs aren't real. They're scaled sideways. I do this (scaling sideways) when I want new equipment all the time. Me: "Man, the amount of attacks has quadrupled. Take a look at my Splunk parsing. Call leg in, call leg out that's 2 calls! (when its really 1). We need the latest and gr8est in Juniperism Equipment otherwise we are doomed!" Manager: "Wow we are getting attacked aren't we!" Scans - I don't count as attacks Enumeration - I don't count that either I could an actual compromise as an attack. We have had those on PBXs we provided trunks for. This is because the clients don't learn no matter what we tell them. "Stop using 12345 as a password k thanx!" This is not a post to take away from your data, but the reality is, from my perspective, if you said 2.5 million, I'm willing to bet a years worth of lunch, the actual number is in the tens of thousands *IF* even that much. Even our upstreams (VZ, Level3, MiniLevel3 (GBLX), Tandem, etc.) have gotten a little smart on alerting for fraud. (Its after the fact, but its nice to know they saw it tenteen hours late). My colleagues and I stopped counting managed PBXs, trunks, etc because it reached too many to keep track of. We do however, run all through SBCs with using Transnexus which is great, but at the same time, we have learned the ropes and created our own Frankenstein alerting system. ATTACK wise (meaning compromise) these have dwindled into perhaps the teens, and even then, Transnexus allows us to further minimize the $ damage. Mind you, I could easily say: "Im getting scanned! (attack)" "I'm being brute forced! (attack)" and throw this number into the tens of millions easily. This doesn't even include clients softphones, Snoms, Polys, etc., that receive ghost calls. "I'm getting spammed, ghost calls." Heck I wouldn't even know where to place the figure. Tens of millions? So define ATO. Is this a scan, someone bruteforcing. What is an ATO. I define an attack as a compromise when it comes to VoIP. Lord knows there aren't enough days in the year to count scans, sipvicious, other nonsense. Not to forget about the honeypots I have lurking. 400 "attempts" is literally peanuts (.25%) sourcetype Count Last Update CDR-6 5,716,520 Thu Nov 21 16:06:42 2013 One SBC, one month. If I dug out how many failed brute force attempts, scans, etc., I could easily say.. Of the 5,716,520 calls that were put through, based on the amount of scans, brute forcers, etc., I have seen, there were 100,000,000 attacker. 1,000 people tried scanning 1,000 accounts! See the dilemma? No harm no foul. Reality? OF the 5,716,520 calls, we had 450 ATTEMPTED fraudulent attempts, of which 90 completed, of which most were blocked after N attempts (Transnexus). So bottom line? we had 90 fraudulent calls aka 0.001574% fraud. Even if I multiplied this 44x (to meet your 400 call criteria), I'd be in the 0.069% range for fraud at a little over a quarter billion calls. I won't even get into what the call center we have is saying. This is coming from engineering now. People in my call center will tell me the Internet is blown up simply because their browser isn't opened. They aren't trained to see real data. Anyhow ;) Let me stop picking on the list before someone steps on me! -- =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ J. Oquendo SGFA, SGFE, C|EH, CNDA, CHFI, OSCP, CPT, RWSP, GREM "Where ignorance is our master, there is no possibility of real peace" - Dalai Lama 42B0 5A53 6505 6638 44BB 3943 2BF7 D83F 210A 95AF http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x2BF7D83F210A95AF