Radware Ltd.

01/20/2025 | Press release | Distributed by Public on 01/20/2025 15:41

Tackling International Revenue Share Fraud with Advanced Bot Management

As online businesses continue to thrive in a digitally connected world, they also become prime targets for sophisticated fraud schemes. Amongst the most damaging is the International Revenue Share Fraud (IRSF), in which fraudsters exploit telecom and payment systems using bots to trigger fraudulent activities, leading to considerable financial losses for organizations.

In this blog, we'll explore how IRSF works, how bots are used to execute these attacks, and how businesses can defend themselves using advanced bot management solutions, drawing on a real-world example from a leading multinational e-commerce platform that recently faced and successfully mitigated this threat.

What is International Revenue Share Fraud?

International Revenue Share Fraud (IRSF) typically involves fraudsters manipulating large volumes of interactions with premium-rate international numbers or SMS-based services to maliciously generate revenue from the inflated charges which are shared with telecom providers.

For example, one of our e-commerce customers - a leading multinational platform - faced such an attack when attackers used bots to exploit both the platform's account creation workflows and OTP (One-Time Password) verification processes. Fraudsters created thousands of fake accounts using bots, triggering account verifications or account upgradation workflows within the platform that would generate premium-rate messages to numbers on international telecom providers. This caused artificially inflated charges from these telecom providers, which were then billed to the platform.

How Bots Are Used in IRSF Schemes

Bots are at the core of modern IRSF attacks where fraudsters deploy these automated scripts to carry out large-scale attacks on target endpoints at high speed and volume. In the case of this e-commerce customer, the bots performed the following malicious activities:

Automated Fake Account Creation

Fraudsters deployed sophisticated bots to create thousands of fake user accounts on the platform. These fake accounts were set up solely to trigger account verification or account upgrade workflows involving OTP verifications as a security measure.

Exploitation of OTP Verification Systems

The attackers used bots to initiate multiple OTP requests on these workflows, each linked to international premium-rate numbers with inflated service charges. These numbers were operated by unethical telecom providers that would then share the proceeds with the attackers. The inflated charges were billed to the organization as if they were legitimate transactions, causing substantial financial damage.

The Financial and Operational Toll of IRSF

The scale of damage caused by IRSF is significant. In the case of our e-commerce customer they faced:

Revenue Losses: Fraudulent calls to premium-rate international numbers led to inflated service charges being passed on to the organization by telecom providers. These charges were not only high but also difficult to verify in real time.

Operational Strain: The organization's internal security and risk teams were overwhelmed by the volume and sophistication of the bot-driven attacks. Strengthening the account verification or phone number validation processes was no longer sufficient to combat the sheer number of malicious requests coming through.

How Advanced Bot Management Can Defend Against IRSF

One of the most effective ways to combat bot-driven IRSF fraud attacks is by using advanced bot management solutions. Below are some key capabilities through which bot management can help businesses protect themselves:

Preemptive Blocking of Malicious Bots

Immediately identifying and blocking suspicious IP addresses or malicious sources in real-time is essential to stopping bots from even reaching sensitive workflows like account creation and OTP verifications. Suspicious traffic originating from known bot networks, suspicious regions, or malicious sources can be blocked immediately.

Behavioral-based Detection

The highly sophisticated and human-like behaviors of modern bots can make traditional detection methods ineffective. Using behavioral-based detection based on AI-driven algorithms can detect suspicious activity by analyzing the way users interact with the platform. In the case of our customer, this meant detecting unusual automated bad bot behavior patterns in real-time.

Real-Time Traffic Analysis

By continuously analyzing incoming traffic, bot management solutions can recognize malicious activity in real-time. The solution can flag abnormal behavior or patterns such as sudden spikes in bad bot traffic, excessive OTP or account creation requests that are typical in such fraudulent schemes. Once identified, the solution can take immediate action to mitigate the activity, as was the case for this customer.

Advanced Mitigation

To stop sophisticated bots from completing sensitive workflows like account registration or OTP verifications, advanced mitigation techniques such as CAPTCHA-less crypto challenges can be used or signals in the post-CAPTCHA stage can be analyzed to detect if third-party CAPTCHA farm services are being used by attackers.

Conclusion

As demonstrated by the real-world example of the e-commerce organization, IRSF schemes that leverage sophisticated bots to manipulate telecom and payment systems for illicit gain can have devastating financial and operational consequences. By adopting advanced bot management solutions with capabilities such as preemptive blocking, behavioral detection, and advanced real-time mitigation, businesses can stop such fraud before it happens and safeguard both their revenue and operations.

To read more about how this e-commerce platform secured their operations and prevented financial losses arising from malicious IRSF-driven bot attacks with the Radware Bot Manager, please download the case study here.