Iristel: Experience with Reporting Fraud (Case Study)

Carrier Reports
1

Introduction

Iristel is a Canadian Telecommunication company that is also a reseller of U.S. numbers to a vast variety of smaller companies. Often, these resellers (Iristel’s customers) sell numbers that have been documented to be used for scam and other fraudulent activities. Iristel is aware of these phone and SMS scams and address provides the following advice to victims (https://www.iristel.com/putting-a-stop-to-phone-scammers)

iristel_scam_advice
iristel_scam_advice1383×647 49.8 KB

As seen in the screenshots above, Iristel puts the responsibility on preventing scams and frauds originating from their network on consumers and other carriers while also acknowledging that this is just a “whack-a-mole” game and that numbers maybe spoofed. Being a Canadian provider Iristel recommends reporting any fraud/scam call to the Canadian Anti-Fraud Centre (CFAC) which is a process that is too complicated for an average consumer.

Iristel is a provider to resellers and does not provide numbers or services to consumers directly, a fact that they use to didge their responsibility towards any fraud/abuse reports sent to them against numbers owned by Iristel. This can be seen from the example below when an Iristel number used by Arlo scammers was reported to them.

iristel_arlo_reply
iristel_arlo_reply1106×547 36.3 KB

As seen from the case above, Iristel acknowledges that they own the number but refuse to do anything since the number is sold by their reseller. The identity of the customer leasing the number is not what is being asked, we are asking the providers to be more active with fraud on reseller networks or disclose the name of the reseller so that they may be contacted directly. While laws may allow Iristel to not disclose the reseller, we know that other carrier like Bandwidth provide details regarding their reseller and forward complaints to them. The example below shows Bandwidth acknowledging the reseller as RingCentral and forwarding the report to them.
bandwidth_rc
As seen from the example above, other resellers do release the information of the seller of a number when an abuse report is sent to them and they also forward this information onto the reseller. This makes Iristel’s use of laws to prevent release of reseller information and forwarding the abuse reports to the reseller a blatant misuse which allows for its resellers to be used as safe providers to scam operations. This is a standard reply from Iristel as can be seen in the images below which have been taken from various reports made by the DeMurrage team.
iristel_3
iristel_31043×507 31.1 KB

Telstra: An Iristel Reseller

Telstra is an Australian telecommunication provider and a reseller of Iristel numbers.

In this example, a group is running the same Arlo scam as the numbers mentioned above. As seen from the screenshot below, this number (6139024920) was reported to Iristel on Oct 2nd ,2023 with Iristel providing their usual reseller reply and refusing to disclose the reseller.

iristel_2
iristel_21053×509 42.3 KB

The same number was found to be active on May 3rd, 2024 and then reported to the reseller Telstra since this information was now available via a private lookup tool (shown below)
telstra_lookup
iristel_4
iristel_41132×131 14.8 KB

Fig: May 3rd, 2024 report (6139034920) to Telstra
The conversation with Telstra can be found in the screenshots below
telstra_1
telstra_11075×457 26.1 KB

telstra_2
telstra_21015×516 26.1 KB

These emails were sent to the two email addresses published by Telstra for reporting “misuse of service” (fraud) i.e. [email protected] and [email protected]. As of this writing no replies have been received and the number continues to be live and running the same Arlo scam.

Telstra also mentions an abuse form (https://service.telstra.com.au/customer/general/surveys/Report_misuse_of_service) which is currently offline but was available when the reports were first sent. Telstra did not provide any confirmation of follow-up after submitting this form. This form was captured by “The Wayback Machine” on March 18th 2024 (REPORT MISUSE OF SERVICE-Unavailable) but is now available at a new link https://www.telstra.com.au/forms/report-misuse-of-service . Telstra also now only publishes [email protected] email for reporting scam or other fraudulent activity. Attached below are the recordings of calls made to this number on May 13th, 2024 and another one where the scammer answers the call as Arlo. These recordings have been sent to Telstra as well as Iristel.

Telstra takes a similar stance to fraud like Iristel, they have detailed instructions on what to do if a customer comes across a scam with the usual advice to just not answer calls from unknown numbers and block any that are scams. The screenshot below shows Telstra’s advice on how to prevent scams and nowhere does it inform viewers about reporting scam originating from the Telstra network to them unless they are a customer

iristel_scam_advice
iristel_scam_advice1383×647 49.8 KB

Some of this advice (like calls to 190 are premium) is targeted at Australian consumers without any regard to someone who may come across this advice after searching a scam number that called them and is not an Australian resident.

Call to Action

We believe that the following changes should be adapted by Iristel. Telstra and other VoIP providers:

  1. Responsible Orgs (ResOrgs) like Iristel should hold their resellers accountable for fraud originating from reseller networks. ResOrgs should investigate reports of fraud for numbers owned by them even if the actual number is leased to a customer of a reseller.
  2. Resellers should enforce the same KYC requirements as those enforced by the ResOrgs. Repeat offenders should be investigated by the ResOrgs.
  3. All VoIP providers should make their abuse email/forms easy to find and use by the general public. Burden of proof that a number is spoofed should fall on the provider and not the reporter. Providers must provide updates to any reporters in a timely manner (ideally within 24 hours) and keep them updated with any new information.
  4. Providers must call the numbers to verify the reports themselves. A verification call should also be made to verify any disconnection notifications from resellers.

These are not big asks. Most of these are already being done by a few providers. Bandwidth discloses the identity of its resellers when it forwards the reports while also keeping the reporter in the loop on any reseller requirements or actions. Some providers will verify the report and put a temporary block on the number while the reseller investigates (examples can be provided on request). This temporary block prevents the number from being used for scams and prevents further harm while the provider and/or the reseller investigate.

Providers and their resellers must take a harder and more proactive stance on fraudulent use of their network in-order for the U.S scam epidemic to be reduced.

PS: A PDF of this report is attached. The PDF should be considered authoritative in-case of any discrepancies.
iristel_reporting_experience.pdf (470.9 KB)