Mobileum Blog

How Fraudsters Are Exploiting the Exponential Rise in Data Traffic

Written by Pedro Fidalgo | 31/03/2022

It feels like just a few years ago, we were discussing how to incentivize consumers and businesses to use mobile data. With 4G, communications service providers (CSPs) had the connectivity speed and bandwidth to shepherd in the arrival of all-you-can-eat data plans and zero-rated services to increase adoption. These proved just the ticket for consumers and businesses as data quickly overtook voice and SMS on the revenue leaderboard. According to Reportlinker.com, in 2020, the world generated approximately 47.6M Terabytes of mobile data traffic per month. Spurred on by the COVID-19 crisis, mobile data traffic is estimated to increase to 220.8M Terabytes per month by 2026, representing 28% CAGR. This growth in data traffic comes with a double-edged sword for CSPs. On one hand, traffic will continue to skyrocket, but the ability for CSPs to capture the full revenue is being undercut by fraudsters, says Carlos Duarte Marques, Mobileum Head of Product Management, Fraud and Risk.

The perils of unlimited data plans, zero-rated and white-listed traffic

Most operators charge for cellular data based on user data usage volume. However, considering the significant impact on operator profits and subscribers’ bills, accurate and fair data charging has become an important issue for cellular operators and their subscribers. As observed in the market, some operators have chosen not to charge for specific traffic for control purposes in operation of networked systems, such as the Domain Name System (DNS) and Transmission Control Protocol (TCP) retransmission traffic. Furthermore, depending on the business model, operators also do not charge for the data traffic from a designated mobile application, such as a customer service application. These charging policies open the possibility for abuse of fair-usage policies, which enable a fraudster to use the cellular data service for free.

Providing free access to services, such as Facebook, was also essential to encourage mobile data usage. However, this is now providing a cover for zero-rated fraud. For example, by using a domain fronting app, a fraudster could disguise all of their Internet traffic to look like Facebook, thereby taking advantage of a zero-rated Facebook plan. To achieve this deception, domain fronting relies on content delivery networks (CDNs) that host multiple domains (websites). Since major Internet players like Facebook distribute their content from CDNs, and Facebook is included in many zero-rated Free Basics offerings, accurately identifying zero-rated traffic can be a significant challenge for operators – and hackers are becoming increasingly aware of this.

It is not just free, zero-rated traffic that hackers are exploiting. Hackers are also targeting the usage of paid content by disguising the IP address via tunneling fraud. Many operators often leave white-listed DNS open and un-monitored, allowing prepaid customer traffic to proceed without first checking for subscriber balance, time/volume limits, or deduction of funds.



Data revenue is at risk without machine learning and DPI capabilities

These issues are set to become greater for operators as 5G users are expected to consume up to 2.7x more mobile data compared to 4G users. The greater uptake of cloud-based video streaming services, volume of live-streamed content, videogame streaming services, even corporate training materials will create the perfect breeding ground for fraudsters to exploit.

To maximize data revenues and protect your network and customers from fraudsters and malicious attacks, CSPs must equip their fraud teams with a data fraud solution that boasts:

  • Well defined machine learning models: to stop tunnel fraud by analyzing data traffic across DNS tunnels and proactively detecting illegal tunnels across these zero-rated services.
  • Contextual DPI Analytics: to stop illegal tethering by gathering information from your data network, inspecting the data sessions for specific parameters, and detecting the number of devices that have active data connections and TTL parameters to identify devices that are sharing the connection and devices using the connection in tethering mode.
  • Analytics powered with augmented signature intelligence: to monitor for domain fronting data fraud by accurately identifying encrypted applications and proactively detecting unclassified traffic to facilitate the timely development of new signatures.

Contact us to learn more about how you can protect your data revenues with Mobileum’s data fraud solutions.