Computer-implemented detection of anomalous telephone calls, for example detection of interconnect bypass fraud, is disclosed. A telephone call associated with user devices is analyzed remote from the user devices. A first set of multiple features, for example Mel Frequency Cepstral Coefficients, is derived from a call audio stream. The first set is converted to an embedding vector, for example via a model based on a Universal Background Model comprising a Gaussian Mixture Model, which model is preferably configured based on a training plurality of first sets of multiple features derived form a corresponding training plurality of audio streams. Occurrence, or probability of occurrence, of an anomalous telephone call is determined based on the embedding vector, for example via a back-end classifier, such as a Gaussian Backend Model, which classifier is preferably configured based on labels associated with the training plurality of audio streams.

A spam call prevention apparatus 11 includes: a response unit 111 configured to convey, to a phone terminal of a sender of a call, a response that, in a case where the call from the sender is evaluated as a spam or a fraud by a receiver of the call, the sender is billed a sum of money corresponding to a probability of being evaluated as the spam or the fraud; a notification unit 112 configured to notify, when the sender has requested, in responding to the response, the call to the receiver, a phone terminal of the receiver of a request for returning an evaluation result of evaluating the call from the sender after the call between the sender and the receiver has ended; and a determination unit 114 configured to determine, when the call from the sender has been evaluated as the spam or the fraud in the evaluation result, the sum of money corresponding to the probability of being evaluated as the spam or the fraud, as a sum of billing.

A fraud damage prevention system (1000) includes a call processing server (20) and an ENUM/DNS server (10). The call processing server (20) includes: a fraud determination requesting unit that transmits a fraud number determination request, to which a call originating number of a call originating device (4) is affixed, to the ENUM/DNS server (10), and that receives the determination result as to whether or not the call originating number is a fraud number; and a fraud prevention processing unit that performs a predetermined fraud damage prevention process. The ENUM/DNS server (10) includes: a storage unit that stores fraud number information (100); and a fraud determination unit that references the fraud number information (100) using the call originating number, determines that the call originating number is a fraud number in the case where a number that is the same as the call originating number is registered, and transmits the determination result to the call processing server (20).

A computer-implemented method, a computer program product, and a computer system for detecting, verifying and preventing unauthorized use of a Voice over Internet Protocol (VoIP) service. A computer rates a VoIP call based on a database including information of the caller number, in response to determining that no record of a caller number exists in a database including the information of unauthorized uses. The computer sets a predetermined time period for the VoIP call based on a rating of the VoIP call, adds the predetermined time period to a session initiation protocol (SIP) invite, and connects the VoIP call to a called party. In response to that the predetermined time period is reached, the computer interrupts the VoIP call and prompts the caller to conduct user verification. In response to that the caller is successfully verified, the computer reconnects the VoIP call to the called party.

Aspects of the invention determining a threat score of a call traversing a telecommunications network by leveraging the signaling used to originate, propagate and terminate the call. Outer-edge data utilized to originate the call may be analyzed against historical, or third party real-time data to determine the propensity of calls originating from those facilities to be categorized as a threat. Storing the outer edge data before the call is sent over the communications network permits such data to be preserved and not subjected to manipulations during traversal of the communications network. This allows identification of threat attempts based on the outer edge data from origination facilities, thereby allowing isolation of a compromised network facility that may or may not be known to be compromised by its respective network owner. Other aspects utilize inner edge data from an intermediate node of the communications network which may be analyzed against other inner edge data from other intermediate nodes and/or outer edge data.

Methods and apparatuses for managing spoofed calls to a mobile device are described, in which the mobile device receives a call transmitted over a cellular or mobile network. The call may include a set of information associated with the network, such as a geological location of a device that generated the call, a hardware device identifier corresponding to the device, an internet protocol (IP) address associated with the device, or a combination thereof. The mobile device may determine whether the call is spoofed or genuine based on the set of information. Subsequently, the mobile device may assist a user of the mobile device to manage the call, such as blocking the call from reaching the user, informing the user that the call is spoofed, facilitating the user to report the call as spoofed to an authority and/or a service provider of the network.

One example involves a communications server providing communications services to remotely-situated client entities, wherein each client entity is associated with users and each user is associated with a communication device. The server may verify a first authentication factor for a user among the users, and generate a communication request that includes a first portion specifying at least one target endpoint associated with the user and a second portion associated with or indicating the security code and that includes a set of instructions which: are specific to the user, which specify how to communicate the security code for the user, and which specify different security codes for different types of communications. Via the server, the security code is sent to the user according to the set of instructions, and verified via a second authentication factor associated with or for the user by comparing input from the user to the security code.

A subscriber information authentication system that compares network-obtained and device-obtained information to verify that a device being used in connection with a user account is authenticated for that account. Certain subscriber information may be associated with the account during a registration process. In subsequent attempts to access the account, the registered subscriber information may be used in conjunction with information obtained from a telecommunication network and from a device to verify that the device is authorized. The information from the telecommunication network may be queried using Signaling System No. 7 (“SS7”) protocols. The device authorization may be performed, for example, to ensure that a device being used for device-based verification is the device a user purports it to be.

When an SIP server receives a call signal addressed to a callee side terminal, the SIP server transmits a warning signal to the callee side terminal before transmitting the call signal to the callee side terminal when an international call identifier indicating that the call signal passes through a foreign country is set in the call signal. In addition, when the SIP server receives the call signal addressed to the callee side terminal, the SIP server includes a warning that the caller number is disguised in a warning signal when an international call identifier indicating that the call signal passes through a foreign country is set in the call signal and the caller number of the call signal is a number from a country in which the callee side terminal is located.

There is provided a method, and application server for enabling recording of communications transmitted via an Internet Protocol Multimedia Subsystem Network. A call request is received from a first party to call a second party and a database, comprising a plurality of subscriber profiles, is queried to obtain subscriber configuration data relating to at least one of the first party and the second party. Based on the subscriber configuration data, media streams are caused to be transmitted between the first party and a Media Resource Function, between the second party and the Media Resource Function, and from the Media Resource Function to a recording device to record at least part of a call between the first and second party. A communications network and a user device are also provided.