Anti-Fraud Detection

VoIPmonitor provides built-in anti-fraud detection capabilities through GeoIP-based alerts and monitoring features.

Overview

Anti-fraud features help detect:

• Unauthorized international calls (toll fraud)
• Account hijacking attempts
• Credential stuffing attacks
• Unusual calling patterns

Configuration

Anti-fraud alerts are configured in GUI → Alerts → Anti Fraud.

Country/Continent Destination Alert (Realtime)

Detects calls to specific countries or continents in real-time. Useful for detecting toll fraud where compromised accounts are used to make expensive international calls.

Configuration:

• Set threshold for number of calls
• Select target countries/continents
• Configure notification recipients

Change CDR Country Alert

Detects when the IP country of caller or callee changes between calls. This can indicate:

• Account compromise (calls from unusual locations)
• SIP credential theft

Configuration:

• Whitelist trusted countries (Exclude countries)
• Apply filters by phone numbers or IP addresses

Change REGISTER Country Alert

Detects when a device registers from a different country than expected. This is a strong indicator of:

• Account hijacking
• Stolen SIP credentials
• Unauthorized device registration

Use case: If a user normally registers from Germany but suddenly registers from a different country, this alert triggers.

SIP Failed Register Alert

Detects brute-force attacks and credential stuffing by monitoring failed registration attempts from a single IP address.

Parameters:

• threshold - Maximum number of failed attempts before alert
• interval - Time window in seconds for counting attempts

GeoIP Integration

Anti-fraud features rely on GeoIP services for IP-to-country resolution. Configure GeoIP in GUI → Settings → System Configuration → GeoIP.

Priority of GeoIP processing:

1. MaxMind API
2. IPInfoDB API
3. Local GeoIP database
4. Free portals

See CountryGrouping for detailed GeoIP configuration.

Best Practices

• Configure alerts for high-risk destinations (premium rate numbers, high-cost countries)
• Set up Change REGISTER Country alerts for all critical accounts
• Regularly review failed registration patterns
• Combine with IP Groups for more granular control

Related Topics

• Alerts - General alert configuration
• CountryGrouping - GeoIP features and country grouping
• Groups - IP and telephone number groups for filtering

AI Summary for RAG

Summary: VoIPmonitor anti-fraud detection guide covering GeoIP-based alerts for toll fraud prevention. Features include: Country/Continent Destination alerts (real-time detection of calls to specific countries), Change CDR Country alerts (detect IP country changes between calls indicating account compromise), Change REGISTER Country alerts (detect device registration from unexpected countries indicating credential theft), and SIP Failed Register alerts (detect brute-force attacks by monitoring failed registration attempts). All anti-fraud alerts are configured in GUI → Alerts → Anti Fraud and rely on GeoIP services for IP-to-country resolution.

Keywords: anti-fraud, toll fraud, fraud detection, GeoIP, country alert, continent alert, Change CDR Country, Change REGISTER Country, SIP failed register, brute-force, credential stuffing, account hijacking, international calls, premium rate, fraud prevention

Key Questions:

• How do I configure anti-fraud alerts in VoIPmonitor?
• How do I detect toll fraud in VoIPmonitor?
• What is the Change CDR Country alert?
• How do I detect account hijacking in VoIPmonitor?
• How do I configure alerts for international calls?
• What is the Change REGISTER Country alert?
• How do I detect brute-force attacks on SIP registration?
• How does VoIPmonitor use GeoIP for fraud detection?