One of the popular tools of telephone scammers in recent times has become virtual automatic telephone exchanges (VATS) - devices that generate hundreds of city numbers.
This is a completely legal communication service that can be purchased by any legal entity. But it is often used by criminals - for example, if they want gullible citizens to take their calls, supposedly coming from city numbers, for official ones. The problem is that the end user who uses the VATS to generate numbers is unknown, experts note. The State Duma proposed introducing mandatory identification, but the Ministry of Digital Development proposed discussing this initiative with the industry community of operators.
The virtual PBX service is provided by wireline operators. It allows companies that have purchased such a service to use a telephone exchange via the Internet without purchasing specialized switching equipment - and their calls are displayed as "city calls". When such a call comes from a virtual number, the user believes that they are being called from some organization and loses vigilance.
Legal entities can use hundreds of numbers via PBX. And now there is no way to track which specific employee is using the number, which creates conditions for the implementation of fraudulent schemes.
A legal entity can contact telecom operators to install a virtual PBX. To receive these services, the company will have to provide constituent documents and conclude an agreement. If at some point it is discovered that fraudulent traffic is coming from such a PBX, only the operator will be able to quickly identify this legal entity and block all its communication services.
According to the restrictions, in 2025, no more than twenty subscriber numbers can be registered to a Russian citizen, and no more than ten to a foreigner. In addition, only employees of organizations and individual entrepreneurs working under a contract will be able to use corporate SIM cards, provided that the information is entered into the Unified Identification and Authentication System (ESIA). Telecom operators will have to verify the accuracy of the subscriber's information before providing him with communication services.
Therefore, the demand for VATS will increase among fraudsters who will look for alternative channels to commit crimes.
The same requirements are needed for fixed-line operators offering VATS services to companies as for legal entities with SIM cards, the senator believes. He sent a corresponding letter to the Department of State Regulation of the Telecommunications Market of the Ministry of Digital Development, Communications and Mass Media. So that information about the employment of the end user of VATS is also added to the Unified Identification and Authentication System.
The initiative to identify VATS subscribers is intended to increase the responsibility of mobile operators and legal entities themselves, including for data leaks.
- Most often, unfortunately, personal data leaks do not come from the top officials of the company: directors, deputies, and so on. But conditionally from new employees who have just recently started working and have gained access to a particular database of personal data or information.
Therefore, if virtual numbers are assigned to specific individuals working in the company, it will be much easier to find the offender, he believes. Life is made easier for law enforcement agencies and employees of the internal security service.
At the same time, the fight against telephone fraud, phishing sites, spoof numbers, and gray SIM cards are among the priorities of the Ministry of Digital Development, the department's press service assured. These initiatives, in particular, will be included in the new national project "Data Economy and Digital Transformation of the State".
"We also plan to create a single anti-fraud platform together with the Central Bank, the Ministry of Internal Affairs, and other departments, which will ensure online interaction between government agencies, banks, telecom operators, and digital platforms to combat telephone fraud," the ministry emphasized.
If it is possible to consolidate efforts on the part of regulators, telecom operators, banks, then in the near future there may be a complete ban on the sale of virtual PBX without user identification. In his opinion, this will not allow fraudsters to use such tools en masse.
This is a completely legal communication service that can be purchased by any legal entity. But it is often used by criminals - for example, if they want gullible citizens to take their calls, supposedly coming from city numbers, for official ones. The problem is that the end user who uses the VATS to generate numbers is unknown, experts note. The State Duma proposed introducing mandatory identification, but the Ministry of Digital Development proposed discussing this initiative with the industry community of operators.
What is a virtual PBX
Virtual automatic telephone exchanges have become one of the tools actively used by fraudsters, cybersecurity companies reported.The virtual PBX service is provided by wireline operators. It allows companies that have purchased such a service to use a telephone exchange via the Internet without purchasing specialized switching equipment - and their calls are displayed as "city calls". When such a call comes from a virtual number, the user believes that they are being called from some organization and loses vigilance.
Legal entities can use hundreds of numbers via PBX. And now there is no way to track which specific employee is using the number, which creates conditions for the implementation of fraudulent schemes.
A legal entity can contact telecom operators to install a virtual PBX. To receive these services, the company will have to provide constituent documents and conclude an agreement. If at some point it is discovered that fraudulent traffic is coming from such a PBX, only the operator will be able to quickly identify this legal entity and block all its communication services.
The Future of VATS
Virtual automatic telephone exchanges (VATS) may soon become more attractive to fraudsters. After the adoption in August of this year of a law limiting the number of SIM cards per user, attackers may switch from using SIM boxes (a device for working with a large number of SIM cards) to other methods.According to the restrictions, in 2025, no more than twenty subscriber numbers can be registered to a Russian citizen, and no more than ten to a foreigner. In addition, only employees of organizations and individual entrepreneurs working under a contract will be able to use corporate SIM cards, provided that the information is entered into the Unified Identification and Authentication System (ESIA). Telecom operators will have to verify the accuracy of the subscriber's information before providing him with communication services.
Therefore, the demand for VATS will increase among fraudsters who will look for alternative channels to commit crimes.
The same requirements are needed for fixed-line operators offering VATS services to companies as for legal entities with SIM cards, the senator believes. He sent a corresponding letter to the Department of State Regulation of the Telecommunications Market of the Ministry of Digital Development, Communications and Mass Media. So that information about the employment of the end user of VATS is also added to the Unified Identification and Authentication System.
The initiative to identify VATS subscribers is intended to increase the responsibility of mobile operators and legal entities themselves, including for data leaks.
- Most often, unfortunately, personal data leaks do not come from the top officials of the company: directors, deputies, and so on. But conditionally from new employees who have just recently started working and have gained access to a particular database of personal data or information.
Therefore, if virtual numbers are assigned to specific individuals working in the company, it will be much easier to find the offender, he believes. Life is made easier for law enforcement agencies and employees of the internal security service.
The Ministry of Digital Development sent to operators
However, the Ministry of Digital Development believes that the proposed measure needs to be further developed with the industry community. This follows from the department's response.At the same time, the fight against telephone fraud, phishing sites, spoof numbers, and gray SIM cards are among the priorities of the Ministry of Digital Development, the department's press service assured. These initiatives, in particular, will be included in the new national project "Data Economy and Digital Transformation of the State".
"We also plan to create a single anti-fraud platform together with the Central Bank, the Ministry of Internal Affairs, and other departments, which will ensure online interaction between government agencies, banks, telecom operators, and digital platforms to combat telephone fraud," the ministry emphasized.
If it is possible to consolidate efforts on the part of regulators, telecom operators, banks, then in the near future there may be a complete ban on the sale of virtual PBX without user identification. In his opinion, this will not allow fraudsters to use such tools en masse.
