We're trying to stop fraudulent VoIP (toll fraud) before it happens.

What is SentryPeer?

SentryPeer is designed to help detect compromised VoIP accounts. These credentials could have been gathered from desk phones, softphones, PBXs and WebRTC services for example. It works by your system always sending us an API call for each phone call (or IP address) you want to check. We then send you back a response with the results of our analysis. You can use this information to block the phone call, or take other action.

How do I use SentryPeer?

Let's say you are running your own VoIP PBX on site, or you're a VoIP service provider. What SentryPeer will allow you to do in this context, is dip into our list of phone numbers (using the RESTful API) as your users are trying to make outbound calls.

If you get a hit, you'll get a heads-up that potentially a device within your network is trying to call low cost probing phone numbers to check that the account can make outside calls. Criminals do this before revealing and calling the expensive numbers they want to call, which they usually own. These expensive numbers are often premium rate numbers, or international numbers.

The test numbers that we check against have either been:

1. Numbers collected by SentryPeer nodes you are running yourself
2. Numbers seen by the SentryPeer nodes we run, depending on your subscription level

We would then notify you or block the call using our various integrations, so you don't rack up any expensive calls or something worse happens.

What scenarios lead to VoIP fraud?

There are many and new ones are being discovered all the time. Here are some common ones:

1. Potential voicemail vulnerabilities. This can happen if you allow calling an inbound number (your DID/DDI) to get to your voicemail system, then prompt for a PIN. This PIN is weak and the voicemail system allows you to press '*' to call back the Caller ID that left a voicemail. The attacker has left a voicemail, and they then guess your PIN and call it back. The CLI might be a known number that SentryPeer has seen, which we can send you an alert for.
2. A device has been hijacked and/or a softphone or similar is using the credentials they stole off the phone's GUI and is now registered to your system and trying to make calls to a number seen by SentryPeer.
3. An innocent user is calling a phishing number or known expensive number etc. that SentryPeer has seen before.
4. Holes in a VoIP service providers rate plan where certain destinations are on old prices, not priced correctly or numbers have been re-categorised as premium rate. This happens a lot with mobile numbers.
5. Misconfigured dialplans.
6. Exploitations in firmware or PBX software.

The data we compare your queries against is gathered from various VoIP (SIP) honeypots that we run, all round the world, unless you are on the Contributor Plan.

“After 12 years of building and scaling SureVoIP, an awarding winning Internet Telephone Service Provider, it was acquired from me in July 2021. I then created SentryPeer in an attempt to address the need of having an early warning system for VoIP fraud. I hope you find it useful and help us tackle this.”

We do our software engineering in the open and love bug reports and feature requests. Feel free to open an issue on any of our repositories.