Premium-Rate Number Scams and AI-Call Defenses in 2026: Beating Wangiri and IRSF

International Revenue Share Fraud cost telecoms $6.69 billion in 2024 alone, and the new attack vector in 2026 is AI voice itself - attackers compromise a SIP trunk, place automated calls to premium-rate destinations they control, and walk away with revenue share before the customer notices. Wangiri (one-ring scams that bait callbacks) and IRSF together are the dominant outbound voice fraud pattern. The defense is real-time anomaly detection plus geo-blocked egress.

Background

IRSF works by exploiting the legitimate revenue-share business model that international premium-rate operators use to pay content providers. Fraudsters lease premium-rate ranges, then compromise a customer's PBX, SIP trunk, or VoIP credentials and pump traffic to those ranges. The originating carrier collects from the customer and pays termination fees to the destination network; the destination network shares revenue with the fraudster. By the time the customer sees the bill, the fraudster has cashed out.

Wangiri ("one ring" in Japanese) is the consumer flip side: scammers place a single-ring call to millions of phones, and a fraction of recipients call back, hitting the same premium-rate range. Both flows exploit the same revenue-share infrastructure. AI voice deployments are particularly exposed because they often place high volumes of outbound calls to many destinations and an attacker who hijacks credentials can blend in.

The 2026 defense pattern has three layers. First, geo-blocking at the trunk: deny outbound to countries the business never calls. Second, real-time anomaly detection: ML models that flag call patterns deviating from baseline. Third, IPRN range monitoring: subscribe to a fraud intelligence feed (Neural Technologies, BICS, iBASIS) that publishes known premium-rate ranges.

Architecture

flowchart TD
    A[AI Agent places outbound] --> B[Egress Policy Engine]
    B --> C{Destination country allowed?}
    C -->|No| D[Reject + alert]
    C -->|Yes| E{Destination in IPRN feed?}
    E -->|Yes| D
    E -->|No| F[Anomaly check]
    F --> G{Pattern deviates from baseline?}
    G -->|Yes| H[Throttle + alert]
    G -->|No| I[Place call via SIP trunk]
    I --> J[Log to fraud telemetry]
    J --> K[ML model retrain weekly]

The IPRN feed is the highest-leverage piece: most fraud destinations are known. Subscribing costs a few hundred dollars a month and prevents most damage.

CallSphere implementation

CallSphere runs egress policy on every outbound call across our six verticals. The default policy on Healthcare AI, Real Estate AI, Sales Calling AI, Salon AI, IT Helpdesk AI, and After-Hours AI is US and Canada only; international expansion requires explicit per-tenant unlock with a fraud risk attestation. We integrate the BICS IPRN feed for known premium-rate ranges and our fraud detection ML model (one of 90+ tools) runs against the call telemetry pipeline in real time. Anomaly thresholds default to 3 standard deviations above tenant baseline; alerts go to both the tenant's admin console and our SOC. Our 115+ DB tables include a fraud_events table with full audit trail. HIPAA + SOC 2 controls cover the fraud telemetry. Scale ($1499/mo) tenants get 24/7 SOC review of high-severity alerts. The 22% affiliate program credits Scale upgrades driven by international expansion.

Build steps

1. Default-deny outbound to every country the business does not actually call; whitelist only what is needed.
2. Subscribe to an IPRN intelligence feed (BICS, iBASIS, Neural Technologies); update daily.
3. Build a baseline of normal outbound patterns per tenant per hour: destinations, durations, volumes.
4. Train an anomaly detection model on the baseline; retrain weekly.
5. Wire alerts to a SOC channel and the tenant admin console; hard-block on critical signals (10x volume to a new destination).
6. Audit egress logs daily for the first 30 days of any new deployment.
7. Rotate SIP credentials after every personnel change; require MFA on all VoIP admin access.
8. Test quarterly: simulate an IRSF attempt to validate detection latency.

FAQ

How much does IRSF cost on average? Industry data shows median compromise costs $20k to $50k per incident, with high-end attacks running over $1M. The compromise window is often hours, not days.

Can AI voice deployments be the attack vector? Yes. An attacker who compromises an AI voice tenant's SIP credentials can pump calls to premium-rate destinations. Egress policy and rapid anomaly detection are the only real defenses.

Are STIR/SHAKEN signed calls safe from IRSF? STIR/SHAKEN authenticates the calling number, not the called number. It does not prevent fraud where the attacker is calling premium-rate destinations from compromised legitimate accounts.

What is Wangiri exactly? Single-ring calls that hang up before answer. Recipients see a missed call from an international number and call back; the callback hits a premium-rate range and rings up charges. AI voice is mostly an outbound risk vector for IRSF, not Wangiri specifically, but the same destinations are involved.

Does CallSphere reimburse fraud losses? Pass-through Twilio billing applies. Our SOC monitoring on Scale plans typically catches attacks within minutes. We do not contractually reimburse but routinely partner with Twilio's fraud team to dispute unauthorized charges.

Sources

• Toll Fraud and IRSF Defense - Vonage
• Telecom Fraud Detection 2026 - AVOXI
• IRSF Defense Solution - Neural Technologies
• Understanding International Revenue Share Fraud - Akamai
• Wangiri Scam Prevention - Neural Technologies

Start a 14-day trial with managed fraud defense, browse pricing for Scale plans, or book a demo. Partners earn 22% via the affiliate program; enterprise fraud questions go to contact.