You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/active-directory/authentication/concept-mfa-regional-opt-in.md
+5-5Lines changed: 5 additions & 5 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -1,6 +1,6 @@
1
1
---
2
2
title: Regions that need to opt in for Azure AD Multi-Factor Authentication (MFA) telephony verification | Azure Active Directory
3
-
description: To protect customers, some regions require adminstrators to create a support ticket to request to opt in to receive MFA telephony verification Azure Active Directory
3
+
description: To protect customers, some regions require a support ticket to request to opt in to receive MFA telephony verification Azure Active Directory
4
4
5
5
services: active-directory
6
6
ms.service: active-directory
@@ -21,19 +21,19 @@ As a protection for our customers, Microsoft doesn't automatically support telep
21
21
22
22
## Why this protection is needed
23
23
24
-
In today's digital world, telecommunication services have become ingrained into our lives. But advancements come with a risk of fraudulent activities. International Revenue Share Fraud (IRSF) is a threat with severe financial implications that also makes using services more difucult. Let's look at IRSF fraud more in-depth.
24
+
In today's digital world, telecommunication services have become ingrained into our lives. But advancements come with a risk of fraudulent activities. International Revenue Share Fraud (IRSF) is a threat with severe financial implications that also makes using services more dificult. Let's look at IRSF fraud more in-depth.
25
25
26
26
IRSF is a type of telephony fraud where criminals exploit the billing system of telecommunication services providers to make profit for themselves. Bad actors gain unauthorized access to a telecommunication network and divert traffic to those networks to skim profit for every transaction that is sent to that network. To divert traffic, bad actors steal existing usernames and passwords, create new usernames and passwords, or try a host of other things to send SMS messages and voice calls through their telecommunication network. Bad actors do this by taking advantage of multifactor authentication screens, which require an SMS or voice call before a user can access their account. This activity causes exorbitant charges and makes services unreliable for our customers, causing downtime, and system errors.
27
27
28
28
Here's how an IRSF attack may happen:
29
29
30
30
1. A bad actor first gets premium rate phone numbers and registers them.
31
-
1. A bad actor uses automated scripts to request voice calls or SMS messages. The bad actor is colluding with number providers and the telecommunication network to drive more traffic to those services and will skim some of the profits of the increased traffic.
31
+
1. A bad actor uses automated scripts to request voice calls or SMS messages. The bad actor is colluding with number providers and the telecommunication network to drive more traffic to those services. The bad actor skims some of the profits of the increased traffic.
32
32
1. A bad actor will hop around different region codes to continue to drive traffic and make it hard for them to get caught.
33
33
34
-
The most common way to conduct an IRSF attack is through some end-user experience that requires a two-factor authentication code. Bad actors add those premium rate phone numbers and pump traffic to them by requesting two-factor authentication codes. This results in revenue-skimming, and has led to a $10-billion dollar loss.
34
+
The most common way to conduct an IRSF attack is through some end-user experience that requires a two-factor authentication code. Bad actors add those premium rate phone numbers and pump traffic to them by requesting two-factor authentication codes. This activity results in revenue-skimming, and has led to a $10-billion dollar loss.
35
35
36
-
IRSF fraud poses a significant threat to online businesses and can result in substantial financial losses and reputational damage. By understanding IRSF, one becomes more aware of the problem and can engage in implementing preventive measures such as regional restrictions, rate limiting, and phone number verification.
36
+
IRSF fraud poses a significant threat to online businesses and can result in substantial financial losses and reputational damage. By understanding IRSF, you can be more aware of the problem and can engage in implementing preventive measures such as regional restrictions, rate limiting, and phone number verification.
0 commit comments