WO2023151399A1

WO2023151399A1 - Fraudulent incoming call identification method and apparatus, and electronic device and storage medium

Info

Publication number: WO2023151399A1
Application number: PCT/CN2022/140935
Authority: WO
Inventors: 赵军
Original assignee: 上海闻泰信息技术有限公司
Priority date: 2022-02-10
Filing date: 2022-12-22
Publication date: 2023-08-17
Also published as: CN114501462A

Abstract

Provided in the embodiments of the present disclosure are a fraudulent incoming call identification method and apparatus, and an electronic device and a storage medium. The method comprises: receiving an incoming call which is dialed by means of a voice over Internet protocol (VoIP); according to an incoming call number corresponding to the incoming call, determining first location information corresponding to the incoming call number; acquiring a gateway address corresponding to the incoming call, and determining, according to the gateway address, second location information corresponding to the gateway address; comparing the first location information with the second location information, and identifying whether the incoming call is a fraudulent incoming call according to a comparison result; and if it is determined that the incoming call is a fraudulent incoming call, performing an interception operation on the incoming call. By means of implementing the embodiments of the present disclosure, the accuracy of identifying a fraudulent incoming call can be improved, thereby ensuring information security of a user.

Description

Fraud call identification method, device, electronic device and storage medium

related cross reference

This disclosure claims the priority of the Chinese patent application with the application number 202210124437.0 and the title of the invention "Fraud Call Identification Method, Device, Electronic Equipment and Storage Medium" submitted to the China Patent Office on February 10, 2022, the entire contents of which are incorporated by reference incorporated in this disclosure.

technical field

The present disclosure relates to a fraudulent call identification method, device, electronic equipment and storage medium.

Background technique

At present, the success rate of fraudulent calls nationwide is about 0.1%. On average, for every 1,000 fraudulent calls made by criminals, one will be close to success. Criminals can successfully defraud once with a single phone number within a few days. When criminals use phone numbers to swindle, criminals usually use number changing software to change the phone number, which makes it difficult to track fraudulent calls and accurately identify whether the incoming calls are fraudulent.

Contents of the invention

(1) Technical problems to be solved

When criminals use phone numbers to swindle, criminals usually use number changing software to change the phone number, which makes it difficult to track fraudulent calls and accurately identify whether the incoming calls are fraudulent.

(2) Technical solution

According to various embodiments of the present disclosure, a fraudulent call identification method, device, electronic device and storage medium are provided.

A method for identifying fraudulent calls, the method comprising:

Receive incoming calls from VoIP;

determining the first location information corresponding to the incoming call number according to the incoming call number;

Obtaining a gateway address corresponding to the incoming call, and determining second location information corresponding to the gateway address according to the gateway address;

comparing the first location information with the second location information, and identifying whether the incoming call is a fraudulent call according to the comparison result;

If it is determined that the incoming call is the fraudulent incoming call, an interception operation is performed on the incoming call.

As an optional implementation of this embodiment of the present disclosure, the first location information includes first historical location information corresponding to historical moments and first real-time location information corresponding to current moments, and the second location information includes the historical The second historical location information corresponding to the moment and the second real-time location information corresponding to the current moment;

The comparing the first location information with the second location information, and identifying whether the incoming call is a fraudulent call according to the comparison result includes: comparing the first historical location information corresponding to the historical moment with the historical Comparing the second historical position information corresponding to the time to obtain a first comparison result; comparing the first real-time position information corresponding to the current time with the second real-time position information corresponding to the current time to obtain a second comparison result; Identifying whether the incoming call is the fraudulent incoming call according to the first comparison result and the second comparison result.

As an optional implementation manner of this embodiment of the present disclosure, the first historical location information includes at least the first historical location information corresponding to the incoming call number at the first historical moment, and the historical location information corresponding to the incoming call number at the second historical moment. The first historical location information, the second historical location information includes at least the second historical location information corresponding to the gateway address at the first historical moment, the second historical location information corresponding to the gateway address at the second historical moment location information; the first historical moment is earlier than the second historical moment;

The first comparison result includes: the first distance between the first historical location information corresponding to the first historical moment and the second historical location information corresponding to the first historical moment, the The second distance between the first historical location information and the second historical location information corresponding to the second historical moment; the second comparison result includes: the first real-time location information corresponding to the current moment and the current moment a third distance between the corresponding second real-time location information;

The identifying whether the incoming call is the fraudulent incoming call according to the first comparison result and the second comparison result includes: if the first distance is greater than a first distance threshold, or if the second distance is greater than a second distance threshold, or the third distance is greater than the third distance threshold, then it is determined that the incoming call is the fraudulent incoming call; if the first distance is not greater than the first distance threshold, and the second distance is not greater than the first two distance thresholds, and the third distance is not greater than the third distance threshold, then it is determined that the incoming call is not the fraudulent incoming call; wherein, the third distance threshold is smaller than the second distance threshold, and the second distance The threshold is less than the first distance threshold.

As an optional implementation of this embodiment of the present disclosure, the method further includes: if it cannot be determined that the incoming call is the fraudulent call according to the comparison result, automatically calling back the calling number; If the caller number is not connected, then the caller is identified as the fraudulent call; if the caller number is dialed back and the caller is connected, it is recognized that the caller is not the fraudulent caller.

As an optional implementation of this embodiment of the present disclosure, the method further includes: sending a detection instruction to the cloud, where the detection instruction is used to instruct the cloud to detect the marking state of the caller number corresponding to the incoming call; receiving the The flag state sent by the cloud; if the flag state indicates that the incoming call number is a fraudulent phone number, then it is recognized that the incoming call is a fraudulent call;

The determining the first location information corresponding to the incoming call number according to the incoming call number includes: if the marking state indicates that the incoming call number is not the fraudulent phone number, then according to the incoming call corresponding The incoming call number is used to determine the first location information corresponding to the incoming call number.

As an optional implementation manner of an embodiment of the present disclosure, the determining the first location information corresponding to the incoming call number according to the incoming call number corresponding to the incoming call includes:

According to the Cell ID positioning technology and/or AFLT positioning technology and the incoming call number corresponding to the incoming call, determine the first location information corresponding to the incoming call number.

As an optional implementation manner of this embodiment of the present disclosure, if it is determined that the incoming call is the fraudulent incoming call, performing an interception operation on the incoming call includes:

If it is determined that the incoming call is the fraudulent call, hang up the incoming call and shield the incoming call, and send a marking instruction to the cloud, the marking instruction is used to instruct the cloud to mark the incoming call number as a fraudulent phone number .

A device for identifying fraudulent calls, comprising:

A receiving module, the receiving module is configured as a module for receiving incoming calls dialed out by VoIP;

A first location determination module, configuring the first location determination module as a module for determining the first location information corresponding to the incoming call number according to the incoming call number corresponding to the incoming call;

A second location determination module, configuring the second location determination module as a module for obtaining the gateway address corresponding to the incoming call, and determining the second location location information corresponding to the gateway address according to the gateway address;

A comparison module, configured to compare the first location information with the second location information, and identify whether the incoming call is a fraudulent call according to the comparison result;

An interception module, configured to intercept the incoming call if it is determined that the incoming call is the fraudulent call.

The comparison module is also configured to compare the first historical location information corresponding to the historical moment with the second historical location information corresponding to the historical moment to obtain a first comparison result; and, configured to compare the current Comparing the first real-time location information corresponding to the moment with the second real-time location information corresponding to the current moment to obtain a second comparison result; and, configured to identify whether the incoming call is a fraudulent call according to the first comparison result and the second comparison result module.

The comparison module is further configured to determine that the incoming call is a fraudulent call if the first distance is greater than the first distance threshold, or the second distance is greater than the second distance threshold, or the third distance is greater than the third distance threshold module; and, if the first distance is not greater than the first distance threshold, and the second distance is not greater than the second distance threshold, and the third distance is not greater than the third distance threshold, then determine that the incoming call is not a fraudulent incoming call; wherein , the third distance threshold is smaller than the second distance threshold, and the second distance threshold is smaller than the first distance threshold.

As an optional implementation of the embodiment of the present disclosure, the device for identifying fraudulent calls further includes a callback module, and the callback module is configured to automatically call back the number of the incoming call if it cannot be determined that the incoming call is a fraudulent call according to the comparison result. and a module configured to recognize that the incoming call is a fraudulent call if it is not connected after calling back the calling number; and configured to recognize that the incoming call is not a fraudulent call if it is connected after calling back the calling number module.

As an optional implementation of the embodiment of the present disclosure, the device for identifying fraudulent calls further includes a cloud detection module, and the cloud detection module is configured to send a detection instruction to the cloud module, and the detection instruction is used to instruct the The cloud detects the marking status of the incoming call number corresponding to the incoming call; and, a module configured to receive the marking status sent by the cloud; and, if the marking status indicates that the calling number is a fraudulent phone number, then A module that recognizes that the incoming call is a fraudulent incoming call;

The first location determination module is further configured to determine the caller number according to the caller number corresponding to the incoming call if the flag state indicates that the caller number is not the fraud phone number A module corresponding to the first location information.

As an optional implementation manner of the embodiment of the present disclosure, the first position determining module further configures the first position determining module to use the Cell ID positioning technology and/or the AFLT positioning technology and the corresponding incoming call number of the incoming call, A module for determining the first location information corresponding to the caller number.

As an optional implementation of the embodiment of the present disclosure, the interception module is further configured to hang up the incoming call and screen the incoming call if it is determined that the incoming call is a fraudulent incoming call, and send a marking instruction to the module in the cloud, marking the instruction Used to instruct the cloud to mark the incoming caller number as a fraudulent phone number.

An electronic device comprising a memory and one or more processors, the memory is configured as a module storing computer-readable instructions; when the computer-readable instructions are executed by the processor, the one or more The processor executes the steps of the fraudulent call identification method described in any one of the above.

One or more non-volatile storage media storing computer-readable instructions, when the computer-readable instructions are executed by one or more processors, one or more processors perform the fraudulent call identification described in any one of the above method steps.

Additional features and advantages of the disclosure will be set forth in the description which follows, and in part will be apparent from the description, or may be learned by practice of the disclosure. The objectives and other advantages of the disclosure will be realized and attained by the structure particularly pointed out in the written description, claims hereof as well as the accompanying drawings, the details of one or more embodiments of the disclosure being set forth in the accompanying drawings and the description below.

In order to make the above objects, features and advantages of the present disclosure more comprehensible, optional embodiments are given below and described in detail in conjunction with the accompanying drawings.

Description of drawings

The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the disclosure and together with the description serve to explain the principles of the disclosure.

In order to more clearly illustrate the technical solutions in the embodiments of the present disclosure or the prior art, the following will briefly introduce the drawings that need to be used in the description of the embodiments or the prior art. Obviously, for those of ordinary skill in the art, In other words, other drawings can also be obtained from these drawings without paying creative labor.

FIG. 1 is a schematic diagram of a VoIP network system provided by one or more embodiments of the present disclosure;

FIG. 2 is a schematic diagram of a scene using a fraudulent call identification method provided by one or more embodiments of the present disclosure;

Fig. 3 is a schematic diagram of an interface when a mobile terminal receives an incoming call provided by one or more embodiments of the present disclosure;

Fig. 4 is a schematic flowchart of a fraudulent call identification method provided by one or more embodiments of the present disclosure;

Fig. 5 is a schematic flowchart of another fraudulent call identification method provided by one or more embodiments of the present disclosure;

Fig. 6 is a schematic flowchart of another fraudulent call identification method provided by one or more embodiments of the present disclosure;

Fig. 7 is a modular schematic diagram of a fraudulent call identification device provided by one or more embodiments of the present disclosure;

Fig. 8 is a structural block diagram of an electronic device provided by one or more embodiments of the present disclosure.

Detailed ways

In order to more clearly understand the above objects, features and advantages of the present disclosure, the solutions of the present disclosure will be further described below. It should be noted that, in the case of no conflict, the embodiments of the present disclosure and the features in the embodiments can be combined with each other.

In the following description, many specific details are set forth in order to fully understand the present disclosure, but the present disclosure can also be implemented in other ways than described here; obviously, the embodiments in the description are only some of the embodiments of the present disclosure, and Not all examples.

The terms "first" and "second" and the like in the specification and claims of the present disclosure are used to distinguish different objects, rather than to describe a specific order of objects. For example, the first camera and the second camera are used to distinguish different cameras, not to describe a specific order of the cameras.

In the embodiments of the present disclosure, words such as "exemplary" or "for example" are used as examples, illustrations or illustrations. Any embodiment or design described as "exemplary" or "for example" in the embodiments of the present disclosure shall not be construed as being preferred or advantageous over other embodiments or designs. To be precise, the use of words such as "exemplary" or "for example" is intended to present related concepts in a specific manner. In addition, in the description of the embodiments of the present disclosure, unless otherwise specified, the meaning of "plurality" refers to two one or more.

In related technologies, VoIP (Voice over Internet Protocol, voice transmission based on Internet Protocol) is a voice call technology, which achieves voice calls and multimedia conferences through Internet Protocol (IP, Internet Protocol), that is, through the Internet. to communicate. Other informal names for VoIP include: IP telephony, Internet telephony, broadband telephony, and broadband phone service.

VoIP can be used on many Internet access devices including VoIP phones, smartphones, and personal computers, to make calls and send text messages through cellular networks, Wi-Fi and other networks. The basic principle of Internet telephony VoIP is: compress the voice data coding through the voice compression algorithm, and then pack the voice data according to the TCP/IP (Transmission Control Protocol/Internet Protocol, Transmission Control Protocol/Internet Protocol) standard, after The IP network sends the voice data packets to the receiving place, and then strings these voice data packets together. After decompression processing, the original voice signal is restored, so as to achieve the purpose of transmitting voice through the Internet. The core and key equipment of Internet telephony VoIP is the gateway. The gateway has a database, which stores the corresponding relationship between the telephone area codes of each area and the gateway address of the corresponding area. The gateway can map the telephone area codes of each area to the corresponding area code through the database. gateway address.

Referring to FIG. 1, FIG. 1 is a schematic diagram of a VoIP network system provided by one or more embodiments of the present disclosure. The network system includes a calling terminal 110, a receiving terminal 120, a first gateway 130, a second Gateway 140, IP network 150 and PSTN/ISDN (Public Switched Telephone Network/Integrated Services Digital Network, Public Switched Telephone System/Integrated Services Digital Network) 160. When the calling terminal 110 communicates with the receiving terminal 120, the first gateway 130 determines the gateway address of the second gateway 140 corresponding to the receiving terminal 120 according to the database storing the correspondence between the telephone area code and the gateway address of the corresponding area, and sends The voice data packets are transmitted to the second gateway 140 through the IP network 150 . The PSTN may be a common old telephone system, ie the telephone network commonly used in everyday life. The PSTN may also be a global voice communications circuit-switched network, both commercial and government-owned. ISDN is a high-speed, high-quality communication network designed for high-speed data transmission and high-quality voice communication. As an all-digital network, ISDN is an ideal tool for communicating with other computer systems and other networks. That is, PSTN/ISDN 160 is a voice transmission system based on circuit switching, PSTN/ISDN 160 and IP network 150 are two different voice systems, and Internet telephone VoIP can be connected between PSTN/ISDN 160 and IP network 150 through a gateway. establish connections between.

Wherein, the communication between the IP network 150 and the PSTN/ISDN 160 can be performed by transmitting signaling, and both the first gateway 130 and the second gateway 140 can receive signaling and send signaling. For example, the first gateway 130 can send the signaling containing the calling number corresponding to the calling terminal 110 to the PSTN/ISDN 160, and can send the signaling containing the voice data to the IP network 150, and the PSTN/ISDN 160 can send the signaling containing the calling number corresponding to the calling terminal 110 to the PSTN/ISDN 160. The signaling of the calling number is transmitted to the second gateway 140, and the IP network 150 can transmit the signaling containing voice data to the second gateway 140, and the second gateway 140 sends the identified calling number and voice data to the receiving terminal 120. The receiving terminal 120 may display the calling number and play voice.

Based on the VoIP VoIP mentioned above, in related technologies, fraudsters can use number changing software to change the signaling containing the calling number sent by the first gateway 130 corresponding to the calling terminal 110, and change the calling number to another number, thereby Masquerade as a changed number. And fraudsters can also change the gateway address through the number changing software, which further increases the difficulty of identifying fraudulent calls through the phone number and gateway address.

The embodiment of the present disclosure discloses a fraudulent call identification method, device, electronic equipment and storage medium, capable of identifying a fraudulent call disguised by changing a gateway address.

Referring to FIG. 2, FIG. 2 is a schematic diagram of a scene using a fraudulent call identification method provided by one or more embodiments of the present disclosure. This scene may include a mobile terminal 200, where the mobile terminal 200 may include but is not limited to a mobile phone , tablet computer, wearable device, notebook computer, PC (Personal Computer, personal computer), etc. In addition, the operating system of the above-mentioned mobile terminal 200 may include but not limited to Android (Android) operating system, IOS operating system, Symbian (Symbian) operating system, Black Berry (Blackberry) operating system, Windows Phone8 operating system, etc., the implementation of the present disclosure Examples are not limited.

The mobile terminal 200 can receive an incoming VoIP call, and output an incoming call prompt message to remind the user that there is an incoming call to be processed, and establish a call with the device that initiated the incoming call after detecting the user's answer or reject operation. When receiving a VoIP call, the mobile terminal 200 may start to execute the steps of the method for identifying fraudulent calls provided by the embodiments of the present disclosure, and the specific content of the steps is described in the following embodiments. When the incoming call is identified as a fraudulent call, the incoming call is intercepted. The intercepting operation may include hanging up the incoming call and shielding the incoming call. To remind the user that the incoming call is a fraudulent call, the ways of outputting the fraudulent call prompt information may include but not limited to voice prompts, screen display, vibration prompts, etc., which are not limited herein.

Referring to FIG. 3 , FIG. 3 is a schematic diagram of an interface of a mobile terminal receiving an incoming call provided by one or more embodiments of the present disclosure. When the mobile terminal 200 receives an incoming call from VoIP, the display interface includes an incoming call display area 310 . The button area 320, the caller ID area 310 can display the caller number corresponding to the incoming call, for example, as shown in FIG. 3, the caller ID area 310 can display 188xxxx8888. Since the caller number corresponding to the incoming call may have been saved in the mobile terminal 200 and has a corresponding note, the caller ID area 310 may also display the note corresponding to the caller number, for example, the caller ID area 310 may display "Uncle Zhang". When it is recognized that the incoming call is a fraudulent call, the caller display area 310 can change the displayed caller number or remarks into fraudulent call prompt information. The button area 320 can display the function buttons of the incoming call to be processed when receiving an incoming call of the Internet phone VoIP, for example, the button area 320 can display the functions of "answer" and "hang up" when receiving an incoming call of the Internet phone VoIP button. The button area 320 can display the function keys of the incoming call being answered when answering the incoming call of the Internet phone VoIP. For example, as shown in FIG. 3 , the button area 320 can display "hands-free", "Mute" and "Hang up" function buttons.

Referring to FIG. 4, FIG. 4 is a schematic flow diagram of a fraudulent call identification method provided by one or more embodiments of the present disclosure. The fraudulent call identification method can be applied to the above-mentioned mobile terminal, and the method may include the following steps:

Step 410, receiving an incoming call from the VoIP phone.

The mobile terminal receives an incoming call from the Internet phone VoIP. Wherein, the incoming call made by VoIP refers to an incoming call from another electronic device dialing to the mobile terminal through VoIP.

In one embodiment, when the mobile terminal receives an incoming call from a traditional telephone system (such as PSTN/ISDN, etc.), it can also identify the incoming call as a fraudulent call. True and false way to identify and so on. Wherein, the incoming call dialed by the traditional telephone system refers to the incoming call dialed by another electronic device to the mobile terminal through the traditional telephone system.

Step 420, according to the incoming call number corresponding to the incoming call, determine the first location information corresponding to the incoming call number.

According to the incoming call number corresponding to the incoming call, the mobile terminal may determine the first location information corresponding to the incoming call number through a positioning technology. Wherein, the positioning technology may include but not limited to positioning based on GPS (Global Positioning System, Global Positioning System), positioning based on a base station of a mobile operating network, and the like. Among them, determining the first location information corresponding to the caller number through positioning technology can comply with the legal provisions of different countries or communication companies on location services. protection of.

In one embodiment, the mobile terminal can determine the corresponding number of the incoming call according to the Cell ID (cell number) positioning technology and/or AFLT (Advanced Forward Link Trilateration, based on the forward link positioning method) positioning technology and the corresponding incoming call number of the incoming call. The first location information of . Among them, the Cell ID positioning technology uses the mobile terminal to obtain the mobile base station Cell information of the electronic device corresponding to the incoming call number at a specific time through the IP network, and obtains the current location of the user according to the mobile base station Cell information. The accuracy of this positioning technology depends on the mobile base station. distribution and the size of the mobile base station coverage. AFLT positioning technology is a unique technology of CDMA (Code Division Multiple Access, Code Division Multiple Access). During the positioning operation, the mobile terminal monitors the pilot information of at least 3 base stations at the same time, and uses the chip delay to determine the corresponding number of the incoming call number. The distance from the electronic device to the nearby base station, and finally the location information of the device corresponding to the incoming call number is calculated by triangulation, that is, the first location information.

In one embodiment, before the mobile terminal determines the first location information corresponding to the incoming call number according to the incoming call number, it can send a detection instruction to the cloud, and the detection instruction is used to instruct the cloud to detect the marking status of the incoming call number corresponding to the incoming call. , the mobile terminal receives the flag state sent by the cloud, if the flag state indicates that the caller number is a fraudulent phone number, then recognize that the incoming call is a fraudulent call, if the flag state indicates that the caller number is not a fraudulent phone number, then according to the corresponding caller number of the call to determine the first location information corresponding to the incoming call number.

Wherein, the mobile terminal may be a server that sends the detection instruction carrying the caller number to the cloud, and the cloud may be a virtual storage space in the network, which stores the marking states of multiple phone numbers. The server in the cloud detects the caller number corresponding to the incoming call according to the detection instruction. If the caller number corresponding to the incoming call is found in the cloud, the marking status of the caller number corresponding to the incoming call in the cloud is sent to the mobile terminal. The status can include a scam phone number, a legitimate phone number, etc. If the incoming call number corresponding to the incoming call is not found in the cloud, then the search failure information is sent to the mobile terminal, that is, the information that the incoming call number corresponding to the incoming call has not been found in the cloud. After receiving the marking status sent by the server in the cloud, the mobile terminal can judge whether the incoming call is a fraudulent call according to the marking status. If the marked state is a fraudulent phone number, the mobile terminal determines that the incoming call is a fraudulent call, if the marked state is not a fraudulent call, that is, the marked state can be a normal phone number, or it can be the search failure information, and the mobile terminal continues to execute the subsequent steps of this embodiment. The step is to determine the first location information corresponding to the incoming call number according to the incoming call number.

Step 430, acquire the gateway address corresponding to the incoming call, and determine the second location information corresponding to the gateway address according to the gateway address.

The mobile terminal can obtain the gateway address (ie IP address) of the gateway corresponding to the incoming call from the voice packet received by the gateway corresponding to the mobile terminal, and can determine the second location information corresponding to the gateway address according to the gateway address. The corresponding relationship between the two location information can be obtained through the gateway address location service. Taking Fig. 1 again as an example, the receiving terminal 120 obtains the gateway address of the first gateway 130 through the signaling received by the second gateway 140 that includes the gateway address of the first gateway 130, and determines the call based on the gateway address of the first gateway 130. Second location information of the terminal 110.

Step 440, comparing the first location information with the second location information, and identifying whether the incoming call is a fraudulent call according to the comparison result.

The mobile terminal compares the first location information with the second location information, and identifies whether the incoming call is a fraudulent call according to the comparison result. Wherein, the comparison result may include but not limited to whether the distance between the first location information and the second location information exceeds the distance threshold corresponding to the first location information and the second location information, whether the first location information and the second location information are in the same An administrative region, whether the first location information and the second location information are in a common area for fraudulent calls, etc., are not limited here.

In some embodiments, if the comparison result indicates that the distance between the first location information and the second location information is far, it means that there is a large difference between the first location information corresponding to the caller number and the second location information corresponding to the gateway address, and there may be If the incoming call number is false or the gateway address is false and tampered, the incoming electrode is likely to be a fraudulent call, so it can be determined that the incoming call is a fraudulent call.

In one embodiment, after the mobile terminal identifies whether the incoming call is a fraudulent call according to the comparison result, if it cannot be determined that the incoming call is a fraudulent call according to the comparison, it automatically calls back the calling number. If the calling number is not connected after calling back, the incoming call is identified as a fraudulent call, and if the incoming call is connected after the calling number is dialed back, it is determined that the incoming call is not a fraudulent call. Wherein, the mobile terminal can automatically call back the calling number through parallel calling back, and can also automatically call back the calling number through serial calling back. The parallel callback method requires that the mobile terminal has two calling cards. When one of the calling cards of the mobile terminal receives an incoming call, the mobile terminal can automatically call back the calling number through the other calling card. The speed of identifying fraudulent calls protects the security of user information. In the serial callback method, after the mobile terminal has answered the incoming call and the call is over, the mobile terminal will automatically call back the incoming call number. In this embodiment, the automatic callback mechanism can be used to determine whether the incoming call number is a real number to identify fraudulent calls, which further improves the accuracy of identifying fraudulent calls.

Step 450, if it is determined that the incoming call is a fraudulent incoming call, intercepting the incoming call.

If the mobile terminal determines that the incoming call is a fraudulent incoming call, it will intercept the incoming call. Wherein, any step in the fraudulent call identification method performed by the mobile terminal recognizes that the incoming call is a fraudulent call, and the incoming call can be intercepted, and the subsequent steps of the fraudulent call identification method are terminated, and the mobile terminal has obtained the result of the fraudulent call identification method. , can reduce unnecessary steps.

In one embodiment, if the mobile terminal determines that the incoming call is a fraudulent call, it hangs up the incoming call, screens the incoming call, and sends a marking instruction to the cloud, which is used to instruct the cloud to mark the incoming call number as a fraudulent phone number. When the mobile terminal determines that the incoming call is a fraudulent call, it can hang up the incoming call and block the incoming call, and can also send a marking instruction to the server in the cloud, and the server in the cloud will mark the marking state of the incoming number in the cloud as a fraudulent phone number according to the marking instruction. In order to enable subsequent detection of the incoming call number to inquire about the status of the flag.

In the embodiment of the present disclosure, after the mobile terminal receives an incoming call from the Internet phone VoIP, it determines the first location information corresponding to the incoming call number according to the incoming call number, obtains the gateway address of the incoming call, and determines the corresponding location information according to the gateway address. The second location information corresponding to the gateway address, the mobile terminal compares the first location information with the second location information, and can improve the accuracy of identifying fraudulent calls by comparing the location information corresponding to the caller number with the location information corresponding to the gateway address , and after the incoming call is determined to be a fraudulent call, the incoming call is intercepted to reduce the possibility of the user being defrauded and ensure the user's information security.

Referring to FIG. 5, FIG. 5 is a schematic flowchart of another method for identifying fraudulent calls provided by one or more embodiments of the present disclosure. The method for identifying fraudulent calls may include the following steps:

Step 510, receiving an incoming call from the VoIP phone.

Step 510 is the same as the above-mentioned step 410, and the present disclosure will not repeat it here.

Step 520, according to the incoming call number corresponding to the incoming call, determine the first location information corresponding to the incoming call number; the first location information includes the first historical location information corresponding to the historical moment and the first real-time location information corresponding to the current moment.

The mobile terminal determines the historical moment at which the first historical location information needs to be obtained, and according to the incoming call number corresponding to the incoming call, the first historical location information corresponding to the historical moment and the first real-time location information corresponding to the current moment can be determined through positioning technology. The first historical location The information includes location information corresponding to the electronic device corresponding to the caller number at one or more historical moments, and the first real-time location information includes location information corresponding to the device corresponding to the caller number when receiving the call. Wherein, the manner of obtaining the first historical location information corresponding to the historical moment and the first real-time location information corresponding to the current moment may be the same as the manner of obtaining the first location information in the above embodiment.

Step 530, obtain the gateway address corresponding to the incoming call, and determine the second location information corresponding to the gateway address according to the gateway address; the second location information includes the second historical location information corresponding to the historical moment and the second real-time location information corresponding to the current moment.

The mobile terminal obtains the gateway address of the gateway corresponding to the incoming call from the voice data packet received by the gateway corresponding to the mobile terminal, and determines the historical moment at which the second historical location information needs to be obtained, and then determines the second historical location information corresponding to the historical moment according to the gateway address. The historical location information and the second real-time location information corresponding to the current moment. The second historical location information includes the location information corresponding to the gateway address at one or more historical moments, and the second real-time location information includes the corresponding location of the gateway address when receiving an incoming call. location information. The corresponding relationship between the gateway address and the second historical location information corresponding to the historical moment and the second real-time location information corresponding to the current moment can be obtained through the gateway address location service. Wherein, the manner of obtaining the second historical location information corresponding to the historical moment and the second real-time location information corresponding to the current moment may be the same as the manner of obtaining the second location information in the above embodiment.

Step 540: Compare the first historical location information corresponding to the historical moment with the second historical location information corresponding to the historical moment to obtain a first comparison result; compare the first real-time location information corresponding to the current moment with the second real-time location information corresponding to the current moment The location information is compared to obtain a second comparison result.

The mobile terminal may compare the first historical location information corresponding to the historical moment with the second historical location information corresponding to the historical moment, and the first historical location information corresponding to the historical moment and the second historical location information corresponding to the historical moment are respectively the same historical moment The location information corresponding to the call number and the location information corresponding to the gateway address are compared to obtain a first comparison result.

In some embodiments, the first comparison result may include, but not limited to, the distance between the first historical location information corresponding to the historical moment and the second historical location information corresponding to the historical moment, the distance between the first historical location information corresponding to the historical moment and the historical The administrative district corresponding to the second historical location information corresponding to the time, whether the first historical location information corresponding to the historical moment and the second historical location information corresponding to the historical moment are in any of the areas where fraudulent calls are frequently used are not limited here.

The mobile terminal may compare the first real-time location information corresponding to the current moment with the second real-time location information corresponding to the current moment, and obtain a second comparison result after the comparison. In one embodiment, the second comparison result may include, but not limited to, the distance between the first real-time location information corresponding to the current moment and the second real-time location information corresponding to the current moment. The first real-time location information corresponding to the current moment and the current moment The administrative district corresponding to the second real-time location information, whether the first real-time location information corresponding to the current moment, and the second real-time location information corresponding to the current moment are in areas commonly used for fraudulent calls are not limited here.

Step 550, identifying whether the incoming call is a fraudulent call according to the first comparison result and the second comparison result.

The mobile terminal can identify whether the incoming call is a fraudulent call according to the first comparison result and the second comparison result. Optionally, the mobile terminal may identify whether the incoming call is a fraudulent call according to the first comparison result and the second comparison result, for example, when the mobile terminal identifies the incoming call as a fraudulent call according to the first comparison result, and identifies the incoming call as Only when a fraudulent call is received, can the incoming call be determined as a fraudulent call. The mobile terminal can also identify whether the incoming call is a fraudulent call according to the first comparison result or the second comparison result. , it can be determined that the incoming call is a fraudulent incoming call.

In one embodiment, the first historical location information includes at least the first historical location information corresponding to the incoming call number at the first historical moment, and the first historical location information corresponding to the incoming call number at the second historical moment, wherein the first historical moment is earlier than For the second historical moment, for example, the first historical moment may be 60 minutes ago, and the second historical moment may be 5 minutes ago.

The second historical location information at least includes second historical location information corresponding to the gateway address at the first historical moment and second historical location information corresponding to the gateway address at the second historical moment. The historical moment corresponding to the second historical location information is the same as the historical moment corresponding to the first historical location information.

The first comparison result may include the first distance between the first historical location information corresponding to the first historical moment and the second historical location information corresponding to the first historical moment, the first historical location information corresponding to the second historical moment and the second The second distance between the second historical location information corresponding to the historical moment, and the second comparison result may include a third distance between the first real-time location information corresponding to the current moment and the second real-time location information corresponding to the current moment.

The step of identifying whether the incoming call is a fraudulent call according to the first comparison result and the second comparison result includes: if the first distance is greater than the first distance threshold, or the second distance is greater than the second distance threshold, or the third distance is greater than the third distance threshold, Then it is determined that the incoming call is a fraudulent incoming call; if the first distance is not greater than the first distance threshold, and the second distance is not greater than the second distance threshold, and the third distance is not greater than the third distance threshold, then it is determined that the incoming call is not a fraudulent incoming call; wherein, The third distance threshold is smaller than the second distance threshold, and the second distance threshold is smaller than the first distance threshold.

Wherein, the first distance threshold corresponds to the first historical moment, the second distance threshold corresponds to the second history, and the third distance threshold corresponds to the current moment. For example, the first distance threshold can be 1000 kilometers, corresponding to the moment 60 minutes ago; the second distance threshold can be 50 kilometers, corresponding to the moment 5 minutes ago; the third distance threshold can be 5 kilometers, corresponding to the current moment Corresponding. The distance threshold may have a proportional relationship with the historical moment, and the longer the distance from the current moment, the greater the distance threshold.

In some embodiments, the mobile terminal can respectively calculate the above-mentioned first distance, second distance and third distance, and respectively compare the first distance with the first distance threshold, and compare the second distance with the second distance threshold . Comparing the third distance with the third distance threshold, if the first distance is greater than the first distance threshold, or the second distance is greater than the second distance threshold, or the third distance is greater than the third distance threshold, then it can be determined that the incoming call is a fraudulent call .

As another implementation manner, the mobile terminal may also serially process the first distance, the second distance, and the third distance to identify whether the incoming call is a fraudulent call. For example, the above-mentioned first distance can be calculated first, and it can be judged whether the first distance is greater than the first distance threshold. If the first distance is greater than the first distance threshold, it can be directly determined that the incoming call is a fraudulent call, and the above-mentioned second distance and the third distance; if the first distance is not greater than the first distance threshold, then calculate the above-mentioned second distance, and judge whether the second distance is greater than the second distance threshold, if the second distance is greater than the second distance threshold, you can directly Determine that the incoming call is a fraudulent call, and no longer calculate the above-mentioned third distance; if the second distance is not greater than the second distance threshold, then calculate the above-mentioned third distance, and determine whether the third distance is greater than the third distance threshold, if the third If the distance is greater than the third distance threshold, it can be determined that the incoming call is a fraudulent call, and if the third distance is not greater than the third distance threshold, then it can be determined that the incoming call is not a fraudulent call. Through the method of serial comparison and judgment, the amount of calculation can be reduced and the recognition efficiency can be improved.

It should be noted that there is no sequential relationship between the comparison between the first distance threshold and the first distance, the comparison between the second distance threshold and the second distance, and the comparison between the third distance threshold and the third distance. The comparison of the first distance only needs to be performed after calculating the first distance, the comparison of the second distance threshold and the second distance only needs to be performed after calculating the second distance, and the comparison of the third distance threshold and the third distance only needs to be performed after Carry out after calculating the third distance.

Optionally, when the mobile terminal determines that the incoming call is a fraudulent incoming call through one of the comparisons, it can intercept the incoming call. As an optional implementation, the mobile terminal can also compare the first historical location information and the second historical location information that are not at the same historical moment, but it is necessary to calculate the historical location information of the mobile terminal between different historical moments when comparing. possible displacement within the time difference, and add the displacement to the distance threshold corresponding to the first historical location information or the second historical location information. If the historical moment corresponding to the first historical location information is earlier than the historical moment corresponding to the second historical location information, then calculate the time difference between the historical moment corresponding to the first historical location information and the historical moment corresponding to the second historical location information, And the possible displacement within the time difference is added to the distance threshold corresponding to the first historical location information. If the historical moment corresponding to the first historical location information is later than the historical moment corresponding to the second historical location information, then calculate the time difference between the historical moment corresponding to the first historical location information and the historical moment corresponding to the second historical location information, And the possible displacement within the time difference is added to the distance threshold corresponding to the second historical location information.

For example, the first historical location information is the location information corresponding to the incoming call number 60 minutes ago, and the second historical location information is the location information corresponding to the gateway address 50 minutes ago, that is, the historical moment corresponding to the first historical location information and the second The time difference of the historical moment corresponding to the historical location information is 10 minutes, the possible displacement of the mobile terminal within 10 minutes is 200 kilometers, and the historical moment corresponding to the first historical location information is 60 minutes ago, the first historical location information corresponds to The distance threshold is 1000 kilometers, and the distance threshold can be calculated to be 1200 kilometers. The mobile terminal compares the distance between the first historical location information and the second historical location information with 1200 kilometers to obtain a comparison result.

As an optional implementation manner, the mobile terminal may compare the real-time location information corresponding to the calling number with the real-time location information corresponding to the gateway address at a certain frequency during the call. That is, the mobile terminal can not only compare the first real-time location information with the second real-time location information when a call is received, but also keep the real-time location information corresponding to the caller number and the real-time location information corresponding to the gateway address during the subsequent call. Monitoring, obtaining the distance between the real-time location information corresponding to the incoming call number and the real-time location information corresponding to the gateway address at a certain frequency, and then comparing the distance with the third distance threshold. For example, after starting a call, the mobile terminal can acquire the real-time location information corresponding to the caller number and the real-time location information corresponding to the gateway address every 1 minute, and calculate the difference between the real-time location information corresponding to the caller number and the real-time location information corresponding to the gateway address. and compare that distance to 5 km. By implementing this embodiment, it is possible to keep monitoring fraudulent calls during a call, and improve the possibility of identifying fraudulent calls.

Step 560, if it is determined that the incoming call is a fraudulent incoming call, intercept the incoming call.

Step 560 is the same as the above-mentioned step 450, and the present disclosure will not repeat it here.

In the embodiment of the present disclosure, the mobile terminal can obtain the first historical location information and the first real-time location information, and can obtain the second historical location information and the second real-time location information, and combine the first historical location information and the second historical location information Comparing the location information to obtain the first comparison result, and comparing the first real-time location information and the second real-time location information to obtain the second comparison result, and determining whether the incoming call is a fraudulent call according to the first comparison result or the second comparison result, not only for Compare the real-time location corresponding to the caller number with the real-time location corresponding to the gateway address, and compare the historical location corresponding to the caller number with the historical location corresponding to the gateway address to avoid fraudulent calls by changing the real-time gateway address for fraud, which can be compared multiple times Identify fraudulent calls and increase the likelihood of identifying fraudulent calls.

Referring to FIG. 6, FIG. 6 is a schematic flowchart of another method for identifying a fraudulent call provided by one or more embodiments of the present disclosure. The method for identifying a fraudulent call may include the following steps:

Step 602, receiving an incoming call from the Internet phone VoIP.

Step 604: Send a detection instruction to the cloud, and receive the flag state corresponding to the incoming call number sent by the cloud according to the detection instruction, judge whether the incoming call number is a fraudulent call according to the flag state, if so, execute step 606, if not, execute step 604 618.

Step 606, according to the incoming call number corresponding to the incoming call, determine the first location information corresponding to the incoming call number; the first location information includes the first historical location information corresponding to the incoming call number at the first historical moment, the first historical location information corresponding to the incoming call number at the second historical moment A historical location information and the first real-time location information corresponding to the calling number at the current moment.

Step 608, obtain the gateway address corresponding to the incoming call, and determine the second location information corresponding to the gateway address according to the gateway address; the second location information includes the second historical location information corresponding to the gateway address at the first historical moment, the gateway address at the second The second historical location information corresponding to the historical moment and the second real-time location information corresponding to the gateway address at the current moment.

Step 610, calculate the first distance between the first historical location information corresponding to the first historical moment and the second historical location information corresponding to the first historical moment, and determine whether the first distance is greater than the first distance threshold, and if so, execute Step 618, if not, go to step 612.

Step 612, calculate the second distance between the first historical location information corresponding to the second historical moment and the second historical location information corresponding to the second historical moment, and judge whether the second distance is greater than the second distance threshold, and if so, execute Step 618, if not, go to step 614.

Step 614, calculate the third distance between the first real-time location information corresponding to the current moment and the second real-time location information corresponding to the current moment, and judge whether the third distance is greater than the third distance threshold, if so, execute step 618, if If not, go to step 616.

Step 616, automatically call back the caller number, and judge whether it can be connected, if yes, execute step 618, if not, execute step 620.

In the embodiment of the present disclosure, the mobile terminal compares the locations of incoming calls at multiple historical moments, which can prevent fraudulent calls from being faked by changing the gateway address at one time, especially for the real-time location, to prevent fraudulent calls from being faked. Location spoofing, and the presence of cloud-based detection and automatic callback mechanisms, can increase the likelihood of identifying a fraudulent call.

It should be understood that although the various steps in the flow charts of FIGS. 4-6 are shown sequentially as indicated by the arrows, these steps are not necessarily executed sequentially in the order indicated by the arrows. Unless otherwise specified herein, there is no strict order restriction on the execution of these steps, and these steps can be executed in other orders. Moreover, at least some of the steps in Figures 4-6 may include a plurality of sub-steps or stages, these sub-steps or stages are not necessarily performed at the same time, but may be performed at different times, these sub-steps or stages The order of execution is not necessarily performed sequentially, but may be performed alternately or alternately with at least a part of other steps or sub-steps or stages of other steps.

Based on the same inventive concept, as an implementation of the above method, the embodiment of the present disclosure also provides a device for identifying fraudulent calls. The embodiment of the device corresponds to the embodiment of the method described above. Details in the embodiments are described one by one, but it should be clear that the device in this embodiment can correspondingly implement all the content in the foregoing method embodiments.

Fig. 7 is a modular schematic diagram of a fraudulent call identification device provided by one or more embodiments of the present disclosure. As shown in the figure, the fraudulent call identification device 700 provided in this embodiment includes:

Receiving module 710, the receiving module 710 is configured as a module that receives incoming calls dialed out by Internet phone VoIP;

The first location determination module 720 is configured to configure the first location determination module 720 as a module for determining the first location information corresponding to the incoming call number according to the incoming call number;

The second location determining module 730 is configured to configure the second location determining module 730 as a module for obtaining the gateway address corresponding to the incoming call, and determining the second location location information corresponding to the gateway address according to the gateway address;

The comparison module 740, configuring the comparison module 740 as a module that compares the first location information with the second location information, and identifies whether the incoming call is a fraudulent call according to the comparison result;

The interception module 750 is configured to intercept the incoming call if it is determined that the incoming call is a fraudulent call.

As an optional implementation of this embodiment of the present disclosure, the first location information includes the first historical location information corresponding to the historical moment and the first real-time location information corresponding to the current moment, and the second location information includes the second historical location information corresponding to the historical moment location information and second real-time location information corresponding to the current moment;

The comparison module 740 is also configured to compare the first historical location information corresponding to the historical moment with the second historical location information corresponding to the historical moment to obtain a first comparison result; Comparing the first real-time location information with the second real-time location information corresponding to the current moment to obtain a second comparison result; and a module configured to identify whether the incoming call is a fraudulent call according to the first comparison result and the second comparison result.

As an optional implementation manner of the embodiment of the present disclosure, the first historical location information includes at least the first historical location information corresponding to the calling number at the first historical moment, and the first historical location information corresponding to the calling number at the second historical moment, The second historical location information includes at least second historical location information corresponding to the gateway address at the first historical moment, and second historical location information corresponding to the gateway address at the second historical moment; the first historical moment is earlier than the second historical moment;

The first comparison result includes: the first distance between the first historical location information corresponding to the first historical moment and the second historical location information corresponding to the first historical moment, the first historical location information corresponding to the second historical moment and the second A second distance between the second historical location information corresponding to the historical moment; the second comparison result includes: a third distance between the first real-time location information corresponding to the current moment and the second real-time location information corresponding to the current moment;

The comparison module 740 is further configured to determine that the incoming call is a fraudulent call if the first distance is greater than the first distance threshold, or the second distance is greater than the second distance threshold, or the third distance is greater than the third distance threshold; And, if the first distance is not greater than the first distance threshold, and the second distance is not greater than the second distance threshold, and the third distance is not greater than the third distance threshold, then determine that the incoming call is not a fraudulent call module; wherein, the first The third distance threshold is smaller than the second distance threshold, and the second distance threshold is smaller than the first distance threshold.

As an optional implementation of the embodiment of the present disclosure, the fraudulent call identification device 700 also includes a callback module, which is configured to automatically call back the incoming call number if it cannot be determined that the incoming call is a fraudulent call according to the comparison result; And, a module configured to recognize that the incoming call is a fraudulent call if it is not connected after calling back the calling number; and a module configured to identify that the incoming call is not a fraudulent call if it is connected after calling back the calling number.

As an optional implementation of the embodiment of the present disclosure, the fraudulent call identification device 700 also includes a cloud detection module, and the cloud detection module is configured to send a detection instruction to the cloud module, and the detection instruction is used to instruct the cloud to detect the corresponding incoming call number and a module configured to receive the tag status sent by the cloud; and a module configured to identify the incoming call as a fraudulent call if the tag status indicates that the incoming call number is a fraudulent phone number;

The first location determining module 720 is also configured as a module for determining the first location information corresponding to the calling number according to the calling number corresponding to the incoming call if the marking status indicates that the calling number is not a fraudulent phone number.

As an optional implementation manner of the embodiment of the present disclosure, the first location determination module 720 is further configured to configure the first location determination module 720 to use the Cell ID positioning technology and/or the AFLT positioning technology and the corresponding incoming call number of the incoming call, A module for determining the first location information corresponding to the caller number.

As an optional implementation of the embodiment of the present disclosure, the interception module 750 is also configured to hang up the incoming call and block the incoming call if it is determined that the incoming call is a fraudulent incoming call, and send a marking instruction to the module in the cloud, marking the instruction Used to instruct the cloud to mark the incoming caller number as a fraudulent phone number.

The device for identifying fraudulent calls provided in this embodiment can execute the method for identifying fraudulent calls provided in the above method embodiment, and its implementation principle and technical effect are similar, and will not be repeated here. Each module in the above-mentioned device for identifying fraudulent calls can be realized in whole or in part by software, hardware and combinations thereof. The above-mentioned modules can be embedded in or independent of the processor in the electronic device in the form of hardware, and can also be stored in the memory of the electronic device in the form of software, so that the processor can invoke and execute the corresponding operations of the above-mentioned modules.

In an embodiment, an electronic device is provided, and the electronic device may be a terminal device, as shown in FIG. 8 , which is a structural block diagram of an electronic device provided by one or more embodiments of the present disclosure. The electronic device includes a processor, a memory, a communication interface, a database, a display screen and an input device connected by a system bus. Wherein, the processor of the electronic device is configured as a module providing calculation and control capabilities. The memory of the electronic device includes a non-volatile storage medium and an internal memory. The non-volatile storage medium stores an operating system and computer readable instructions. The internal memory provides an environment for the execution of the operating system and computer readable instructions in the non-volatile storage medium. The communication interface of the electronic device is configured as a wired or wireless communication module with an external terminal, and the wireless mode can be realized through WIFI, operator network, near field communication (NFC) or other technologies. When the computer-readable instructions are executed by the processor, the method for identifying fraudulent calls provided by the above-mentioned embodiments can be realized. The display screen of the electronic device may be a liquid crystal display screen or an electronic ink display screen, and the input device of the electronic device may be a touch layer covered on the display screen, or a button, a trackball or a touch pad provided on the housing of the electronic device , and can also be an external keyboard, touchpad or mouse.

Those skilled in the art can understand that the structure shown in FIG. 8 is only a block diagram of a partial structure related to the disclosed solution, and does not constitute a limitation on the electronic device to which the disclosed solution is applied. The specific electronic device can be More or fewer components than shown in the figures may be included, or some components may be combined, or have a different arrangement of components.

In one embodiment, the device for identifying fraudulent calls provided in the present disclosure can be implemented in the form of computer-readable instructions, and the computer-readable instructions can be run on the electronic device as shown in FIG. 8 . Each program module constituting the electronic device can be stored in the memory of the electronic device. The computer-readable instructions constituted by the various program modules enable the processor to execute the steps in the methods for identifying fraudulent calls in various embodiments of the present disclosure described in this specification.

In one embodiment, an electronic device is provided, including a memory 810 and one or more processors 820, the memory 810 is configured as a module storing computer-readable instructions; the computer-readable instructions are processed by the When executed by the processor 820, one or more processors 820 execute the steps of the fraudulent call identification method described in the method embodiment above.

The electronic device provided in this embodiment can implement the fraudulent call identification method provided in the above method embodiment, and its implementation principle and technical effect are similar, and will not be repeated here.

The computer-readable instructions stored on the computer-readable storage medium provided by this embodiment can implement the fraudulent call identification method provided by the above-mentioned method embodiment, and its implementation principle is similar to the technical effect, and will not be repeated here.

Those of ordinary skill in the art can understand that the implementation of all or part of the processes in the above method embodiments can be completed by instructing related hardware through computer-readable instructions, and the computer-readable instructions can be stored in a non-volatile computer-readable When the computer-readable instructions are executed, the computer-readable instructions may include the processes of the embodiments of the above-mentioned methods. Wherein, any reference to storage, database or other media used in the various embodiments provided by the present disclosure may include at least one of non-volatile and volatile storage. Non-volatile memory may include read-only memory (Read-Only Memory, ROM), magnetic tape, floppy disk, flash memory or optical memory, etc. Volatile memory can include random access memory (Random Access Memory, RAM) or external cache memory. By way of illustration and not limitation, RAM is available in various forms such as Static Random Access Memory (SRAM) and Dynamic Random Access Memory (DRAM), among others.

The technical features of the above embodiments can be combined arbitrarily. To make the description concise, all possible combinations of the technical features in the above embodiments are not described. However, as long as there is no contradiction in the combination of these technical features, they should be It is considered to be within the range described in this specification.

The above examples only express several implementations of the present disclosure, and the descriptions thereof are more specific and detailed, but should not be construed as limiting the scope of the patent for the invention. It should be noted that those skilled in the art can make several modifications and improvements without departing from the concept of the present disclosure, and these all belong to the protection scope of the present disclosure. Therefore, the scope of protection of the disclosed patent should be based on the appended claims.

Industrial Applicability

The method for identifying fraudulent calls provided by the present disclosure can effectively improve the accuracy of identifying fraudulent calls by comparing the location information corresponding to the caller number and the location information corresponding to the gateway address, and intercept the incoming calls after determining that the incoming calls are fraudulent calls Operation, effectively reducing the possibility of users being defrauded, ensuring user information security, has strong industrial applicability.

Claims

A method for identifying fraudulent calls, the method comprising:

Receive incoming calls from VoIP;

determining the first location information corresponding to the incoming call number according to the incoming call number;

Obtaining a gateway address corresponding to the incoming call, and determining second location information corresponding to the gateway address according to the gateway address;

comparing the first location information with the second location information, and identifying whether the incoming call is a fraudulent call according to the comparison result;

If it is determined that the incoming call is the fraudulent incoming call, an interception operation is performed on the incoming call.
The method according to claim 1, wherein the first location information includes the first historical location information corresponding to the historical moment and the first real-time location information corresponding to the current moment, and the second location information includes the historical location information corresponding to the historical moment. The second historical location information and the second real-time location information corresponding to the current moment; comparing the first location information with the second location information, and identifying whether the incoming call is a fraudulent call according to the comparison result ,include:

Comparing the first historical location information corresponding to the historical moment with the second historical location information corresponding to the historical moment to obtain a first comparison result;

Comparing the first real-time location information corresponding to the current moment with the second real-time location information corresponding to the current moment to obtain a second comparison result;

Identifying whether the incoming call is the fraudulent incoming call according to the first comparison result and the second comparison result.
The method according to claim 2, wherein the first historical location information includes at least the first historical location information corresponding to the incoming call number at the first historical moment, the first historical location information corresponding to the incoming call number at the second historical moment historical location information, the second historical location information at least includes second historical location information corresponding to the gateway address at the first historical moment, second historical location information corresponding to the gateway address at the second historical moment ; The first historical moment is earlier than the second historical moment;

The first comparison result includes: the first distance between the first historical location information corresponding to the first historical moment and the second historical location information corresponding to the first historical moment, the The second distance between the first historical location information and the second historical location information corresponding to the second historical moment; the second comparison result includes: the first real-time location information corresponding to the current moment and the current moment a third distance between the corresponding second real-time location information;

The identifying whether the incoming call is the fraudulent incoming call according to the first comparison result and the second comparison result includes:

If the first distance is greater than a first distance threshold, or the second distance is greater than a second distance threshold, or the third distance is greater than a third distance threshold, then determining that the incoming call is the fraudulent incoming call;

If the first distance is not greater than the first distance threshold, and the second distance is not greater than the second distance threshold, and the third distance is not greater than the third distance threshold, then it is determined that the incoming call is not the fraudulent calls;

Wherein, the third distance threshold is smaller than the second distance threshold, and the second distance threshold is smaller than the first distance threshold.
The method according to claim 1, wherein the method further comprises:

If it cannot be determined that the incoming call is the fraudulent incoming call according to the comparison result, then automatically call back the incoming call number;

If the caller number is not connected after calling back, then it is recognized that the caller is the fraudulent caller;

If the caller number is connected after calling back, it is recognized that the caller is not the fraudulent caller.
The method according to claim 1, wherein the method further comprises:

Sending a detection instruction to the cloud, the detection instruction is used to instruct the cloud to detect the marking status of the incoming call number corresponding to the incoming call;

receiving the marking status sent by the cloud;

If the marking state indicates that the incoming call number is a fraudulent telephone number, then identifying that the incoming call is a fraudulent incoming call;

The determining the first location information corresponding to the incoming call number according to the incoming call number corresponding to the incoming call includes:

If the flag state indicates that the incoming call number is not the fraudulent telephone number, then determine the first location information corresponding to the incoming call number according to the incoming call number corresponding to the incoming call.
The method according to claim 1 or 5, wherein said determining the first location information corresponding to the incoming call number according to the incoming call number corresponding to the incoming call includes:

According to the Cell ID positioning technology and/or AFLT positioning technology and the incoming call number corresponding to the incoming call, determine the first location information corresponding to the incoming call number.
The method according to any one of claims 1-5, wherein if it is determined that the incoming call is the fraudulent incoming call, performing an interception operation on the incoming call includes:

If it is determined that the incoming call is the fraudulent call, hang up the incoming call and shield the incoming call, and send a marking instruction to the cloud, the marking instruction is used to instruct the cloud to mark the incoming call number as a fraudulent phone number .
A device for identifying fraudulent calls, comprising:

A receiving module, the receiving module is configured as a module for receiving incoming calls dialed out by VoIP;

A first location determination module, configuring the first location determination module as a module for determining the first location information corresponding to the incoming call number according to the incoming call number corresponding to the incoming call;

A second location determination module, configuring the second location determination module as a module for obtaining the gateway address corresponding to the incoming call, and determining the second location location information corresponding to the gateway address according to the gateway address;

A comparison module, configured to compare the first location information with the second location information, and identify whether the incoming call is a fraudulent call according to the comparison result;

An interception module, configured to intercept the incoming call if it is determined that the incoming call is the fraudulent call.
The device for identifying fraudulent calls according to claim 8, wherein the first location information includes first historical location information corresponding to historical moments and first real-time location information corresponding to current moments, and the second location information includes the The second historical location information corresponding to the historical moment and the second real-time location information corresponding to the current moment;

The comparison module is also configured to compare the first historical location information corresponding to the historical moment with the second historical location information corresponding to the historical moment to obtain a first comparison result; and, configured to compare the current Comparing the first real-time location information corresponding to the moment with the second real-time location information corresponding to the current moment to obtain a second comparison result; and, configured to identify whether the incoming call is a fraudulent call according to the first comparison result and the second comparison result module.
The device for identifying fraudulent calls according to claim 9, wherein the first historical location information includes at least the first historical location information corresponding to the incoming call number at the first historical moment, and the corresponding first historical location information at the second historical moment of the incoming call number. The first historical location information, the second historical location information at least includes the second historical location information corresponding to the gateway address at the first historical moment, the second historical location information corresponding to the gateway address at the second historical moment historical location information; the first historical moment is earlier than the second historical moment;

The first comparison result includes: the first distance between the first historical location information corresponding to the first historical moment and the second historical location information corresponding to the first historical moment, the The second distance between the first historical location information and the second historical location information corresponding to the second historical moment; the second comparison result includes: the first real-time location information corresponding to the current moment and the current moment a third distance between the corresponding second real-time location information;

The comparison module is further configured to determine that the incoming call is a fraudulent call if the first distance is greater than the first distance threshold, or the second distance is greater than the second distance threshold, or the third distance is greater than the third distance threshold module; and, if the first distance is not greater than the first distance threshold, and the second distance is not greater than the second distance threshold, and the third distance is not greater than the third distance threshold, then determine that the incoming call is not a fraudulent incoming call; wherein , the third distance threshold is smaller than the second distance threshold, and the second distance threshold is smaller than the first distance threshold.
The device for identifying fraudulent calls according to claim 8, wherein the device for identifying fraudulent calls further includes a callback module, and the callback module is configured to automatically call back the incoming call if it cannot be determined that the incoming call is a fraudulent call according to the comparison result number; and, configured to identify the incoming call as a fraudulent call if it is not connected after calling back the calling number; and, configured to identify that the incoming call is not a fraud if it is connected after calling back the calling number The incoming module.
The fraudulent call identification device according to claim 8, wherein the fraudulent call identification device further comprises a cloud detection module, and the cloud detection module is configured to send a detection command to the cloud module, and the detection command is used to indicate the The cloud detects the marking state of the incoming call number corresponding to the incoming call; and, a module configured to receive the marking state sent by the cloud; and, configured to if the marking state indicates that the incoming number is a fraudulent phone number, A module that identifies that the incoming call is a fraudulent incoming call;

The first location determination module is further configured to determine the caller number according to the caller number corresponding to the incoming call if the flag state indicates that the caller number is not the fraud phone number A module corresponding to the first location information.
The device for identifying fraudulent calls according to claim 8 or 12, wherein the first location determination module is also configured to configure the first location determination module according to Cell ID positioning technology and/or AFLT positioning technology and the corresponding location of the incoming call The incoming call number is a module for determining the first location information corresponding to the incoming call number.
The fraudulent call identification device according to any one of claims 8-12, wherein the interception module is further configured to hang up the incoming call and screen the incoming call if it is determined that the incoming call is a fraudulent incoming call, and send a marking instruction to A cloud module, the marking instruction is used to instruct the cloud to mark the incoming call number as a fraudulent phone number.
An electronic device comprising: a memory and one or more processors, the memory storing computer-readable instructions; when executed by the one or more processors, the computer-readable instructions cause the one or more A plurality of processors execute the steps of the fraudulent call identification method described in any one of claims 1-7.
One or more non-transitory computer-readable storage media storing computer-readable instructions that, when executed by one or more processors, cause the one or more processors to perform claim 1 - the step of the fraudulent call identification method described in any one of 7.