Abstract: A method of identifying the fraudulent use of a cellular telephone includes the step of identifying an initial call made from the cellular telephone. An automated challenge-response authentication operation is then executed with a rotating subscriber query, resulting in a first authentication failure. In response to the first authentication failure, an operator assisted escalated challenge-response authentication operation is performed with a rotating subscriber query to generate a second authentication failure, indicating the fraudulent use of the cellular telephone.