An example method performed by a processing system obtaining a first port-in number for a first mobile device from a first mobile communications service provider, wherein the first port-in number is known to be involved in fraudulent activity, constructing a social graph of communications between the first port-in number and a plurality of other numbers associated with a plurality of other communications devices, identifying, by the processing system, a maximal subgraph of the social graph, wherein the maximal subgraph connects the first port-in number and a subset of the plurality of other numbers that includes those of the plurality of other numbers for which a usage metric is below a predefined threshold for a defined period of time prior to the first port-in number being ported into the first mobile communications service provider, and identifying, by the processing system, a potential fraud ring, based on the maximal subgraph.