Telephony fraud is a global problem, reaping Billions for criminals. An average incident can cost in the thousands. Christmas can be a vulnerable time for businesses with reduced staff levels and less opportunity to spot the signs of fraud in time.
Telephony fraud, also known as Phreaking or PABX fraud, is believed to generate up to five times the losses to businesses than that created by credit card fraud. It’s costing businesses billions of pounds, putting the UK in one of the top 5 countries in the world where Phreaking occurs, with up to 40% of companies being hit at some point. So protecting your business from telephony fraud is vital.
- The fraudsters hijack the PBX by breaking the PIN code on the voicemail then configure it for their own use. They use access codes and online password cracking technology, enabling them to infiltrate your system no matter how many times you change the passwords or codes.
- Once access has been gained the hackers are able to make outbound calls to anywhere in the world, the cost of which falls to the owner of the phone line connected to the system from where the call has originated from.
- Phone Phreakers are organised criminal gangs, linked to terrorist organisations. Typically, they sell phone services in developing countries to customers who do not own their own phone line and they deal in cash, which is virtually untraceable.
How will I know if I’ve been ‘Phreaked’?
Your phone system will light up and the lines/trunks will be in operation for hours, but as Phreaking is more likely to happen at night or during the weekend i.e. when no one is around, the first you are likely to hear about it is when you get your phone bill. Unfortunately, it is your responsibility to pay for calls made from your telephone system, whether they were made by your staff or not.
The Federation of Communication Services (FCS) has produced some guidance to help guard against fraud:
- Remove all default password settings when deploying the PBX and limit access to any maintenance ports.
- Passwords and access codes should be changed regularly and if possible be alpha/numeric and as many digits as the system allows. Avoid 000, 1234, extension number=PIN passwords.
- Delete/change passwords for ex-employees.
- Consider limiting call types by extension, if an extension user has no requirement to ring international/premium rate numbers then bar access to these call types.
- Secure the system physically, site it in a secure comms room and restrict access to that area.
- Regular reviews of calls should be carried out to cover analysis of billed calls by originating extension also to identify irregular usage and unexpected traffic.
- Ensure you fully understand your system’s functionality and capabilities and restrict access to those services which you do not use.
- Mailboxes – block access to unallocated mailboxes on the system, change the default PIN on unused mailboxes.
- Be vigilant for evidence of hacking – inability to get an outbound line is usually a good indicator of high volumes of traffic through your system. Check for calls outside business hours.
- Assess security of all PBX peripherals/applications: platform, operating system, password and permissions scheme. Carefully evaluate the security of any onboard remote management utility (eg PC Anywhere) for possible holes.
- Check firewall logs weekly.
MF Telecoms Services offers customised telephony fraud protection to best suit your business needs and requirements.
ECR – Exceptional Call Reporting – monitors call traffic of VoIP, SIP or fully hosted systems, at set, predetermined thresholds.
MF Telecoms Services can also add Toll Fraud Software to NEC business phone systems. This works in a similar way to ECR, but also gives the option of adding destinations and times rather than cost as the parameters.
For peace of mind, and to find out more about how MF Telecoms Services can help you put security measures in place to guard against future toll fraud attacks, please email us for more information or call 01892 514687 and ask to speak to one of our UK business consultants. We have also produced a short free video guide: Toll Fraud Explained