Telephony Fraud Advice

Home » Telephony Fraud Advice

Are you protected against telephony fraud?

Telephony Fraud

Did you know that your telephone system can be hacked into and cost you £1,000s?

Would you risk connecting your computer system to your network without having virus detection and firewall security in place?

Would you pay for something online using your credit card without ensuring that the payment method was secure?

Would you leave your office at the end of the day without securing all the windows and doors and activating the alarm?

We are sure your answers to all the above is a resounding ‘no’, because you are aware of the pitfalls and dangers of not taking the correct steps to protect yourself.

Any business with a telephone or PBX system, whether big or small can be targeted by phone hackers (known as ‘Phreakers’). The fraudsters hijack a PBX system by breaking the PIN code on the voicemail then configure it for their own use. They use access codes and online password cracking technology, enabling them to infiltrate your telephone system. Once access has been gained the Phreakers are able to make outbound calls to anywhere in the world, the cost of which falls to the owner of the phone line connected to the PBX system from where the call has originated from.

Phone Phreakers are organised criminal gangs, linked to terrorist organisations. Typically they sell phone services in developing countries to customers who do not own their own phone line and they deal in cash, which is virtually untraceable.

What you can do to protect your system:

If the access on the outside line, via Voicemail, is absolutely necessary, then suitable restrictions need to be set up on any extension that must have this type of connection.

In the same way that you would never dream of using the word “password“ as your password, be sure to change the security settings and the passwords on your telephone system from the default or factory settings.

Change voicemail DISA (Direct Inward System Access) passwords regularly and protect them and your access codes from unauthorised use.

Remove or de-activate any telephone system functionality you don’t need, including remote access ports.
Remove redundant mailboxes.

Immediately deactivate access codes and voicemail passwords of people who leave your business.
Keep an eye on your monthly phones bills for anything that looks unusual.

Carry out regular audits of your telephone systems including privileges and restrictions.
Restrict access to equipment and hardware and limit access to systems.

Restrict the numbers that employees can dial, for example, bar calls to premium rate numbers, international numbers, operator numbers or Directory Enquiries.

Implement policies and procedures to minimise risk.

Protect yourself with a Fraud Monitor, Fraud Monitor Keeps a close eye on your account throughout the month and alerts you of any unusual activity when it happens.

Programme your telephone system to disallow access after three individual attempts, in the same way as entering the wrong PIN at the cash machine.

Never publish the remote access phone numbers that connect callers to your voice mail system.

Call logging, if not already in place, should be immediately set up on any system where fraud is suspected. But it will need to be professionally programmed or it may miss certain call types.

DISA (Direct Inward System Access) is a feature no longer sold but an old office exchange could have the feature still present. Ensure that this is disabled.

If your business has networked its telephone exchanges, be aware that dial-through-fraud hackers could potentially ‘breakout’ from one site to another via this route.

Ensure interactive voice response (Press 1 for sales, 2 for support etc.) and auto attendant options for accessing outside lines, are removed.

All the above steps can be implemented for free. However, for ‘paid’ protection, there is a firewall protection system for your PBX called Control Phreak. It can be configured to deny/allow any combination of numbers or facilities and is managed independently of the phone system, which means it cannot be accessed by hackers.

Please talk to us about how we can help you. This dangerous international fraud crime is only likely to worsen as we take measures to tighten our security in every other aspect of our on-line activities.