You may be aware that your computer networks can be open to attacks from hackers, especially during public holidays like Christmas. But are you aware that your phone systems are just as vulnerable too? Premium rate fraud is where hackers scan your phone network, looking for a weak spot in your Private Branch Exchanges (PBX), hack in to it and make a high volume of calls to premium rate or overseas numbers.
Can your current provider offer security and advice on staying safe from hacking?
Having found a weak spot, the thieves then crack the passcode, giving them access to the phone’s voicemail. Most phone systems allow users to dial into their voicemail and then make calls from the exchange. It is meant to allow employees to make work calls when they’re out of the office. But it also allows hackers to exploit the system for cash. Once in, they can basically use auto-dialers to call premium lines, normally abroad, which can charge up to several pounds a minute. Hackers would have already leased the premium lines in advance so that they can collect a percentage of fees charged to the small business owners for calling these numbers.
Premium rate service fraud can cost business owners thousands and sometimes hundreds of thousands of pounds!
Victims are often small to medium-sized businesses, schools, charities and medical/dental practices, but any business can be targeted by fraudsters who find a way to take advantage of flaws in security systems. With the Christmas holidays approaching, there’s a higher risk of telecoms hacking due to premises being left empty over this time.
Monitoring of the phone usage over periods of office closure is probably very low or not taking place at all, meaning you may should take extra measures to lock down any call types that are not required, such as international and premium rate access.
There are some important steps you can take to protect your business from telecoms hacking and there may be some measures you were not aware of that are easily implemented. Here are some recommendations to help protect yourself from any hackers:
- Change passwords and access codes regularly and create strong and longer passwords using both alpha and numeric. Avoid 000, 1234 and extension numbers.
- Disable access to your voicemail system from outside lines. If this is business-critical, ensure the access is restricted to essential users and they regularly update their PIN/passwords.
- If you do not need to call international numbers/premium rate numbers, place a restriction on your telephone line.
- Restrict outbound calls and/or set a cap on call costs at certain times; e.g. when your business is closed.
- Ensure you regularly review available call logging and call reporting options and look out for increased or suspect call traffic.
- Secure your exchange and communications system, use a strong IT firewall and if you don’t need the function, close it down!
- Consider limiting call types by extension – if a user has no requirement to ring international or premium rate numbers then bar access to them.
- Ensure you fully understand your system’s functionality and capabilities and restrict access to those services which you do not use.
- Assess security of all applications: platform, operating system, password and permissions scheme.
- Regularly review call usage – analyse billed calls by originating extension and identify irregular usage.
- Block access to unallocated mailboxes on the system and change the default PIN on unused mailboxes.
- Be vigilant for evidence of hacking – not being able to obtain an outbound line is usually a good indicator of high volumes of traffic through your system. Check for calls outside of business hours.
- Consider limiting who can make international calls or calls to premium lines.
- Put in place daily or weekly limits and alerts on call spending with automatic call-barring when thresholds are exceeded.
Lastly, we here at Connect-it Communications wish you a great Christmas and prosperous New Year. Should you have any questions how to fraud-proof your telecoms, please contact us on firstname.lastname@example.org or call us today on 0345 885 122.