A leading security firm revealed how to prevent ‘toll fraud’ as cases soar of crooks hacking into a phone network and making long distance calls with astronomical costs.
Denwa Security warned that UK businesses are being hit with enormous bills after crooks access the network and deliberately call the high-charge numbers.
Firms are unable to claim back the cost as they are not covered for compensation by the providers.
Businesses using ‘on premise’ telephone systems and voicemail systems are particularly at risk if these systems are not secure.
Denwa said that it is a global, industry-wide problem with potentially devastating effects – incurring immense long-distance charges in a very short time.
But the security providers have revealed essential steps companies can take to prevent hackers from targeting the phone system.
Understanding Your Legal Responsibility
Securing your phone system is an imperative step in protecting your company from toll fraud. If a call has originated with or passed through your phone system or equipment, you are responsible for the charges associated with the call, whether the call is authorised or not. This means that if you are the victim of toll fraud, you are liable for the costs.
We highly recommend engaging the provider or maintainer of your phone system and equipment to learn how to prevent toll fraud. Ultimately it is your responsibility to ensure that your phone system and equipment are secure.
What can I do to protect my Phone System?
Just as you would not leave the front door unlocked or the keys in the ignition, your phone system must be appropriately secured. Below are protective measures you may take to reduce the risk of toll fraud.
Keep in mind these are general guidelines and we encourage you to contact the provider or maintainer of your phone system to discuss security measures specific to your own setup.
Modern phone systems more than often reside on your computer network in some way, in addition they may be exposed to the public internet for VoIP based services. Therefore develop a policy for following manufacturer best practices, maintain it, keep it’s software updated and annually review your equipment’s security with your maintainer at least once per year.
International countries are a popular calling destination for fraudulent calls. We recommended blocking all international numbers and only enable those your staffs need to make calls to; most phone systems offer this feature.
After Hours Calls
Restrict outbound calling out of your normal working hours. We’ve seen more hacking attempts in the evenings and at the weekend than during normal Monday to Friday working hours.
It’s often missed however the default passwords that come with a new phone system are not safe because they are widely known. Change you user and voice mail passwords as often as you can.
Unused Mailboxes & Phones
When staff leave, remember to disable to change their passwords.
If you are operating ‘SIP’ based phones then these are the easiest to hack so don’t leave them unplugged and always put complicated passwords on them.
Restrict call forwarding and call transfer features. Configure your telephone system so that users can forward only to trusted numbers and restrict all others.
Make sure that your phone and voice mail systems are up to date and have all current patches installed. Phone system manufacturers are releasing updates all the time to help battle toll fraud.
Monitor calling patterns and usage when using whatever auditing features are provided with the system on a regular basis. If you have call logging software, often alerts can be enabled to warn your of abnormal activity.
Most toll fraud is generated in a short time and usually after hours when detection is least likely. Encourage employees to report Unrecognised languages on voice mail messages, especially those left out of normal office hours.
Consider having an accredited, professional third party audit of your phone systems to probe for any security vulnerabilities that may have been overlooked or neglected over the years.
IP phones and systems are susceptible to the same fraud issues as traditional phone systems. Additionally, they are also subject to security gaps in your data network and firewalls.
If you are using SIP trunking (internet telephone lines) then ensure your firewall only allows trusted IP addresses that your provider uses. Opening port 5060 (SIP traffic uses this port) to the world will enevitably expose you to port scans, which a hacker will use, then to make their way in.
What can Denwa do to help?
You could ask us to carry out the following for your business:
- Disable International calls
- Check your firewall configuration
- Install call logging software with toll fraud alerts
- Update your phone systems software
- Change your system’s passwords
The above steps towards securing your network and phone system may attract a small charge from your maintainer but compared to thousands of pounds worth of fraudulent calls – a small price to pay for peace of mind.
What to do if you suspect Toll Fraud
- Call Denwa or your Calls provider immediately
- Contact the provider/maintainer of your phone system immediately
- Report the incident to your local police station or visit http://www.actionfraud.police.uk/