Lock the office doors when the 'out of office' is on

Posted on 3rd May 2018 in General

Bank holidays - one or two extra days added onto the weekend, something looked forward to year on year. But what if we told you that as businesses prepare by setting the ‘out of office’ and shutting down systems, hackers get ready to access phone lines and drum up bills in the four, five and six figure regions.

The telecoms industry doesn’t immediately spring to mind when people talk about fraud however it s an ongoing issue impacting many businesses across the UK, and globe.

Fraud in general is a big business in the UK, with the recently published ‘Annual Fraud Indicator 2017’ report suggesting that it costs the economy as much as £190bn each year.

However, while companies build an army of tech-savvy soldiers, following the recent cyber attachks on the NHS, and may I add rightly so, companies are failing to protect themselves against the very imminent threat of phone hacking. In fact, £40bn was the figure given for Telecoms Fraud in 2017.

What are the most common types

At a basic level, telecoms fraud is caused by hackers using airtime without any intention of paying for it. Most of the time, this is out-with office hours, with bank holidays a particular focus.

Call Selling and Premium Rate Service are common forms of Dial Through Fraud, taking advantage of unprotected Private Branch Exchange (PBX) systems, and costing your business hundreds, if not thousands of pounds.

Telephony Dial Through Fraud

Criminals exploit vulnerabilities in both traditional and VOIP PBX systems to realise their funds using two main methods; by making numerous calls to premium rate numbers that they are affiliated with and thus share in the profit made by generating high volumes of calls to these numbers, or by selling the access details of the compromised PBX on to other fraudsters who make high volumes of calls to international numbers

Although fraudsters tend to target business phone lines to make money compromised PBX’s may also give criminals access which will allow them to listen to company phone calls or steal and delete sensitive business data, the cost of which could be far higher than the cost of the compromised phone calls.

SIP trunk Fraud

As more businesses switch to SIP phone lines, it seems vital security steps are overlooked with securing it. Single attacks can cost thousands, yet it’s so easily overlooked.

There are so many benefits to cutting the cord and moving to a SIP line, including increased flexibility, cost savings, and more mobility that’s needed in modern business. But, it’s incredibly easy to overlook the security risks of what many simply consider a utility.

How does it happen

Remote access has allowed a great deal of flexibility for modern telecom systems - engineers can gain access off site, employees can log into voicemails and can reach extensions lines when out of office - but it has also left an unlocked door for telecoms thieves.

Hackers are ablt to spy companies’ weaknesses and crack passwords, allowing them to creep in and steal what is rightfully yours. Once they are in, they can invite others along to the party to sell to the highest bidder, carrying out Call Selling Fraud and racking up huge bills. They can also make hours and hour’s worth of calls to premium rate numbers which they control, increasing their revenue.

You might think this would never happen to me. My business is too large with fort walls that cannot be penetrated, or, you might think my business is too small that no one would bother. However, businesses of all shape and sizes are affected. One small company was shocked by a £50,000 bill for long distance calls routed through its phone line after returning from a long weekend, with BT, Wavecrest and The Exclusive hit in recent years with millions of pounds of unpaid VOIP credits.

So what can you do to stop this?

  • Updating your passwords may seem like an obvious procedure, but doing this regularly can go a long way in protecting your systems, especially on the occasion of staff leaving the business.
  • Make sure you know who is using systems and what for, restrict access to prevent international or premium calls, and constantly review bills to ensure nothing out of the ordinary takes place.
  • Turn off Direct Inward System Access (DISA) and any other feature that allows auto-creation of new extensions. However, if this is necessary to your business closely monitor it on a regular basis.
  • You can also book a thorough audit of your telecoms system and identify any areas of weakness, putting in place solutions and building a fort around your company that is strong, resistant and safe. Fully ensure that this won’t happen to you and your business, and make sure hackers don’t stand a chance in diminishing the name of the company.
  • This may all seem drastic and over dramatic, but you would never leave the doors of your home unlocked when you go on holiday, so why would you forget to lock the “doors” of the office?

To find out more about telecoms fraud and how to protect your business, contact Exchange Communications today on 0800 008 7600 or visit www.exchangecommunications.co.uk

Get free audit of your telecoms systems