Everyone knows (or should know by now) that if someone calls, and asks for personal information, credit card numbers, etc you shouldn’t provide this over the phone. However, the newest hackers hack your phone lines…when no one is there.
Toll fraud is the theft of long distance charges services by an unknown third party. It is not limited to the unauthorized entry into a business’ phone system or equipment. Toll fraud occurs worldwide, and has devastating effects on businesses, often causing tens of thousand of dollars worth of long distance charges to a single business.
Unfair as it is, if a call has originated with, or passed through your phone system or equipment, you are responsible for the charges associated with the call, whether the call is authorized or not. This means, even though you are a victim of fraud, you are liable for the costs.
Hackers can enter your phone system through the voicemail boxes. The hackers call the business, and when no one answers the phone, all calls are put through to a voicemail box. The hackers then bombard the system with a series of numbers to attempt to get the right code for the administration side of the voicemail. Once they find the right code, they are able to make outbound calls to foreign places. Some foreign countries have extremely high long distance rates (13-29 cents per minute), and are good targets for toll fraud. This means the security of your phone system is up to you.
How do you ensure your phone system’s security? Call your Private Branch Exchange provider for specifics, but the following steps are a good start:
- Never publish a Direct Inward System Access (DISA) telephone number.
- Change the DISA access number regularly
- Use longer DISA authorization codes. 9 digits are ideal. Never use less than 7.
- Issue a different DISA authorization code for all users.
- Warn DISA users not to write down authorization codes.
- Restrict DISA access at night, weekends, and holidays. This is a low usage time, but prime time for fraud.
- Block or restrict overseas access. If your company requires employees to call overseas, restrict calls to only the countries that you need to make calls to.
- Program your system to answer with silence after 5 or 6 rings. Most systems are programmed to answer with a steady tone after two rings, and this is what hackers look for.
- Route invalid access attempts to your operator, if possible.
- Program your Private Branch Exchange (PBX) to generate an alarm if an unusual number of invalid attempts are made.
- Program your PBX so that the port will disable itself after a set number of invalid attempts.
- Disconnect all telephone extensions that are not in use.
- Block access to remote maintenance/administration ports, or use maximum length passwords. Change the passwords frequently, use maximum password length, and don’t use easy or sequential numbers. Ensure you change the passwords from factory settings.
- Disconnect modems that are not in use.
- Prohibit the sharing or posting of passwords, or entering them into programmable keys or speed dial buttons.
- Block collect call options
- Restrict access to directories that give directions on how to get into the voicemail system.
- If your system allows callers to transfer to other extensions, block any digits that hackers could use to get outside lines.
- Delete all inactive voicemail boxes.
Not sure if your company is safe? Ask us for a FREE Network Security Assessment!
Check out our “Email Red Flags” for what to watch for, in suspicious emails.