In recent years, we seem preoccupied with the battle of the budget. We can’t seem to win. The economy stinks. The smart businesses have learned how to do more with less. However, austere business practices go only so far.

Alas, there is a new threat at our doorsteps. You are at risk of being robbed. However the crook won’t have a gun, and they will probably never get caught. TOLL FRAUD is reaching epidemic levels. As our technology rapidly developed, so did a new kind of criminal.

TOLL FRAUD – HACKING & STACKING

HACKING & STACKING represents a devastatingly effective one – two punch to increase your toll fraud loss to many thousands of dollars.

First the hackers penetrate your system and passwords, then they begin stacking or placing multiple calls simultaneously on the outbound line by multiplexing or using the Three-way calling feature from the carrier. There is virtually no limit on the number of calls placed on a single line in any time period. If your carrier has set your lines up for International calling and three-way calling, your liability could easily exceed $10,000 to $25,000 in a single hour.

Numerous victimized telephone subscribers are reporting that they are being billed for Premium Rate or International telephone calls fraudulently made through their telephone systems.

Virtually all carriers have strong policies and tariff regulations holding the subscriber responsible for the charges. The carriers are forced to pay the carrier at the distant end, resultantly they want you to pay and will back their claim with legal action.

Two Of The Fastest & Better Steps To Protect Yourself From Toll Fraud:

If you don’t need international long distance direct dialing, block the service on your trunk lines. Confirm your order to your carrier in writing. If your order is not in writing, it didn’t happen.

If you don’t need Three – Way Calling on your trunk lines, cancel the feature. Confirm your order to your carrier in writing. If it’s not in writing, it didn’t happen.

Cut the crooks off from the revenue and they may go look for any easier target. Premium Rate and/or International Long Distance Calls may be the prime targets for the hackers.

But that’s just my opinion,

Frank Bisbee – Editor
“HOTS – Heard On The Street” Monthly Column
www.wireville.com
4949 Sunbeam Rd, Suite 16
Jacksonville, FL  32257


TOLL FRAUD GOES BIG TIME

Toll Fraud Over Hacked Voicemail SystemsOver the past year months the telecom industry has received thousands of reports about increased hacking activity, where customers are reporting that they are being billed for Premium Rate or International telephone calls fraudulently made through their telephone systems.

This PBX Security breach involves hackers accessing your telephone system via system options that eventually permit the hacker to place either Premium Rate or International Calls.These hackers most often call a business after-hours utilizing some software called a war dialer. This allows them to categorize your telephone lines and decide how best to attack your telephone system. This could be via the use its automated answering system or vulnerable voicemail boxes or unsecured telephone lines (DISA)*.

*DISA (Direct Inward System Access) allows someone calling in from outside the telephone switch (PBX) to obtain an “internal” system dial tone.

Experienced hackers sometimes recognize the equipment they are calling by its prompts and know the equipments default passwords, allowing them access to mailboxes with unchanged passwords (or they will try guessing at simple passwords such as 1234 and 1111).It is imperative for you to protect yourself against this type of fraud by ensuring your telephone system and voicemail equipment is safeguarded and your employees are educated about password security best practices.

For customers who own their telephone and voicemail systems, you are responsible for the protection of your equipment and are responsible for any toll charges.

Industry Best Practices

* Ensuring your employees change the manufacturers default password immediately upon being assigned a voicemail box and frequently thereafter.* Programming your voice mail system to require passwords with a minimum of 6 characters (8 is preferred the more complex the password, the more difficult it is to guess)

* Training your employees not to use easily-guessed passwords such as their phone numbers, local number, simple number combinations or patterns.* When assigning a phone to a new employee, never make the temporary password the employee’s telephone number.

* If possible program your voice mail system to force users to change their password at least every 90 days. If not then introduce a corporate password policy which requires them to do so.

* If possible all forms of automated trunk to trunk (straight through dialing) should be disabled. Straight through dialing allows you to make telephone calls through your mailbox or telephone system when you are at an offsite location. If this feature is used, it is important that you generate and monitor reports to ensure your mailboxes are not being abused.

* Remove all unassigned mailboxesThe above security measures are of a general nature and will not protect every aspect of an individual telephone system you are encouraged to contact either your maintainer or a specialist telecom security company to discuss the unique aspects and vulnerabilities of your telephone equipment in greater detail.Remember that you are responsible for paying for all calls originating from, and charged calls accepted at, your telephone, regardless of who made or accepted them.

The above security measures are of a general nature and will not protect every aspect of an individual telephone system you are encouraged to contact either your maintainer or a specialist telecom security company to discuss the unique aspects and vulnerabilities of your telephone equipment in greater detail.

Remember that you are responsible for paying for all calls originating from, and charged calls accepted at, your telephone, regardless of who made or accepted them.

The Firewall Approach

In our opinion this offers the most effective approach to telephone system security;
Deny everything – Allow Nothing – Treat every opened facility as a possible vulnerability.

PROTECT YOUR SYSTEM FROM HACKING

General Rules

PBX

* All DISA lines should be disabled
* Call forward external from end users phones should be restricted
* Redirect of incoming numbers to outside numbers should be restricted
* General Access phones should be limited to calling local numbers only
* Call Barring levels should be assigned correctly for long distance calling
* Access to known high toll fraud areas should be restricted.
* Monitor and track long distance activity using Call Detail Reports

Voice Mail

* Deny inbound calls via Auto Attendant to external numbers.
* Restrict or control Voicemail dialing to pagers and mobiles
* Restrict or control Personal IVRs (dial 2 to transfer to my mobile…etc)
* Restrict or control Voicemail Remote Notification to pagers and mobiles
* If available use remote notification to email to notify of voicemail messages
* End Users forced to change Mailbox access passwords on a regular basis
* End Users password minimum length is set at least to 6 digits or more
* Administration of mailboxes removing any unused mailboxes
* Call Barring should be used to restrict outbound access where possible

All Systems

* Passwords should not be posted or distributed
* Passwords should be changed on a regular basis
* Passwords must be changed from default passwords
* Where possible restrict trunk to trunk (inbound/outbound) call transfers
* Monitor systems using traffic and call detail reports to check calling patterns
* calls to unusual locations
* high call volume
* long call durations
* international and calls to 0990 numbers
* high traffic after business hours

Frank Bisbee
President
Communication Planning Corporation
4949 Sunbeam Rd, Suite 16
Jacksonville, FL  32257
(904) 645-9077 office
(904) 237-0365 cell
(904) 645-9058 fax
frank@communicationplanning.com or frank@wireville.com
FL ES12000711    GA LVT305404

Contact us or call (904) 645-9077 today for an analysis of your voice communications or other low-voltage needs. Let us show you a more robust, cost-effective solution and learn why Communication Planning Corporation is regarded as a premier voice communications and data networking solutions provider.