Protect your Business from VoIP Fraud
[note title=”Reduce Risk :” align=”right” width=”200px”]
[list style=”check” color=”blue”]
- Ensure PBX systems are behind your firewall
- DO NOT port forward 5060 to your equipment!
- Remove or disable DISA
- Ensure default passwords are not used
- Keep your VoIP platform up to date and patched
- See below for more points!
Some of the warning signs that your systems security has been compromised include:
– Large call volumes at night, weekends or holidays;
– IDD calls to destinations you usually don’t dial;
– An usually high number of short duration calls;
– Difficulties (busy or delays) with retrieving Voicemail
The cost of not securing your phone system.
Hacking and fraudulent use results in unauthorised calls charges billing directly to your account, as a business you are responsible for maintaining the security of your hardware. You will be liable for all charges incurred on your account.
For further assistance contact your phone system maintainer or IT system administer to help minimise the risk of hacking. Any communications system, either premise based PABX or Hosted Phone system is at risk. The following examples highlight the need to improve your systems security.
Telecoms Hacking is Communication Fraud and can be defined as the use of telecommunications products or services with no intention of payment.
The industry-wide problem has increased in recent years, impacting businesses that own or operate PABX’s, Voice mail Systems or Hosted Phone systems. Fraudsters gain access undetected and make outbound calls both domestically and internationally resulting in substantial unauthorised costs being incurred by your company
How Does It Happen?
Hackers gain unauthorised access to a customer’s PABX’s, SIP Trunks, Voice mail Systems or SIP Trunk.
A hacker can compromise unprotected telecommunications equipment by dialling or logging in remotely to gain access to your communications system. Hackers usually exploit poorly secured remote access options such as Voicemail, or DISA (Direct Inward System Access) and once having gained access, redirect calls to anywhere in the world. The fraudster may then masquerade as a service provider offering international access, or often generate large volumes of calls to their own Premium services. The hacker generates revenue using your assets resulting in substantial charges to your company
As the Service Owner, you are responsible for the administration and security of your Phone System.
This includes both physical security of PABX and Handsets as well as Passwords and PINs used for remote access to premise based equipment of Hosted Phone systems.
In some circumstances, We may become aware of possible Systems hacking or fraud, and as a matter of courtesy, provide you with notification, however we will only become aware after the fraud has been committed.
No responsibility will be taken by Highway 1 or Simtex where your systems security has been breached. You will be required to pay any charges generated as a result.
Case Study 1
A large business facilities provider with a PABX was attached by fraudsters.
Lack of password security provided the hackers with free access to channels IDD calls through their PABX. The system maintainer was called when voicemail messages could not be retrieved. By that time the fraudsters had made over $80,000 worth of International traffic in less than a week.
Case Study 2
A medium sized consulting firm with a SIP TRUNK was recently a hacking victim.
The provider noticed an abnormally large number of International calls and notified the customer. Security measures were put in place to prevent further calls, however, over $30,000 worth of IDD calls to Sierra Leone had already been made. It is your responsibility to ensure the security of your communications system, failure to take security precautions could cost you a large amount.
[list style=”info” color=”blue”]
- Dont choose obvious passwords i.e. extension number, 1234, Company name
- Educate your staff on the importance of keeping codes and passwords confidential
- Enforce company policy to regularly change PIN’s and passwords
- Limit the number of employees with authorisation to setup new codes and passwords
- When a member of staff leaves the company cancel their access rights
- The External Call forwarding feature for the Voice Mail System should be disabled, unless specifically required by a staff member
- Disable any feature not in use that may be accessed remotely
- Delete any voice mailbox services that are not required. Only authorised personnel should have access to the phone system equipment
- Keep phone system hardware in a secure place with restricted access
- Ensure you have adequate barring levels plaed on your phone system , for example 1900 calls or international calls
- If your PABX has DISA enabled (Direct Inward system Access), then only limited specific staff should have access to that feature
- Unused extensions should have their access rights deactivated
- Check your phone bill for any unusual call traffic