VoIP Fraud Alert

What To Look For!

Some of the warning signs that your systems security has been compromised include:

• Large call volumes at night, weekends or holidays;

• IDD calls to destinations you usually don’t dial;

• An usually high number of short duration calls;

• Difficulties (busy or delays) with retrieving Voicemail.

CASE STUDY 1

A large business facilities provider with a PABX was attached by fraudsters. Lack of password security provided the hackers with free access to channels IDD calls through their PABX. The system maintainer was called when voicemail messages could not be retrieved. By that time the fraudsters had made over $80,000 worth of International traffic in less than a week.

CASE STUDY 2

A medium sized consulting firm with a SIP TRUNK was recently a hacking victim. The provider noticed an abnormally large number of International calls and notified the customer. Security measures were put in place to prevent further calls, however, over $30,000 worth of IDD calls to Sierra Leone had already been made. It is your responsibility to ensure the security of your communications system, failure to take security precautions could cost you a large amount.

Background

Telecoms Hacking is Communication Fraud and can be defined as the use of telecommunications products or services with no intention of payment. The industry-wide problem has increased in recent years, impacting businesses that own or operate PABX’s, Voice mail Systems or Hosted Phone systems. Fraudsters gain access undetected and make outbound calls both domestically and internationally resulting in substantial unauthorised costs being incurred by your company.

How Does It Happen?

A hacker can compromise unprotected telecommunications equipment by dialing or logging in remotely to access your communications system. Hackers exploit poorly secured remote access options such as Voicemail or DISA (Direct Inward System Access). Once inside, they redirect calls worldwide. The fraudster may impersonate a service provider offering international access or generate many calls to their own premium services. The hacker uses your assets to generate revenue, causing substantial charges to your company.

Your Obligations

Sometimes, we may detect possible system hacking or fraud and notify you as a courtesy. However, we will only become aware after the fraud occurs. Zettagrid / Simtex accepts no responsibility for breaches of your system security. You must pay any charges resulting from such breaches.

What action can be taken to reduce the reduce the risk of fraud?

Protect your business assets from fraud by consulting your systems maintainer or administrator. We recommend your security regime include these measures:

• Change default codes and passwords immediately after activating a service

• Avoid obvious passwords such as extension numbers, 1234, or the company name

• Educate staff to keep codes and passwords confidential

• Enforce regular changes of PINs and passwords per company policy

• Limit employees authorised to set up new codes and passwords

• Cancel access rights when staff leave the company

• Disable external call forwarding on the Voice Mail System unless a staff member requires it

• Disable unused features accessible remotely

• Delete unneeded voice mailbox services. Only authorised personnel should access phone system equipment

• Keep phone system hardware in a secure, restricted area

• Set adequate barring levels on your phone system, such as for 1900 or international calls

• If your PABX has DISA (Direct Inward System Access), restrict access to specific staff

• Deactivate access rights for unused extensions

• Monitor your phone bill for unusual call traffic