Any business with a telephone system can be targeted by phone hackers (known as ‘Phreakers’). The fraudsters hijack a PBX system by breaking the PIN code on the voicemail then configure it for their own use. Below we explain how this happens and why protecting your telephone system is so important.
They use access codes and online password cracking technology, enabling them to infiltrate your telephone system.
Once access has been gained the Phreakers are able to make outbound calls to anywhere in the world. The cost of which falls to the owner of the phone line connected to the PBX system from where the call has originated from.
Phone Phreakers are organised criminal gangs, linked to terrorist organisations. Typically they sell phone services in developing countries to customers who do not own their own phone line and they deal in cash, which is virtually untraceable. We have produced a free video for you: Toll Fraud Explained we hope it helps you.
What you can do to protect your system
If the access on the outside line, via Voicemail, is absolutely necessary, then suitable restrictions need to be set up on any extension that must have this type of connection.
In the same way that you would never dream of using the word “password” as your password, be sure to change the security settings and the passwords on your telephone system from the default or factory settings.
Change voicemail DISA (Direct Inward System Access) passwords regularly and protect them and your access codes from unauthorised use.
Remove or de-activate any telephone system functionality you don’t need, including remote access ports.
Remove redundant mailboxes.
Immediately deactivate access codes and voicemail passwords of people who leave your business.
Keep an eye on your monthly phones bills for anything that looks unusual.
Carry out regular audits of your telephone systems including privileges and restrictions.
Restrict access to equipment and hardware and limit access to systems.
Restrict the numbers that employees can dial, for example, bar calls to premium rate numbers, international numbers, operator numbers or Directory Enquiries.
Implement policies and procedures to minimise risk.
Protect yourself with a Fraud Monitor. Fraud Monitor keeps a close eye on your account throughout the month and alerts you of any unusual activity when it happens.
Programme your telephone system to disallow access after three individual attempts, in the same way as entering the wrong PIN at the cash machine.
Never publish the remote access phone numbers that connect callers to your voice mail system.
Call logging, if not already in place, should be immediately set up on any system where fraud is suspected. But it will need to be professionally programmed or it may miss certain call types.
DISA (Direct Inward System Access) is a feature no longer sold but an old office exchange could have the feature still present. Ensure that this is disabled.
If your business has networked its telephone exchanges, be aware that dial-through-fraud hackers could potentially ‘breakout’ from one site to another via this route.
Ensure interactive voice response (Press 1 for sales, 2 for support etc.) and auto attendant options for accessing outside lines, are removed.
All the above steps can be implemented for free. However, for ‘paid’ protection, there is a firewall protection system for your PBX called Control Phreak. It can be configured to deny/allow any combination of numbers or facilities and is managed independently of the phone system, which means it cannot be accessed by hackers.
Please talk to us about protecting your telephone system and how we can help you. This dangerous international fraud crime is only likely to worsen as we take measures to tighten our security in every other aspect of our on-line activities.
To discuss your business telephone system security options, send an email or call 01892 577 577.