Phone system hacking – are you prepared?

by | Apr 21, 2017 | Business Telecom Services, Security

Any business with a phone system, whether big or small, can be targeted by hackers. Unfortunately, through lack of publicity, many businesses are still unaware of the dangers and the risks.


Criminals hijacked the phone system of a charity in Benwell, Newcastle, to route calls abroad, resulting in a bill of £5,000, amassed over four days. Both the insurance company of the charity and their phone system supplier refused to pay out for this bill, saying it was the responsibility of the charity.

The hackers gained remote access to the phone system via the answering machine and were able to route calls to Syria at a premium rate. Although the charity reported this incident to the local police and Action Fraud, there was little either of them could do as this type of fraud is virtually untraceable.

As a result of this attack, the charity had to have their voicemail service disconnected, something they relied heavily upon due to not having full-time reception volunteers.

Telephony fraud, also known as Phreaking, is believed to generate up to five times the losses to businesses than that created by credit card fraud.

It’s costing businesses billions of pounds, putting the UK in one of the top 5 countries in the world where Phreaking occurs, with up to 40% of companies being hit at some point.

  • The fraudsters hijack the PBX by breaking the PIN code on the voicemail then configure it for their own use. They use access codes and on-line password cracking technology, enabling them to infiltrate your system no matter how many times you change the passwords or codes.
  • Once access has been gained the hackers are able to make outbound calls to anywhere in the world, the cost of which falls to the owner of the phone line connected to the system from where the call has originated from.
  • Phone Phreakers are organised criminal gangs, linked to terrorist organisations. Typically they sell phone services in developing countries to customers who do not own their own phone line and they deal in cash, which is virtually untraceable.

Hackers attacked one in five UK firms last year, according to a recent report.

A survey by the British Chamber of Commerce, amongst 1,200 businesses, found one in five UK firms were victims of hacking last year. Larger companies, those with 100 or more employees, were most at risk from cyber crime, with 42% of businesses this size being hit, compared with 18% of small companies. The report also highlighted lack of awareness and security, citing only 24% of businesses having measures in place to protect against cyber attacks.

The survey found 63% of businesses relied on IT providers to resolve issues after an attack. This compares with 12% of banks and financial institutions and 2% of police and law enforcement agencies tending to have their own in-house expertise.

There have been a number of recent high-profile attacks on company databases.

Last year Yahoo discovered hackers had accessed email addresses, telephone numbers, dates of birth, passwords and, in some cases, encrypted or unencrypted security questions and answers from more than 1bn user accounts in August 2013, making it the largest such breach in history.

After being hacked in October 2015, TalkTalk was last year hit with a record £400,000 fine for security failings. The attack, Talk Talk were told, could have been prevented if the company had taken basic steps to protect customer information.

Hackers accessed the personal information of more than 150,000 Talk Talk customers, including sensitive financial data for more than 15,000 people.

How will I know if I’ve been ‘Phreaked’?

Your phone system will light up and the lines/trunks will be in operation for hours, but as Phreaking is more likely to happen at night or during the weekend i.e. when no one is around, the first you are likely to hear about it is when you get your phone bill.

Unfortunately, it is your responsibility to pay for calls made from your telephone system, whether they were made by your staff or not.

MF Telecoms Services offers customised toll fraud protection to best suit your business needs and requirements.

ECR – Exceptional Call Reporting – monitors call traffic of VoIP, SIP or fully hosted systems, at set, predetermined thresholds. MF Telecoms Services can also add Toll Fraud Software to NEC phone systems. This works in a similar way to ECR, but also gives the option of adding destinations and times rather than cost as the parameters. For peace of mind, and to find out more about how MF Telecoms Services can help you put security measures in place to guard against future toll fraud attacks, please email us for more information or call 01892 514687 and ask to speak to one of our UK business consultants.