Doug Meades
Managing Consultant
Abilita Telecom Consultants
dmeades@abilita.com

It’s late evening on a holiday weekend and the security monitoring system at your telecom provider has identified possible telecom fraud activity occurring at your site. This is no amateur operation, professional hackers are passing through your PBX voicemail system and routing international long distance calls on a large scale. In effect they are operating an outbound call centre at your company’s expense.

The above scenario actually happened to one of our clients! Thieves had broken into their PBX and Voice-Mail system and were placing calls as though they originated in the office. As their telecommunications advisor, I was notified immediately by the telecom provider and we were able to take action to shut the intruders out.

Yes, this can happen to you and it could be costly but here are some things you can do to protect your business from this type of fraud:

1. Know The Exposure

When hackers break into your phone system you are responsible for the bills resulting from the fraud. Someone is going to pay for those calls and it won’t be the telephone company. Understand where you are most vulnerable:

· Phone System
Intruders seek out passwords, authorization numbers and access codes by hacking into your system, snooping around offices, calling businesses and even rummaging through dumpsters. Compromised numbers are sold or traded in the phone fraud underworld with businesses like yours paying for the calls.

· Voice Mail
If your system provides dial-out or dial-through capability you are exposed to fraudulent calls. By transferring out of a system, intruders can place long distance calls. They will also look for default codes on mailboxes so they can change the codes and control the boxes.

· Call Forwarding Scam
You are requested by someone outside your company to dial a two digit code preceded or followed by the * or # key (such as *72), and then an 800 number. When you dial the number you are not connected to anyone. What has happened is you have actually programmed your phone to forward your calls to a long distance operator. The con artist then calls your number which is forwarded to the long distance operator, calls anywhere they wish and the bill goes back to you.

· Remote Access Port
The remote access port is used for administration and support of your PBX. An intruder will often start by trying manufacturers default passwords and if unsuccessful, they use computer-generated passwords until they find a password that works.

· Direct Inward System Access (DISA)
A DISA permits convenient access to a PBX from a phone outside the business via an 800 number or other special access number. This feature allows your traveling staff to make long distance calls through the PBX and have the call charged to the company. The DISA gives criminals the same opportunity, as well as the chance to set up a call-sell operation at your company’s expense.

2. Protect Yourself
Telecom fraud continues to increase and the cost of doing nothing is going up. Here are some things you should be doing to protect yourself:

· Change the security feature settings and passwords on your phone system from the default settings

· Change passwords on a regular basis and protect these passwords and access codes from unauthorized use

· Don’t publish the remote access phone numbers that connect callers to your voice mail system

· Program your system to terminate access after the third invalid attempt

· Remove mailboxes that are no longer in use

· Immediately deactivate the access codes and voice mail passwords of departing employees

· Monitor your monthly phone bills

· Perform regular audits of your telephone environment including privileges and restrictions

· Physical security – restrict access to equipment

· Establish policies and procedures to reduce your risk

3. Take Action
If you become a victim of telecom fraud:

· Shut your system down immediately

· Call your equipment supplier

· Advise your staff of the situation

· Call the police and report the incident

The telephone remains the lifeline of most small business operations today. Arming yourself with knowledge and implementing best practices is your best protection against intrusion to your business.

Doug Meades is Managing Consultant at Abilita Telecom Consultants.
Doug can be reached at (519) 432-1556 or dmeades@abilita.com.

Abilita is a full service telecom consulting firm helping clients across North America achieve greater cost efficiencies and improved performance for all of their telecommunications needs - voice, data and wireless.