Just recently, a new scam has surfaced but several business establishments including small enterprises were already victims to it.
This latest scheme is called Dial Through Fraud (DTF). As the name implied, the hackers find networks that are easily compromised and hack into the company’s telephony system using computer software. As soon as they gain access, the hackers exploit the network to make national and international calls, all at the company’s expense. In some cases, the hackers use the telephone system to call premium numbers they themselves set up to generate revenue for them while draining the funds of the company which PBX system has been hacked. The calls these hackers make are typically in the form of robocalls which are employed during nighttime or holidays when business owners are less likely to detect malicious call activity.
Aside from stealing calls, hackers may also sell the access to these hacked phone systems, advertising them as “by-pass” numbers, to other individuals. The individual can then use it to make calls to different destinations, again, all at the company’s expense. These fraudulent outgoing calls can be completed using a mobile phone and will only cost the individual a fraction of the real cost. Shadowy Toll Fraud “phone operators” that provide these services can be found by searching for terms like “bypass operators” and “calling cards” on the internet.
As a result of this scam, reports have it that most consumers have been frustrated with telephone companies which do not proactively impose warnings. Some have speculated that it is not in telecom’s interests to warn consumers about the scam since it’s the consumers who shoulder the bill anyway. Unfortunately, by the time the scam was discovered, the bill has already amounted to sometimes as high as thousands of dollars.
A survey performed by Communications Fraud Control Association estimated that hacked phone systems resulted in losses close to 5 billion dollars in 2011 alone.
Currently, a lot of companies remain unaware about DTF. So for businesses to prevent or minimize DTF attacks, here are a few simple steps to follow:
- Consider blocking all outgoing calls to premium rate, directory enquiry and international numbers as well as paid numbers such as 900 lines. Call your telecom company and request they put a block on all such numbers.
- Protect by putting additional security on remote access ports or disabling them altogether if remote access is not needed. Same goes for extra features, for example if you’re not using DISA then disable it altogether.
- Regularly review all of your PBX logs to make sure no suspicious calls are being made.
- Regularly update voicemail and DISA passwords and avoid using default combination such as 1234. Change all of the default factory access passwords and PINS after initial install.
- Don’t unlock surplus mailboxes until they are given to a specific user.
- Look out for manual hacking where as a scammer calls and asks to be connected to the switchboard in order to obtain an outgoing line.
- Try to keep your system up to date in terms of security, it may be wise to review your maintenance contacts to make sure that the supplies updates the security features regularly.
- Remember to keep your systems safe and also report any suspicious phone numbers to callercenter.com
For more information about this scam, go to http://www.bbc.co.uk/programmes/p017fb0c.