Such fraud, unfortunately, affects companies of all sizes. What kinds exist, and how can it be prevented?
WHAT ARE THE HACKERS’ MOTIVES?
The hackers’ objective is a financial one: generating calls to international numbers or premium numbers in order to make money. In effect, with each call to a premium number (a 08 number, for example), the company assigned this number receives a payment.
What’s more, on the international level, telecom operators may compensate subscribers receiving calls from certain phone numbers. These payments depend upon the number of incoming call minutes for these numbers. A hacker will, therefore, attempt to generate a maximum of “free” calls to the numbers for which they or their accomplices will receive a payout. The company whose phone lines have been hacked will then have to pay any bills for communications generated by the hacker.
Voicemail fraud is the most widespread type. It represents the greatest risk for companies with phone systems using an onsite (PABX) or remote (Centrex) switchboard.
What does such fraud involve?
Hackers use remote voicemail access to make calls at a company’s expense. It is possible to consult and set up voicemail from a phone line when out of the office or working remotely, for example.
The principle is simple. A user calls their own phone number, pressing a specific key when they arrive at voicemail (usually # or 0). All they need to do then is enter a password to hear messages and set up call forwarding in case of no answer.
If this password is a basic one (0000, 1111, 1234, etc.) or consists of the default provided by a manufacturer, a hacker can easily enter the user’s voicemail and replace forwarding to voicemail (in case of no answer) with forwarding to an external number. The hacker can then simply call the hacked line so that their calls are automatically transferred to the premium or international number they have entered. The company will be responsible for charges to the premium or international number.
How to protect oneself?
- Verify if your company’s voicemail messages are accessible remotely.
- If this is the case, deactivate this option or verify that the default access code has been changed to a secure code. Establish a secure password policy and require regular changes to voicemail access codes.
- Limit voicemail boxes to the people for whom they are truly necessary.
- Limit authorisation for international calls or premium numbers to the people who require it.
PHONE SYSTEM ACCESS FRAUD
When they’re not passing through a user’s voicemail, hackers attack the phone system itself.
To achieve their ends, these hackers often operate nights, weekends or during off-periods. They target times when no personnel are in the office in order to impede any intervention by the victim.
How do hackers operate?
Hackers try to connect remotely and take control of the company's phone system. Modern phone systems are often configurable via a web interface. As in the case of voicemail, they try to connect with combinations of usernames/simple or default passwords. It is once again often the case that an installer or administrator will forget to change default identifiers.
Once into the phone system, the hackers can generate calls to international or premium numbers.
Organisations of all sizes are affected by this potential risk. In November of 2015, for example, one County Council received a €43,000 bill for fraudulent calls to Africa.
How to protect oneself?
- Secure and isolate phone servers in dedicated spaces with restricted access (closed and accessible only to specific personnel).
- Install a firewall before the switch to filter incoming IP addresses.
- Ask your operator to set a maximum consumption threshold. If you approach this threshold, you will be alerted, which will help you to avoid high bills. Also, request that international calls be automatically blocked beyond a certain point.
- Perform a regular phone system audit to verify its configuration and level of security.
Want to know if your phone system is secured against fraud?
Talk to our experts