Against the backdrop of the Communications and Fraud Control Association (CFCA) estimating at the end of 2011 that global telecom fraud losses are $40.1 Billion, distributor Micro-P has launched a highly informative white paper on the subject entitled, ‘Securing your PBX’.
John Bird, Head of Systems and Support Services at Micro-P says the telecom fraud problem, also known as ‘Phreaking’ is a major problem for resellers and their customers.
“One of the best kept industry secrets is that, typically, telephone systems are somewhat insecure and are open to ‘attack’ from individuals who endeavour to make fraudulent calls over the customers trunks.
The ‘hackers’ cannot be underestimated. They use the latest technology and software to identify systems that are not secure and attempt to crack passwords. By the time the fraud comes to light it is far too late to do anything about it and the problem for the hacked company is that the network providers’ stance is that the calls were made over the lines that the user is responsible for and as such they need to pay for them.
The reason we have produced this white paper is to educate the reseller channel to the scale of the issue, identify weak points in a typical PBX system installation and advise on good installation and maintenance practice to minimise telephone system exposure to fraud.”
Bird says that the best prevention has to be reseller and end user education starting with the installation engineer being vigilant and understanding how an attack occurs in the first place.
“The top seven weak points that render a PBX liable for attack are as follows; auto attendant, voicemail, lack of call barring, SIP trunks, unauthorised access to the customers IP network, un-educated end users and password security. Our white paper examines each of these in turn to provide invaluable advice for the reseller and their customers.
The key issue however is for the reseller to educate their customer as end user awareness is absolutely essential in the process of minimising exposure and risk associated with toll fraud.
How many user operators for example would associate a call supposedly from a BT engineer announcing he was making a ‘test call’ and asking them to press ‘Transfer, 9 and then hang up’ as handing over an outside line to an anonymous caller who can then dial any premium rate number for as long as they want at the users expense?
Bird recommends the use of Call Management software to identify unusual calling patterns and volumes. This will alert the customer immediately to a potential attack and enable the user to take appropriate action to minimise losses.
“There is always some risk but the information in our white paper will limit the exposure of reseller customers and the best way to do that is to with the assistance of that user.”