The problem: Toll-Fraud ("Hacking" or "Phreaking") Could Cost You a Small Fortune
Figures from the Communications Fraud Control Association's (CFCA) Telecoms Fraud Survey 2011 indicate that:
-
Toll-fraud accounts for worldwide business losses of over £25.5 billion.
-
The United Kingdom is the third most targeted country in the world.
-
Toll-fraud in the UK costs businesses £1.2 billion each year.
Toll-Fraud is Organised Crime: How Does It Happen?
Whether you have analogue, digital or IP based system fraudsters hack into your PBX/IP PBX (Private Branch Exchange), normally out of office hours, and gain access to your phone system in seconds. They use advanced software to crack pass codes and bypass firewalls.
Once the system has been accessed, hackers use it to route unauthorised and illegal calls to any location in the world. The stolen call time passed off as legitimate in the form of calling cards and low-priced calling tariffs. In almost all cases there is a link to organised criminal gangs purporting to be legitimate businesses.
Most business will not be aware they have been hacked until they receive telephone bills for what could be thousands of pounds. Whilst Integra ICT Ltd endeavours to lock down all systems as much as possible, hacking and fraud technology is advancing all the time leading to a continuing rise in toll fraud.
The Solution: Comprehensive Protection Against Toll-Fraud Losses from Integra ICT
-
Full protection against losses caused by toll-fraud and telephone hacking should your system be subject to unauthorised external access.
-
Cover for up to £10,000 worth of fraudulent calls in any one month.
-
Peace of mind that your business is FULLY PROTECTED from fraudsters.
Integra ICT's Toll-Fraud Protection cover is available for all lines from 1
st November 2012 at a cost of £0.99 per line, per month.
Please also refer to Integra ICT's Toll Fraud Policy as set out below to ensure you minimize the risk of fraud.
Additional option for on-site control:
Whilst Integra ICT's Toll Fraud protection covers your losses to the amount specified, you may prefer to purchase an on-site system firewall "Control Phreak" which prevents hackers accessing yout telephone system.
Control Phreak automatically stops fraudsters in their tracks. You decide how liberal or restrictive the flow of call traffic will be through your phone system and you're always in control of the rules governing this flow so that the legitimate phone traffic of your business is never compromised while your phone system remains completely safe from 'phreakers'.
Control Phreak applies your call authorization rules continuously and automatically 24 hours a day or for the time period you specify providing automatic and continuous protection for your phone system. Just call one of our sales advisors for more information.
Integra ICT Toll Fraud Policy
Whilst Integra ICT Ltd endeavours to secure your system as much as possible, hacking and fraud technology is advancing all the time leading to a continuing rise in telephony fraud.
There are many techniques used by fraudsters to use telephone systems for their own benefits and typical methods of inflicting fraud come through the misuse of common PBX functions like DISA (Direct Inward System Access), looping, call forwarding, voicemail, and auto attendant features.
The fraudster will generally use one of these methods to use the telephone system to dial out to either an international number (cheap calls abroad) or more seriously Premium Rate telephone number where losses can run into many thousands of pounds.
Integra ICT Toll Fraud Protection Scheme
Integra ICT Network Services customers who have opted to join our Toll Fraud Protection Scheme are protected against losses related to Toll Fraud.
Although this scheme will indemnify against losses caused by actions of individuals outside of your organization it does not cover losses caused by internal misuse of the telephone system.
For those outside of this scheme, it is the exclusive responsibility of the customer to prevent the occurrence of fraud, and the Customer is responsible for payment of any charges incurred due to fraud (including Toll Fraud), abuse, or misuse of the telephony services, whether known or unknown to the Customer, and whether or not Integra takes any actions to stop or block Toll Fraud.
How Integra protect your system
All of our installations are carried out in accordance with industry best practise and manufacturer specific guidelines to protect your telephone system from the risk of Toll Fraud.
We routinely restrict access to Premium Rate telephone numbers from our systems, if access is required to Premium Rate numbers we allow access to specific numbers only
As standard we restrict Voicemail systems from access outside lines and do not enable DISA functionality unless specifically requested to do so.
Maintenance access passwords are changed from their default settings along with voicemail access passwords.
Our support team carry out regular remote security checks on our client telephone systems.
Although we take all necessary steps to protect all of our clients from the risks associated with Toll Fraud we make no guarantee that you are immune.
How you can protect yourself
Call us immediately if you suspect Toll Fraud
Customers should immediately notify Integra of suspected Toll Fraud by calling the Integra Support Team on 01767 692892
Be prepared to identify the means by which the fraud occurred, if known, and any modifications made to Customer Premise Equipment (CPE) in an attempt to stop the Toll Fraud.
Upon notice, Integra will investigate any suspected Toll Fraud, and may block, suspend, or otherwise limit the ability of the Service to prevent continued Toll Fraud.
Customer agrees to cooperate with Integra in the investigation, including the reporting of such incidents to the
appropriate agencies.
Customer agrees to provide Integra with such information and documentation as Integra may request to assist with any investigation.
Use Strong Passwords to Minimise Risk
One of the most effective and easy to implement methods that you can use to protect your organisation from toll fraud is to implement a strong password policy.
Always ensure that users avoid passwords which contain the following:
-
Predictable patterns, like ascending or descending digits (1234)
-
The same digits (1111)
-
The same number as your extension (or your extension reversed)
-
And please don't use default passwords or default access numbers - they're easy to crack as almost everyone knows them
Change Passwords Often
It's a good idea to encourage users to regularly change passwords, and always change or remove authorization codes and passwords when authorized users leave the company, especially when technicians depart.
Take More Control of Your Long Distance Calling by Reviewing Your Call Restriction Programming
Since placing unauthorized long distance calls is the goal of most thieves, the more controls you place on long distance calling the more secure your system will be. Some suggestions include:
-
Prohibit or restrict calls to countries you do not do business with
-
Limit international calling to only those employees who need to place international calls. Limit calls to UK area codes if calls to these areas are not permitted
-
Put time of day restrictions into effect, such as prohibiting or limiting outbound calling at night and at weekends
Learn To Spot Suspicious Incoming Calling Patterns
In addition to fraudulently obtaining access to your Private Branch Exchange (PBX), one of the fastest growing ways thieves are trying to obtain an outside line is by deceiving your operators or employees. They may enter your system through a local access number or your FREEPHONE service, then ask to be passed back and forth, eventually obtaining an outside line. We recommend directing switchboard operators to report unusual incoming calling patterns, including the following:
Callers asking to be transferred to an outside number
Callers repeatedly dialling in and asking for an invalid extension number
Excessive hang-ups
Obscene calls
Excessive wrong numbers
Callers asking employees what number or party they've reached
Dead air calls (incoming calls where the caller remains silent and waits for a hang-up)
Although seemingly innocent, each of these is a technique used by thieves to gain access to an outside line.
What are some warning signs that could indicate Toll Fraud?
Calls (especially international) you don't recognize on your telephone bill.
Warnings from your telephone company regarding unusual call activity not matching your typical call profile.
Increases in calls after business hours.
Phone lines in use for extended periods when no one else is on the phone (including valid remote users).
Complaints by incoming callers getting busy signals or outside lines not being available when the office isn't using all the phone lines (can be caused by other issues like call forwarding settings, or lack of disconnect signals from the telephone service provider).
