NORM

Is your phone line a 5-figure
liability waiting to happen?
Diane Johnson writes...
Business
Telephone fraud is yet another reality of our connected world and may represent
a major risk to your business. Fraudsters are targeting exchanges at public and
private sector organisations and size does not matter! The latest figures show
that the cost of this kind of fraud is costing businesses over £1bn in the UK alone.
FIXED LINE FRAUD is carried out in a number of
ways. Fraudsters can gain access to a phone
exchange and will use it to make unlimited calls
to numbers of their choosing. The fraudsters
use widely available “war-dialing” software to
hack into exchanges. Commonly known as Dial
Through Draft (DTF) or Direct Inward System
Access (DISA).
The fraud involves the outward dialing to
premium rate numbers.
One example of this fraud involved Hambleton
District Council in Yorkshire. Following a number
of attempted hacks, the Fraudsters accessed
the Council exchange on Christmas Day. The
exchange then made multiple calls to numbers
in Bosnia, Pakistan and Ethiopia resulting in a
bill of £30,000. The exchange owner is
contractually obliged to pay the bill and has little
or no comeback due to the international nature
of the fraud. The Council had to pay up.
Minimise the risk
Protect your telephone systems as much as you
can. If fraud happens on your telephone system
the cost to you could be considerable. It is the
system owner’s responsibility for any calls
passed through the system whether they are
legitimate or fraudulent whatever time of day or
night on any day of the week. Check your Terms
and Conditions on Fraudulent calls.
Fraudsters/Hackers usually target a
telephone system out of office hours and
generally at weekends when they know they
have a free run from Friday night to Monday
morning and they can run up your call charges
during this period. Your telephone system can
be lit up like a Christmas tree all weekend with
calls being made and nobody is in the office to
notice it.
To help you prevent a situation like this
happening to you, you need to be more security
aware. It’s not just the office door that needs to
be secure. While no telecommunications system
can be made entirely free from the risk of fraud,
diligent attention to system security can reduce
the risk considerably. Although the guidance
below may seem obvious, it is not always done.
Change passwords, PINs and access
codes at least four times a year for
both switch (software based/remote
access) and hardware-based
voicemail systems and automated
attendant services, especially Night
Service.
If someone leaves your company
change their voicemail PIN. Using a
PIN such as 1234 or 0000 is just
like leaving the door wide open for
the opportunist fraudster.
Ensure your staff know how
important it is to secure their PINs
and passwords as above and
document policies to enable that.
If you are unsure of how to check the
security of your telephone system,
please contact your system maintainer
and ask them for a security check of
your system. You may be charged for
this service, but think how much it
may cost if you don’t!
Quick mobile tip
There is one clear message that comes out of
the News of the World debacle and this relates
to voicemail security. While mobile operators
may not authenticate caller ID, changing your
phone settings to require a PIN when checking
your voicemail is a good idea. ■
Fraudsters accessed the Council exchange and then
made multiple calls to numbers in Bosnia, Pakistan and
Ethiopia resulting in a bill of £30,000
aftnonline.com 21