Protect Your Business from Premium-Rate Phone Hacking Scams
A recent New York Times article shines a light on a new form of an old trick: phone fraud. With most businesses powering their phones through the internet (Voice over IP), hackers have new access to systems. In this case, the criminals are using business lines to dial international premium-rate lines, cutting deals to make up to a quarter per minute on charges that can reach $100,000 or more.
Unless there is an extraordinarily large bill like these, many businesses don’t even realize their phones have been hacked. Sometimes the fraud isn’t even caught by phone companies for days or weeks.
Hackers mostly target small business. The New York Times reports that these scams cost victims $4.73 billion globally last year. Be prepared and don’t let your company’s phones become a six-figure liability.
How Are Phones Hacked?
Phone systems are rarely monitored. Businesses tend to take a “set it and forget it” approach to phones. If they aren’t broken, no one is paying attention to them. With most new business phone lines running through the internet, that attitude has to change.
Hackers take advantage of lax security as well as confusing and nonexistent international regulations for phone communication. Instead of hacking trunk lines, hackers break into PBXs (private branch exchanges). Once they have access they can use all available lines to dial international premium-rate numbers, racking up major charges.
Stopping Phone Attacks
The first and easiest step to avoid hackers racking up phone charges on your business line is to write a letter to your phone service provider. Tell them your estimated amount of expenditure and minutes dialed, both daily and monthly. Inform them that the letter is a security measure and that you do not authorize any charges beyond what is detailed in the letter. Make sure to specifically call out common services used by hackers and state you do not want them used in any circumstances, including:
- premium rate numbers and text messages
- reverse charge calls (consider including a dollar per minute limit)
- data roaming charges
Request a letter of receipt and acknowledgement, and save all documentation.
Fraud detection software can also be used to stop attacks. These modules work by detecting sudden increases in call traffic and blacklisting abnormal numbers. They actually suspend suspicious numbers and will not dial as requested by the hacker. This software is sold by a variety of vendors.
Security best practices for VoIP include turning off unused protocols, separating VoIP networks from other infrastructure, authenticating remote terminals with unique usernames, passwords, and/or two-factor authentication, and monitoring communication ports.
CORE Business Services can help empower your IT team with the tools and knowledge to keep your VoIP system safe—or we can even help monitor it for you.