We are asked often for our opinion on toll fraud.
When we developed our CloudVoice , Frontier’s solution for onsite PBX replacement, one of the items we quickly identified was to put more granular user information in to the hands of administrators and users. One such report is a series of alerts in the event that certain call types are placed or call amount thresholds are exceeded.
Traditional methods of blocking and forcing account codes have been ineffective int he past with most users bypassing or disabling such safe-guards. Frontier’s CloudVoice platform helps helps eliminate fraud by reporting against call types. In the immediate future, we will actually be learning normal behavior for customers by analyzing historical billing records to determine what is routine for each individual user and when international calling occurs that does not match a customer’s profile, Frontier’s VoiceCloud will detect that change and report the risk.
What is toll fraud?
Toll fraud is the theft or unauthorized use of long distance phone service. Toll fraud takes many forms but is especially prevalent to phone systems that have not been secure, or where lax security measures are in place. Toll fraud is a problem worldwide, and fraudsters can easily rack up tens of thousands of dollars in long distance charges before the phone’s administrator is even aware of a problem.
How does it occur?
Fraudsters generally infiltrate your telephone system by using various techniques that help them guess the passwords for voice-mail boxes. It is relatively simple for most fraudulent operators to access your telephone system if your passwords are easy to guess or if you haven’t modified the default passwords issued when the telephone system was activated.
For users of traditional systems, your responsibilities are summarized below
Costs associated with calls placed on your phone lines are your responsibility, regardless of whether you authorized those calls or not. For this reason, it is imperative that you take steps to protect your company against toll fraud.
While no telecommunications system can be made entirely free from the risk of fraud, diligent attention to system security can reduce the risk considerably. One thing you can almost count on – when fraud happens it won’t happen at a convenient time. These criminals often will direct their heaviest assaults on your network when vigilance is at its lowest, during non-business hours, in the middle of the night, on weekends or holidays. Your plan should contain a checklist of actions you can take the moment you spot fraud. With a CIP in hand, you can minimize the time necessary to stop fraudulent calling, and perhaps even stop the unauthorized third parties in their tracks.
How can you protect your voice system?
It is important to take steps against toll fraud. If you do not, it is only a matter of time before your company is victimized. This document will outline some general guidelines to protect your company against toll fraud, but we strongly encourage you to take any measures possible above and beyond what is listed here.
International locations are the major destination for toll fraud calls. It is recommended that your company blocks all international numbers and only enable calls to those places that you need to call. Some systems allow for passwords to be required for long distance calls. If this is a possibility, we recommend you change the passwords regularly, and especially when an employee has left the company.
Follow best practices for all security, including monitoring resources for vulnerability, maintaining patches and reviewing logs. Consider utilizing standards-based security add-ons where possible.
Restrict all outbound after-hours calling.
Limit system access to authorized personnel only, even during company business hours.
Immediately change the default passwords provided with your phone systems, and include password changes as part of your regular maintenance, and when personnel leave your company. Require complex passwords.
Unused mailboxes and phones:
Proactively disable mailboxes and remove all access to outgoing employees immediately. This is not only to protect against retaliation from disgruntled former employees, but also against anyone who may obtain that person’s security information.
Restrict call forwarding and call transfer features, especially to external numbers. Program your phone system so that extensions can forward only to known numbers, and restrict all others. Never forward a caller to 901 or 90#.
Make sure your phone and voice-mail systems are up-to-date and that all current patches have been installed.
Monitor calling patterns and usage on a regular, scheduled basis. High costs can be generated in a very short period of time and will continue until action is taken to stop it.
Block Collect Calls:
Block the system from accepting revers charges on telephone calls – opt for a toll-free number instead.
Never publish any phone numbers that could provide direct access to your system (DISA). Change your DISA numbers periodically, and issue a different DISA authorization code for all users. Warn users to never write down their authorization codes.
Invalid Access Attempts:
Identify invalid access attempts to your DISA and route them to an operator. Implement DISA ports that drop the line when an invalid code is entered and program your PBX to generate an alarm when an unusual number of invalid attempts are made, and to disable the port after a set number of invalid attempts.
Eliminate three-way calling on all extensions that use modems. Physically disconnect modems that are not in use.
Restricting access to your SIP port(s) on your PBX at a IP address or subnet level is an effective way of reducing your exposure to indiscriminate port scanning bot networks.
If you detect or suspect tampering, or that you are the victim of telecommunications fraud, take immediate action. Telecom fraud charges can mount quickly – you can’t afford to lose a minute. Your first call should be to your equipment vendor and your second to your long-distance provider. Together they can begin to pinpoint the fraud source and block further fraud attempts.