Telecommunications Fraud Protection
LEARN HOW TO PROTECT YOUR BUSINESS
Fraud protection is essential to any business. Telecom fraud is a major problem worldwide, fraudsters can easily rack up tens of thousands of dollars in long distance charges before the phone’s administrator is even aware of a problem. It is important to know the different forms of Telecom Fraud that can occur, and what you can do to help protect yourself from unwanted calls and charges. Below is an overview of the most significant telecommunication fraud threats that your business could face.
WHAT IS TELECOM FRAUD?
Telecommunications fraud generally involves a third party making long-distance calls at the expense of a business. Forms of fraud involve:
PBX Fraud (DISA): Intruders gain access to businesses that use a PBX phone/voicemail system and use system commands such as an 800 number or other access number to gain a dial tone. They place unlimited long-distance calls directly through these lines for unscrupulous operators reselling long-distance at a profit.
Voicemail Fraud: Voicemail fraud is the most prevalent type of fraud and the most significant threat to businesses that use a Private Branch Exchange (PBX) phone system or voicemail. An unauthorized third party can gain access to a business’s phone system and place long-distance calls directly through these lines.
Modem Fraud: An unauthorized third party can gain access to your Internet dialer if you access the Internet via a dialup connection, and use your phone line to place long-distance calls.
HOW CAN YOU PROTECT YOUR BUSINESS?
The following are some precautionary steps you can take to protect your business and secure your phone
Learn about your telecommunications system:
- Know the safeguards, the inherent defenses and security features;
- Determine the vulnerabilities;
- Ensure staff is trained in safeguards and procedures.
Know the signs of a security breach:
- Complaints that the system is always busy;
- Sudden changes in normal calling patterns such as increases in wrong number calls or silent hangups, night, weekend and holiday traffic, 800 and WATS calls, international calling, and odd calls (i.e. crank calls);
- Toll calls originating in voice-mail;
- Long holding times;
- Unexplained 900 (Chat Line) calls;
- High tolls for any unauthorized trunk extension
Know the access paths that open the doors to fraud:
- Direct Inward System Access (DISA)
- Voice-Mail System
- Remote System Administration (Maintenance Ports)
- Direct Inward Dialing
- Tie Trunks and Tandem Network Services
Monitor and analyze your systems information:
- Study call detail records and review billing records (exception reports may provide a warning sign);
- Know calling patterns and review them;
- Review voice-mail reports;
- Monitor valid and invalid calling attempts whenever possible.
SECURE YOUR SYSTEMS
Take the following steps to secure your systems.
- Restrict access to specific times (business hours) & limit calling ranges;
- Block all toll calls at night, on weekends and on holidays;
- Restrict call forwarding to local calls only;
- Block all 10XXXX calling from your PBX if this service is not necessary
- Block, limit access or Require attendant assistance to overseas calls;
- Establish policies on accepting collect calls and providing access to outside lines;
- Educate switchboard operators and employees about “social engineering” (i.e. con- artists trying to obtain calling access or transfers through a PBX);
- Secure equipment rooms (lock up all telephone equipment & wiring frames);
- Establish controlled procedures to set and reset passwords;
- Change passwords regularly;
- Use maximum length passwords for system manager box & maintenance ports;
- Prohibit the use of trivial, simple passwords (i.e. 222, 123, your last name, etc.);
- Limit the number of consecutive log-in attempts to five or less;
- Change all factory installed passwords;
- Block access to long distance trunking facilities, and collect call options on the auto attendant;
- Block or preferably Delete all inactive mailboxes;
- Limit your out-calling;
- In systems that allow callers to transfer to other extensions, block any digits that hackers could use to get outside lines, especially trunk access codes;
- Conduct routine reviews of the status of your system and system usage.
PBX and DISA:
- Change default codes after installation of new equipment;
- Never publish DISA telephone numbers;
- Change your DISA access telephone number periodically;
- Issue a different DISA authorization code for all users and Warn DISA users not to write them down;
- Do not use sequential access numbers;
- Use longer DISA codes (minimum 7-9 digits) and change the codes regularly;
- Disconnect telephone extensions that are not in use;
- Restrict DISA access at night, weekends and on holidays (Prime time for fraud);
- Block or restrict overseas access;
- Program your system to answer with silence after five or six rings (Hackers look for systems that answer with a steady tone)
- Identify invalid access attempts to your DISA and route them to an operator;
- Implement DISA ports that drop the line when an invalid code is entered;
- Program your PBX to generate an alarm when an unusual number of invalid attempts are made,and to disable the port after a set number of invalid attempts.
Remote Access Ports
- Block access to remote maintenance ports and system administration ports;
- Use maximum length access codes and change them regularly.
- Use maximum length passwords and change frequently;
- Eliminate three-way calling on all extensions used with modems;
- Disconnect modems that are not in use.
As there is no ability for OneConnect to truly determine whether a long distance call made from your lines is legitimate or fraudulent we do require you as the customer to implement controls to ensure that only valid calls are being generated.
If you notice any unusual activity on your phone bill, contact the OneConnect immediately.
Support: 1.866.4.EASIER, option 1 or via email at
Account Services: 1.866.4.EASIER, option 3 or via email at