When you hear about ‘hacking’, you automatically think of attempts to gain access to your data, or your website. Whilst these are of course very real threats that cost businesses billions collectively, there is something else that is becoming a significant problem, and that is telephone hacking, otherwise known as ‘toll fraud’ or ‘phreaking’.
What is Toll Fraud?
Toll fraud is carried out by criminals who hack into phone systems and use them to make calls to premium rate or international numbers. In doing so, they run up bills of thousands of pounds. And it’s the owner of the line that is liable for the bill, without exception.
Most toll fraud happens out of hours when it is least likely to be detected. Evenings, weekends and bank holidays are the most common times. The fraudsters are only too aware of the lack of monitoring during these times and take the opportunity to dial into a phone system, locate an unsecured voicemail box and start making calls to wherever they choose.
What can Lead to Toll Fraud?
Problems mostly arise when voicemail boxes, modems, routers, networks, phone systems and the computers that operate them are not adequately password protected, perhaps because passwords are left as default, rarely changed, written down, shared or just not strong enough. Powerful auto diallers are used to randomly search for insecure passwords, more often than not with great success.
Other ‘ways in’ include inbound reverse charge calls and callers repeatedly asking to be transferred until they reach an outside line. Operators should look out for continuous hang-ups on inbound calls; wrong numbers; silent calls; callers asking for invalid extension numbers and obscene calls. Expect deceit, cunning and persistence.
How to Head the Fight Against Toll Fraud
It is near impossible to completely avoid toll fraud, but there are numerous measures that can be taken in order to reduce the risk of it occurring. Here is a checklist:
- Educate all staff who use your telephone system in any way in the dangers of toll fraud.
- Introduce policies on accepting reverse charge calls: either say no altogether, ban any from overseas or verify the identity of the caller.
- Restrict outbound calls to all or selected overseas destinations.
- Consider placing restrictions on outbound calls from certain extensions or on the quantity that can be made or the times dialling out is permitted. For example you could put a halt on outbound evening or weekend calls.
- Ensure mailbox system passwords are strong and regularly changed. Never share passwords.
- Disable conference facilities if not required or regularly change the access codes.
- Install a voice firewall and consider a line monitoring service that will identify any suspicious activity.
You should be aware that you are responsible for your telephone line security, and therefore liable for any calls that are charged to your account, whether or not they are the result of criminal activity. Take steps today to ensure you are doing everything you can to protect your business from costly risks of toll fraud. Your bookkeepers will be able to point you in the right direction of service providers who can help you.