With most companies now using Voice over Internet Protocol (VoIP) to manage their communications, fraudsters and hackers have a lucrative target source – when left unprotected. With the ability to make simultaneous calls from one line, toll fraud – the illegal use of telecommunications – has become a great concern for companies and contact centers that use VoIP and PBX technologies.
Small businesses are most at risk as their local carriers often lack anti-fraud systems and are left footing the bill. Larger companies using major telecom carriers have more sophisticated fraud systems in place to catch hackers before they run up six-figure charges. They can also afford to credit customers for millions of fraudulent charges every year. Unfortunately, their detection systems are “after the fact,” and not preventative.
Big or Small, every business is a target for this $40 Billion worldwide problem. Yes, that’s Billions of dollars!
How it’s done: Toll Fraud
Toll fraud occurs when a contact center receives calls from an unauthorized user who pretends to be a customer, vendor or other. The fraudster then uses the contact center’s phone system to place long-distance or international calls, leaving the company with a hefty phone bill.
Toll fraud is generally committed after business hours. Fraudsters call a business and identify its automated answering system based on menus and prompts. Fraudsters attack the company’s open-ended (IVR option 9) IVR system which is often used by staff to access their voicemail. By entering default passwords (such as sequence 1234) until they get access to a vulnerable mailbox where the system can now be used to make costly long-distance calls. It can also tie up phone lines, preventing customers from reaching you. In some cases, it can even lead to legal trouble if these unwanted calls are made to numbers that are on a do-not-call list.
Know the signs of a security breach due to toll fraud
Here’s a quick checklist that can help you identify possible toll fraud on your network:
- Complaints that the system is always busy
- Sudden changes in normal calling patterns, such as increases in wrong number calls or silent hang-ups, traffic during off hours (night, weekend and holiday traffic), increase in average call times
- 800 and WATS calls, international, operator or 10XXX calling, and odd calls (i.e. crank or obscene calls)
- Toll calls originating in voicemail
- Long holding times
- Unexplained 900 (Chat Line) calls
- High tolls for any unauthorized trunk extension
- Hearing foreign voices when you pick up a line
Toll fraud prevention is your best line of defense
Your first step is to ask your Telco provider their policies on toll fraud prevention and protection. If you’re not happy with their policies and procedures, then find a telco that takes this issue seriously. If more businesses demand preventative measures, telecom companies would be more inclined to proactively protect your business.
Secondly, educate your employees about potential toll fraud scenarios and make sure they know not to give out passwords or other sensitive information to anyone, for any reason. You should also have procedures in place so that if someone does try to commit fraud, you can quickly block access and minimize damage.
Also, consider investing in a VoIP security solution like a call authentication system. This can help to verify that calls are coming from authorized numbers and help to block fraudulent calls before they happen.
TOP 10 things you can do to counter fraudulent attacks against your VoIP system:
- Restrict dialing according to user function, instead create roles and assign appropriate dialing privileges
- Lock accounts after a defined number of failed password changes (3 attempts is standard practice)
- Perform security audits
- Use authorization codes (on your IP PBX or with your carrier)
- Restrict long-distance calls to only countries you deal with, and block all others
- Monitor your system regularly and adopt auditing procedures (i.e. check irregular calling destinations, time of calls, duration of calls)
- Always close network ports on phones that are in public areas, apply template where the PC port is disabled.
- Block long-distance calls from being made after normal operating hours (nights, weekends, holidays)
- Immediately disable voicemail following an employee’s departure
- Block or disable:
- Unused features
- Access to remote maintenance ports and system Admin ports
- Premium, high per-minute or per-call 1-900 phone numbers
- The 101xxxx feature that allows calls to be made with another long-distance carrier
- The 0-11 feature that allows overseas calls
- The 0+ feature that allows calls to be made with operator assistance
And then there are the duh! measures that sometimes need to be repeated.
Don’t get caught by one of these:
- You hear it often enough, but it needs to be repeated – use a strong password and rotate often (minimum 6 digits, no predictive patterns like 1234, repetitive digits like 3333, or the reverse of the extension)
- Adopt a password policy according to recognized industry standards (NIST, ISO 27K, SANS, PCI)
- Change all default factory passwords
For our Genesys clients, here are a few simple preventative measures you can incorporate today:
- Block users from making changes to their IC client
- Remove available call forward options
- Block access to voicemail from external lines
- Configure PureConnect to forward calls only to internal numbers
- Use the Password Check Utility to search for default 1234 passwords and provide password aging information
VoIP is not going anywhere. But neither is toll fraud. These attacks, like all internet security risks, will continue and become more sophisticated. Minimize your risk by partnering with an experienced contact center solution and service provider that can propose bundled Unified Communications service, QoS, and secure data services with best-practice toll fraud mitigation techniques.
Contact us at Inoria and let us guide you through the process.