| Whatever happened to telecom fraud? Does it still | | | | automatically prompt and ensure that employees to |
| exist? Should you as a business owner be | | | | change their passwords every 90 days at minimum. |
| concerned? Despite huge advances in security | | | | When employees leave the company, make sure that |
| technology and increased telecommunication security | | | | you delete their unused voicemail boxes as quickly as |
| protection and customer awareness, phone fraud | | | | possible. Why? The hacker takes control of the voice |
| continues to be a major concern for all businesses. | | | | mail box and records the word "yes." He then places a |
| Just the thought of the possibility of thousands of | | | | third party and instructs the outside operator to call the |
| dollars in losses to a business because of phone fraud | | | | number of your departed employee's old mailbox. The |
| is daunting. The fact is that phone fraud still has the | | | | operator says, do you accept third party charges for |
| potential to put your business out of business and that | | | | Mr. Jones' call and the voice mail box answers, "yes" |
| is a scary proposition. Even with the advent of VOIP | | | | as programmed. |
| technology, the thieves have continued to figure out | | | | Another major threat to companies today is the |
| how to hack even the most complicated systems and | | | | problem of weak links in personnel, particularly the |
| companies like yours and mine can still suffer as a | | | | company receptionist. This is sometimes referred to |
| result. | | | | as "social engineering fraud." Employees and your |
| There are three primary kinds of phone fraud that | | | | receptionist should be alert for a call that is received |
| most of us should be concerned with and that will be | | | | whereby an individual may identify him/herself as |
| addressed in this article. Nuisance fraud (cramming and | | | | someone working for the phone company who is |
| slamming), proprietary phone system (PBX and key | | | | testing lines. They might say, "I'm with the phone |
| system) fraud, voice mail fraud and the newest | | | | company and I'm running a test on your phone |
| challenge, VOIP phone system fraud. | | | | systems, please transfer me to a particular extension." |
| Nuisance Fraud: Most of us as business professionals | | | | Transferring a caller to certain digits first accesses an |
| will at some time or another encounter nuisance fraud, | | | | outside phone line "dialing 9" and "dialing the 0" |
| otherwise known as slamming and cramming. | | | | accesses the outside operator who can facilitate a call |
| Nuisance fraud usually cannot make or break a | | | | to anywhere in the world for the crooks. The calls are |
| business when it strikes, but it can drain revenues if left | | | | then back billed to your company. Hackers have also |
| unchecked on the phone bill. | | | | been known to use other ploys like finding out who the |
| Cramming occurs when a third-party provider charges | | | | board members for large companies and then |
| for services or fees that the customer has not | | | | impersonating that individual on a call to that company. |
| authorized. These charges are neither ordered nor | | | | The receptionist may not be able to recognize their |
| desired by your company. These charges can include | | | | voice because typically board members don't interact |
| products and services such as bogus voice mail | | | | with receptionists as much as employees do. |
| service charges, operator assisted calls, calling card | | | | However, due to a board member's prestige, power or |
| programs, monthly service fees and credit check | | | | reputation in the company, the receptionists are well |
| services. Also, bogus yellow pages and white pages | | | | aware of their power, so the caller is able to get |
| advertising can also mysteriously appear on your | | | | unlimited transferring ability to commit his crimes. The |
| business phone bills or be billed to you directly. | | | | crime usually is not discovered until after the arrival of |
| Cramming is the addition of charges to a subscriber's | | | | the phone bill. Warn the receptionist and employees of |
| telephone bill for services which were neither ordered | | | | this ploy. Numerous companies milked for thousands of |
| nor desired by the client, or for fees for calls or | | | | dollars in overseas calls because of this crime. |
| services that were not properly disclosed to the | | | | If your business has a toll-free inbound number, be on |
| consumer. These charges are often assessed by | | | | alert! Hackers can call in on the toll free number and |
| dishonest third-party suppliers of data and | | | | use codes and features to place calls overseas or ring |
| communication service that phone companies are | | | | up service charges on paid calling services. |
| required, by law, to allow the third-party to place on the | | | | Another thing you should do is restrict some call |
| bill. | | | | forwarding and conferencing features on your |
| Have you ever looked at your local telephone bill and | | | | company phone system that might assist hackers in |
| seen odd charges from "other service providers that | | | | forwarding calls on your dime. Arrange to meet with |
| you do not recognize?" If you have, chances are very | | | | your phone system vendor to conduct a vulnerability |
| good that you've been crammed. For large businesses, | | | | analysis ensure that your phone system is secure. |
| the charges are buried deeply in the bills and are | | | | Most of the larger telephone equipment manufacturing |
| difficult to notice, and can go on for years, month after | | | | vendors, Siemens, Avaya, Nortel and Mitel have |
| month without being noticed. | | | | security bulletins and security support programs to help |
| How can you get refunds and combat cramming? | | | | keep your systems secure and up to date. |
| First, call your local phone provider and ask them to | | | | VOIP fraud: The third and final telecom voice fraud |
| reverse the charges to the offending party. In most | | | | concern to be discussed is the latest threat to |
| cases, they will. If they do not cooperate, contact the | | | | companies and that is VOIP fraud. Voice over IP fraud |
| FCC, your better state attorney general and the FTC | | | | is still in its infancy but becoming more prevalent. Again, |
| to lodge a complaint. However, first let the crammer | | | | as previously mentioned in the earlier section regarding |
| know that you would like give them the opportunity to | | | | phone system fraud, one of the best ways to prevent |
| refund your money. | | | | this kind of fraud is to change the system passwords |
| Slamming can occur when there is an unauthorized | | | | in your VOIP phone system. |
| switch or change of a carrier providing local, local toll or | | | | There is starting to be increased attention surrounding |
| long distance service. Slamming is frustrating because | | | | recent attacks on VOIP systems but actual cases of |
| dishonest phone companies are able easily to change | | | | documented fraud are now just starting to become a |
| or "pic" your long distance service to their plans, often | | | | problem. In 2007, two men were arrested because |
| at a much higher rate than your preferred or selected | | | | they routed calls through unprotected network ports at |
| carrier had provided. Even after you discover the | | | | other companies to route calls onto providers. Over |
| fraud, there is still the headache of switching all of your | | | | three weeks, the two routed half a million phone calls |
| lines back to the long distance provider you should | | | | to a VOIP provider. Federal investigators believe the |
| have and getting the fraudulent service to issue you a | | | | two made as much as $1m from the scam. |
| refund. How do you prevent it? Ask the carrier to put | | | | Nevertheless, actual cases of VOIP fraud on these |
| a "pic freeze" on your phone lines. Insist on a corporate | | | | systems are still somewhat rare, however, there is a |
| password for access on your all of your local, cellular | | | | lot of potential for harm as vulnerabilities and holes in |
| and long distance phone accounts and restrict all | | | | security are becoming more prevalent and more easily |
| access to those accounts to two key people in your | | | | exploitable by resourceful hackers. |
| company. | | | | VOIP hackers can exploit system passwords to gain |
| Phone system and voice mail fraud: These kinds of | | | | access to company VOIP voice systems and have |
| frauds continue to be problematic for many companies | | | | and can potentially steal millions of minutes of long |
| and will continue to persist as long as companies have | | | | distance service. How? Hackers read up on VOIP |
| PBX and Key type phone systems in place and long | | | | vendor security bulletins and gather public information |
| distance calls cost money and hackers can easily gain | | | | on company IP addresses that are posted on the |
| access. Proactive prevention of this type of fraud is | | | | internet, which allows them to hack into client systems. |
| much easier than correcting it once it's occurred and | | | | They devise and use customized software code to |
| let's face it, like most criminals, hackers are lazy and | | | | decipher access codes and access exposed data |
| they'll leave your company alone and go someplace | | | | ports and data gateways and computer systems. |
| else if your system has the necessary safeguards in | | | | Hackers can find it easy to use default or poorly |
| place. First, make sure that your phone system | | | | chosen passwords. |
| manufacturer provided master default passwords for | | | | To counteract these attacks on your company and |
| your phone and voicemail systems are changed at | | | | keep updated with the latest security technology and |
| your location. Hackers know these passwords and | | | | VOIP fraud prevention advice, consult with your VOIP |
| can easily hack your system if they can get access. In | | | | equipment vendors and ask specific questions on how |
| fact, many of these phone system master passwords | | | | to best protect your systems. If you have a large |
| (i.e.: Avaya, Siemens, Nortel, Mitel, Cisco) are posted on | | | | VOIP system, it may make sense for you to have a |
| the internet, available to anyone. A password change | | | | professional conduct a security audit on your system. |
| can be done by placing a call to the company that | | | | IP business consumers and IT managers need to use |
| maintains services your phone systems. | | | | the latest encryption techniques for their network |
| Also, make sure that your remote access to you | | | | access and train and monitor their employees on |
| phone systems are secure. This can often be done by | | | | effective safeguarding of their company data and IP |
| using security encryption technology for remote | | | | system information. |
| access to your system. Next, make sure that your | | | | The best way to determine if a telecom fraud is being |
| employees do not use easy passwords like "1111" to | | | | committed on an organization is to do an extensive |
| access their voice mail boxes. These can be easily | | | | telecommunications audit and complete phone system |
| hacked. Also, set your voice mail system to | | | | review. |