Global telecom fraud is costing businesses £29bn a year. What can you do to prevent it happening to you? If you think only celebrities have their phones hacked, you’re in for a nasty shock. In November, managers at Oxford-based farming charity RABI were stunned to get a phone bill for £2,000. The cause? Someone had hacked into their telephone system and had been calling premium-rate numbers. Luckily, the firm hosting the phone system spotted the irregular behaviour almost immediately – but fixing the problem still meant the phone system was off-line for three days.
This kind of attack is way more common and much more financially damaging than voicemail hacking. Hackers target business telephone systems for their own gain and, more often than not, this can be extremely costly: an October report from the Communication Fraud Control Association put global annual PBX hacking at a shocking $4.4bn (£2.7bn).
And don’t think it’s just older telephony that’s vulnerable; the same report states that the amount of possible IP phone system hijacking is nearing $3.6bn (£2.2bn) with the total amount of telecom fraud now up at $46.3bn (£28.8bn).
Phones – so easy to hack
Back to unscrupulous journalists for a moment. You will probably be appalled to learn that the on-going News Of The World trial has been told there are no less than three ways to hack a person’s mobile – from interrupting the voicemail sequence to use of its Unique Voicemail Number (UVN) or a way to fool one of the main service provider’s voicemail systems (a ‘Generic Platform Number’). If it’s that easy to hack a celebs phone, you might be thinking, is your company’s phone system any safer?
The brutal reality is that phones are a much more vulnerable form of communication than you might have been led to believe. This means that while fraud usually does get spotted quickly, it doesn’t always – a fact that can lead to leaky budgets, damaging loss and possibly even damage to reputation (I doubt the premium rate lines being called were giving weather information, shall we say). The good news is there are steps you can take. With modern business telephone systems it is possible to apply much more rigorous technological barriers to this kind of fraud than with earlier topologies. For example, if you work with an IP phone system leased from a responsible third party utilising state-of-the-art SIP trunking functionality, you can expect to get in-depth monitoring, alerting and portal control that will alert you to any potential issue.
What’s even better, your service provider will then be able to slam the security gates down on your account instantly, preventing you being in the same unfortunate case as the company that did a check on its books to find it had raked up £3,000 worth of phone calls over the weekend to Somalia – a country they have no business reason to ever call!
Don’t put yourself or your team in this position
Take the steps you need to make sure you are the only company using the company phone account! For more information about finding and migrating to the right system for you, read ‘A Network Manager’s Guide to Phone System End-of-life and Beyond’
This article first appeared on the Gamma blog.