Telephony Fraud takes its Toll

By Peter Watson, FD for Executel Ltd

They’re called ‘hackers’, ‘phone phreaks’ and ‘shoulder surfers’. They sell information between themselves and they are costing UK businesses thousands of pounds each week. Who am I talking about? Telephony fraudsters, that’s who.

Consider this. You would never leave your house unlocked and open to burglars and you would never knowingly allow a stranger to walk into your workplace and help themselves to company property. Yet despite numerous warnings, many unsuspecting businesses across the North East are doing just that by leaving themselves open to the rising threat of Toll Fraud.

Unfortunately, it’s all too easy to take an 'it will never happen to me' attitude but it can and it might. Unseen by human or electronic eyes, thousands of long-distance and premium rate calls are being made every day by telecoms hackers and illicit users and ultimately, your business could end up paying the price.

The Problem
Put simply, toll fraud is theft. There are no two ways about it. It’s not a harmless prank but a serious offence which can result in criminal charges. And while accurate cost estimates for toll fraud are difficult to pin down because many companies are reluctant to publicly admit that they have been targeted, experts estimate that the cost to the UK telecoms industry currently exceeds £1.3 billion per year and is continuing to rise.

Meanwhile, according to recent research, PBX usernames and passwords are selling online for more than stolen credit cards and those committing toll fraud ranges from amateurs who think they can make a few ‘free’ calls, to sophisticated call-sell operations that deal in stolen line capacity for massive financial gain.

The Method
Methods traditionally associated with hacking IT systems have now been extended to telecom systems. If your PBX or voicemail system has a dial-through facility that allows users to dial in and ‘break out’ (dial other numbers as if they were sitting at their desk), you could very well be the hackers next victim.

Fraudsters can tunnel into your system, gaining access to PSTN connectivity, obtaining logins/passwords and reconfiguring personal mailboxes. Once compromised, sensitive data can be rapidly distributed, sometimes via electronic bulletin boards and thousands of calls may then be made long before you receive a bill and notice the unauthorised use.

The Solution
Hackers use sophisticated methods of attack and while standard security precautions like changing passwords regularly, restricting access etc. can obviously reduce exposure to fraud, they are by no means foolproof.

At Executel, having seen first-hand the devastating effects of toll fraud, we are taking a proactive approach and designing effective security architectures that help protect our customers against this kind of criminal activity. We have also spent months auditing and reconfiguring existing customer systems in a bid to guard against unauthorised access.

However, the challenge we face is that whilst the ongoing development of VoIP and UC (Unified Communications) platforms is bringing new technologies and in turn tighter securities to the market, the fraudsters are fast coming up with more sophisticated ways of targeting systems so it’s a constant race against time.

Therefore, the best solution for mitigating toll fraud is to deploy a 24/7 monitoring solution on your voice network. System protection tools now exist that can analyse calls in real time 24 hours a day, sending automatic alerts via email, SMS or pager when abnormal activity is detected.

These tools can be programmed to detect a variety of different calls including premium rate numbers, international calls, tandem calls, calls to specific numbers, calls transferred from voicemail, long duration calls and calls outside office hours. Calling patterns can also be analysed by time of day, day of week and rate of occurrence in an attempt to anticipate, detect and prevent potential exposure to fraudulent activity.

I can’t stress how important it is for businesses to review their security measures, now more than ever. They should treat their PBX system in the same way they treat their computer network; you wouldn’t leave your network without adequate security measures and it’s an unfortunate sign of the times that we must all now do the same with our telephony.

Whilst you would understandably assume that doing nothing costs nothing, be warned because when it comes to telephony fraud, the cost of doing nothing can be devastating for a business.