Dial-Through fraud is very big business. It is increasingly used by organised crime and often linked with terrorists organisations worldwide. A single breach of an IP phone network can cost thousands of pounds in the span of a few hours. In many countries the problem is double the size of credit card fraud!
If your phone system is attacked, your company will be left with a huge phone bill which you will have to pay, because legally, you are responsible for all calls made via your phone system, whether or not you or your staff made them, even if you are not aware of them. With most suppliers, the fraud only comes to light when the bill arrives. This bill could be 10 or 100 times higher than your usual phone bill. There are recent instances of bills exceeding £20,000 and £35,000. Everyone is at risk and all phone systems need to be secured to protect you from potentially crippling financial losses.
Why is preventing this fraud my or my company’s responsibility?
Telephone systems (whether on site or remotely hosted) are equally at risk in these crimes. Only you have access control over your phone system, so you are responsible, not only for its security but also for all call charges incurred from its use. Moreover, only you can identify which calls made from your phone system are legitimate and which are fraudulent.
We are a small business, are we open to attack?
Phone hackers search globally for the IP addresses of unsecured phones and systems to harvest for their own use. The search is continuous. Hackers are running banks of servers 24/7/365, whose design purpose is to identify the IP addresses of phones that will give them access to the phone network. It is common for phone system hosts to see 12,000 “handle turning attempts” a second – 24/7/365. You begin to see the size of the problem. They don`t care (and can’t tell) how big or small your business is and no one is safe. Worst of all if you are hacked, you`re probably unlikely to be able to absorb the average loss incurred from a fraudulent event, since the size of the bill may well be enough to bankrupt your organization. It is critically important both you and your staff understand the need to protect your business and especially your phone system.
How is it possible my current phone system is not secure?
The resident security in your PBX was enough to keep you secure in the past but not now. These criminals and are becoming cleverer all the time, developing new ways to attack and exploit your phone system. They can readily circumvent this security now.
If I or my company gets attacked, who pays for the calls?
In law, you are responsible for all calls made from your phone system, whether or not you or your staff made them and whether or not your carrier/airtime provider/reseller has taken any steps to block fraudulent calls.
What steps are needed to protect my business from this fraud?
The best possible configuration is to have physically separate phone and data networks. If this isn’t realistic, VLANs can separate traffic but critically, no data should be able to traverse between the two networks without passing through a network security device. It may also be possible for SIP traffic to be routed over a private network, from the IP phone network, all the way to the provider’s SIP servers. This traffic cannot be intercepted or misdirected by someone with malicious intent.
Pink Connect have services that will limit exposure to fraudulent activities. These include:
- Geographical limiting, blocking calls to countries that you specify
- Call type limiting, blocking calls to toll or pay-per-use number ranges
- Volume limiting, blocking all calls if a certain threshold of calling minutes is reached in a given time frame
Please call us now on 0345 450 9393 opt 1 to discuss with a member of the Sales Team what the options for your business are.