Telecom fraud could very easily and very quickly kill a company. All that has to happen is for a criminal to get the user ID and password (the one used to access voice mail remotely) of any employee in your company. With this information, criminals can easily set up the ability to allow any outside caller to dial into the compromised account and make an unlimited number of calls anywhere.
When criminal hackers gain access to a user account on your VoIP Phone System, they immediately begin making calls at your expense. Typically, there will be a lot of international calls, calls to 900 numbers that reverse the charges to your company or to any phone number they choose.
Criminals Make Money By Stealing From You
These criminals are not just doing this so they can get free phone service, they are doing this to make a profit. Actually they have made really big profits. In June, 2009 the U.S. government announced it had broken up a $55 million toll fraud ring that was operating internationally and targeting VoIP phone systems.
Hackers in the Philippines targeted companies in the United States by hacking into the user accounts and PBX system. They monetized the scheme by opening public long-distance calling centers in Italy and Spain, presumably charging individuals to make long-distance calls.
If your company has a toll free number, these criminals will use your toll free number to dial into your system, access the hacked account and then make the outgoing call, all at your company’s expense. To make matters worse, when they sell this service they instruct callers to use your toll free number to access your system.
Use Secure Passwords
One thing these criminals look for is users with easy passwords like all 0’s or 12345. You should never allow employees to use passwords that are easy to steal, or risk becoming an easy target. An obvious but often over looked way to protect your company against these types of attacks is to require your employees to use secure passwords.
Most competent Business VoIP Providers have safeguards in place that should protect you against most of these attacks. However, these criminal hackers are relentless and are constantly looking for vulnerabilities in order to steal from you.
If your company is successfully attacked and it is determined the criminal hackers gained access to your system from an account with an insecure password or some other way that could have been prevented by your company, your VoIP provider will more than likely make you responsible for those charges. These charges can be large enough to put most small businesses out of business.
How Can You Protect Yourself
There are actually quite a few things you can do to protect yourself against becoming a victim of telecom fraud.
- Require strong passwords: Your VoIP Provider should be able to put password policies in place that will prevent employees from using insecure passwords.
If a hacker gains access to one of the user accounts on your phone system it is better than giving them your ATM card. When they have access to your phone system they can almost immediately run thousands of international calls through your account, when they have your ATM card, they can only steal what is in your account.
- Disable or limit international calling: If your company does not usually make international calls or only certain employees need to make international calls, have your VoIP Provider enable international calling to only those employees that make international calls.
This requires a simple change in settings and eliminates one of the biggest telecom fraud threats.
- Restrict access to 900 numbers and similar services: Again this is another setting your VoIP Provider can easily make that should not have any impact on your company’s operations.
Choose a VoIP Provider that uses advanced fraud detection software: This type of software monitors your calling patterns behind the scene to identify risky calling patterns or patterns that differ from your typical calling patterns. For example if, all of a sudden, the software detects a lot of calls on a weekend when your company is typically closed, the software will email an administrator and if you choose, disable the affected user.