Tips to Protect Yourself Again Toll Fraud Attacks (Phreaking)
“Phreaking” (toll fraud, phone hacking, dial-through hacking)has become big business in North America. In Canada it is estimated to be as high as $100 million annually.
In the not-too-distant pass it was often adolescents with modems, phone lines and a PC looking to make a couple of calls on someone else’s tab to friends out of the province or even the country. These call volumes often went unnoticed in the vast number of calls on a company’s bill.
Telephone Phreaking of the internet era has evolved to something more damaging, and is often big business run by organized crime. Telecommunications carriers often reap considerable benefits from this activity by demanding payment of the illegal call traffic phreakers have generated at their victim’s expense.
Advancing technology makes it easier for this thievery to take place. VoIP thieves are aware that their unsuspecting victims may not be prepared to protect themselves against this type of fraud. Although a company may have a state-of-the-art Hosted PBX service or VoIP system does not make them immune to the huge losses from criminal phone hacking.
The key to preventing such incidents lies in both the service provider and the end user working together and understanding the depth of the threat. This is especially important for end users of unmanaged Hosted PBX services who manage configuration and security features of their Hosted service themselves. Statistics have shown that most hackers have gained access to systems or services through inadequate and insufficient use of existing security features. Tel-e Connect Systems as a service provider makes those security features available and offers end users education and best practices for implementing them. End users must understand their responsibility of the security of all the systems/services they run. Alternatively, Tel-e Connect Systems includes the management of configuration and security features as part of our Hosted IP rental agreement.
We recommend our users employ the following guidelines to reduce the company’s risk of a phreaking attack:
- Ensure that all manufacturer default passwords for all endpoint devices are changed promptly.
- Secure all end point devices (handsets, computers, PDAs) by restricting physical and remote access to them.
- Ensure functioning of lock out algorithms that prevent password phishing and notify administrators.
- Ensure timely deactivation and/or password changes of all unused extensions, voicemail accounts.
- Secure your network, employ firewall and access lists to guard your Hosted IP and/or endpoint devices where possible.
- Ensure that your Hosted IP or VoIP system configuration does not allow through dialing or outbound calling from adjunct equipment, ensure proper permissions for outbound transfers.
- Set and enforce standard and complex passwords for your Hosted IP interfaces, voicemail.
Phreakers tend to not focus on systems with properly implemented security policies. Some hackers may decide to move to an easier target once they encounter safeguards on your Hosted PBX. It is important to work together to recognize the seriousness of security threats and invest time into efforts to make our phones services safe and secure.