Telecoms fraud is an ongoing problem in the UK and one we always highlight at Christmas-time. While fraudulent behaviour is evolving all the time, especially online, it could be easy to overlook potential attacks on your telephone system.
There are so many types of fraud activity nowadays that the latest statistics on telecoms fraud are hard to find. They tend to get swept into the overall statistics on the number of businesses affected by fraud in general and the costs incurred, so it is now more difficult to paint an accurate picture of how prevalent telecoms fraud. For instance, a report in The Telegraph earlier this year revealed that invoice fraud costs small businesses £9bn a year. Telecoms fraud will no doubt make up a portion of this total. The latest statistics I can find are in a survey commissioned by the Internet Telephony Services Providers' Association (ITSPA), which questioned 1,000 businesses across the UK and found 27% had been hacked in the past five years, costing each business £12,000 on average.
There are three types of telecoms fraud businesses need to guard themselves against:
- Unauthorised calls by individuals with physical access to your phone system
- Malicious disruption from hackers who want to cause mischief and/or to exploit security systems
- Organised crime carried out by sophisticated hackers who want to generate money quickly
How do hackers succeed?
- Whether you are using ISDN digital lines or SIP trunks, hackers dial in through your phone system on one channel/trunk and dial back out on another leaving your business liable to pay the final bill - the more lines you have, the more it will cost you
- Incorrectly configured firewalls, poor security settings, lack of maintenance, as well as the use of default passwords allow quick and easy access for the hackers
- Once access is gained, the hackers can exploit in-built services such as voicemail, call forwarding and call diversions to direct calls to a number of their choosing - this will often be to premium rate or international numbers
- The time period 2am-6am is particularly popular for hackers as most businesses will not be operating as normal and fraudulent activity is more likely to go undetected
- Hackers will typically target holiday seasons such as Christmas, Easter and bank holidays when the office is quieter and closed for longer periods of time
The most common losses
Your phone system is compromised with calls being made to premium rate and international numbers with the profits going back to the hackers.
We give advice to our customers on how they can protect themselves from telecoms fraud in our guide here, but we also offer them financial protection with our Fraud Management Service. It can be tough to drum home the warning though as fraud is such a hidden crime, but when a business suffers at the hands of a hacker, the results can be devastating. By then, the warning is too late.
The last thing businesses want after a Christmas break is to come back to an inflated phone bill that they will have to pay as the hackers are almost never caught. I urge businesses to read our guide or, at the very least, to read the brief tips below so you can arm yourself with some facts if you want to ask your provider about fraud protection.
Help protect yourself from telecoms fraud:
- Frequently change PINs/passwords (including voicemail), especially when employees leave
- Ensure PINs/passwords are random and strong - do not use the default ones or easy ones like 1-2-3-4 or 0-0-0-0
- Disable or restrict access to your voicemail from outside lines
- Disable unwanted features
- Implement an effective call barring plan, e.g. no calls to international or premium rate numbers or no outgoing calls outside office hours
- Check whether your network provider can alert you quickly when an excessive charge is incurred
- Ensure your telephone system is fully up to date with current software/security levels
- Conduct a security audit of your telephone system like you would any of your IT systems
- Ensure your staff are fully trained on your telephone system so they fully understand how to use its features and the risks involved
If you are considering changing providers, I would be glad to speak to you about the fraud protection we can offer your business.