Beat the criminals - understand dial-through fraud and spoofing
Posted by Colin Woods on 29/03 at 10:00 AM Dial through fraud, Security,
Shock of dial through fraud

The Easter holidays could provide rich pickings for dial-through fraud gangs with most businesses closed for the four-day break, but there is also a growing threat to businesses while they are open.
We have often used this blog to highlight the threat of dial-through fraud whereby telephone systems are hacked and calls diverted to premium rate numbers to generate ill-gotten gains.


Dial-through fraud 
The reason why the Easter break or, indeed, any period where a business may be closed for longer than usual, is that some line providers may not notice this unusual activity until they return to work on Tuesday. If the fraud was instigated on Thursday night, that could mean five days of dial-through activity which could accumulate extraordinary costs which the business will have to pay.


More recently though, we have seen a different type of phone fraud affecting businesses with criminal gangs rather ironically posing as bank anti-fraud experts. 


This costs the UK around 1.5 billion per year.


These fraudsters call businesses and control the caller display number, using a technique called spoofing, so it appears they are calling from a genuine bank number. The caller informs the business there has been fraudulent activity on their account and advises them to move their funds into a different account, which is then shared between multiple accounts to quickly move the money on to the gangs.


This has cost UK businesses at least £7 million with charities being the leading target.


Businesses clearly need to be vigilant whether the office is closed or open. It would be pertinent to alert your accounts teams to this new type of fraud. They should understand that banks will never ask businesses to undertake a transaction like this, so any requests like this are suspicious. We would advise them to hang up and report the incident to their bank immediately; never give out any account details, passwords, etc.


Reduce the risk


Meanwhile, as this is the last working day before the Easter break, here are a few tips to reduce, but not eliminate, the risk of fraud:

  • Frequently change PINs/passwords (including voicemail), especially when employees leave
  • Ensure PINs/passwords are random and strong - do not use the default ones or obvious ones, e.g. 1-2-3-4 or 0-0-0-0
  • Disable or restrict access to your voicemail from outside lines, e.g. remote workers
  • Disable unwanted features
  • Implement an effective call barring plan, e.g. no calls to international or premium rate numbers or no outgoing outside office hours
  • Check your network provider can alert you quickly when an excessive charge is incurred
  • Ensure your telephone system is fully up to date with current software/security levels
  • Conduct a security audit of your telephone system like you would any of your IT systems
  • Ensure your staff are fully trained on your telephone system so they fully understand how to use its features and the risks involved 


Fraud management service
You can also insure your business against crippling phone bills with our Fraud Management Service.


This not only monitors your lines for fraudulent activity but we limit your bill to £750 per number for any instance of fraudulent activity as the charges can be crippling.


If your system is hacked and they call a £1.50 per minute premium rate number (it can often be more), this will rack up to £2,160 in just 24 hours. This is assuming they have overtaken one line and just for one day. This isn’t a low-level crime and the attackers are sophisticated in their endeavours, so rarely get caught and brought to justice.


A lot of competitors will offer a monitoring service, where they will monitor your lines and notify you of suspicious activity. This is often after the event and you will usually remain liable for the huge charges you have incurred. At swcomms, we proactively monitor your lines, bar them where necessary and limit your liability to £750 per number. If this interests your business, please do not hesitate to contact me.

Posted by
Colin Woods's avatar
Colin Woods on 29/03/2018

Our head of business development and training Colin also likes to espouse the virtues of our data centre services, including co-location, cloud services, filtering, hosted exchange, traditional voice services through to SIP trunking, all aspects of internet connectivity and inter-site connectivity.

A Karate instructor for 28 years and a former UK squad member, Colin is little more relaxed in his spare time now choosing to walk his two dogs, Simba and Aslan.

Contact: colin.woods@swcomms.co.uk

Contact us now

Send us a message