With fraud and scams on the rise, it is important to remind businesses of the threats can be posed via their telephone system.
In the domestic arena, it is pensioners who suffer the most with MP Chris Elmore calling for the Government to deal with the “epidemic of scams sweeping across the country”. He cited five million over-65s had been targeted and the Centre for Counter Fraud Studies warned pensioners are three times more likely to be scammed then burgled.
These scams usually involve conversations with the victim unwittingly parting with their money. The same tactics have been used against businesses too with scammers posing as banks, the HMRC and other respected bodies.
A report by BICS, a subsidiary of Belgian telecoms company Proximus, revealed 170 million fraudulent calls were blocked across the world in 2018 to hundreds of destinations costing an estimated $17 billion a year. The UK accounted for 25 million or 15% of these, which was by far the highest number for a country in the G20 group of large economies.
The crime in the UK relates largely to 070 premium rate numbers that are used to divert one number to another to maintain a user’s privacy. The owner of the number can also set the price people have to pay to make the call.
This has been abused by scammers who entice users to unwittingly return a missed call to an 070 number that looks to be from a normal mobile number in the UK. People who fall for the scam have regularly incurred huge costs after returning the dubious call. Ofcom has since introduced a cap of 0.5p a minute on the charge that it costs to call an 070 number; a drastic reduction from the £1.50 a minute that was allowed previously.
However, businesses can still become fraud victims without even answering their phones! We call this telecoms or dial-through fraud.
Rather than enticing people to call these numbers, hackers infiltrate phone systems and dial these numbers on your behalf…for hours at a time running up bills that run into thousands. They usually gain access via voicemail, message forwarding and call diversion features or by using malware or a phone system IP address to bypass corporate firewalls.
Businesses can protect themselves in the following ways:
- Frequently change PINs/passwords (including voicemail), especially when employees leave
- Ensure PINs/passwords are random and strong - do not use the default ones or obvious ones, e.g. 1-2-3-4 or 0-0-0-0
- Disable or restrict access to your voicemail from outside lines, e.g. remote workers
- Disable unwanted features
- Implement an effective call barring plan, e.g. no calls to international or premium rate numbers or no outgoing calls outside office hours
- Check your network provider can alert you quickly when an excessive charge is incurred
- Ensure your telephone system is fully up to date with current software/security levels
- Conduct a security audit of your telephone system like you would any of your IT systems
- Ensure your staff are fully trained on your telephone system so they fully understand how to use its features and the risks involved
Hackers like to strike when businesses are closed – overnight, weekends, bank holidays and longer breaks, such as Christmas and Easter – as their crime will go undetected for longer. This gives them time to steal more of your money. You can limit your liability with something like our Fraud Management Service, but it would best to not fall victim at all!
Newspapers and their websites often run stories on scammers that wheedle money out of business across the phone following a conversation, but rarely report on dial-through fraud. Businesses need to guard against both to prevent them from becoming another statistic and losing money.