When you think of unexpected financial liabilities for your company you might look to natural disasters such as hurricanes or business interruption like the COVID-19 pandemic. Most people, however, do not think of their phone system as a potential financial liability.
And they should as telecom fraud accounted for nearly $30 billion globally in losses in 2017, the last year surveyed by the Communications Fraud Control Association.
Like any Internet-connected devices, phone systems utilizing Voice over Internet Protocol (VoIP) or other means of Internet transmission, are susceptible to hacking.
Once fraudsters gain access to your PBX systems, they can make international and other long-distance calls, listen to your company voice mail, and monitor calls in real time. “It’s relentless,” Jim Dalton, founder of TransNexus, told the New York Times. “If you put a computer on the Internet, it immediately starts getting probed for a weak point.”
Call Forwarding Cautionary Tale
Telecom fraud can cost your business tens of thousands of dollars in a blink of an eye, or just a short weekend. In Georgia, a small company with seven employees, was hit with a $166,000 phone bill in one weekend as their system was hacked and calls were forwarded via their phone system to premium-rate numbers in the Maldives, Senegal, and Gambia.
The firm was using a Norstar Modular ICS and Call Pilot 100 key system with four analog lines connected to their telecom’s fiber optical network. The telecom fraudster hacked the password to the phone system and then configured the call forwarding to route incoming calls to overseas premium-rate numbers, the equivalent of 1-900 numbers in the United States.
The attack went undiscovered over the weekend with an average of a call every 2.67 seconds and more than 1,500 of the calls lasted one to four hours, racking up an enormous bill. Even though the company had just four phone lines, software allowed the hackers to make as many as 568 simultaneous calls through the phone system.
This type of fraud is called International Revenue Sharing Fraud (IRSF).
International Revenue Sharing Fraud On The Rise
International policing agency Europol calls IRSF the “most damaging fraud scheme to date.”
Europol says that telecom fraudsters partner with an International Premium Rate Number provider that charges high rates for call termination and agrees to share revenue for any traffic generated by the fraudster.
IRSF, according to Europol, is characterized by:
- A high-volume of international calls, often lengthy, to a single high-cost destination number
- Calls can be automatically generated by servers running stolen SIM cards or botnets, while others can be done by consumers
- IRSF calls can pass through six to seven operators before reaching their end point
- Since there are no actual customers to bill, the originating operator or hacked phone system, must pay for the calls
In 2014 the New York Times estimated IRSF accounted for $4.73 billion dollars in losses globally, up from $1 billion in 2011. That number has now risen to $6.1 billion in 2017, according to the 2017 Global Fraud Loss Survey.
2017 Global Fraud Loss Survey
The Communications Fraud Control Association’s 2017 Global Fraud Loss Survey is a respected report taken from interviews with fraud and security experts.
The survey found there are many ways telecom fraudsters can hack phone systems, including:
- Subscription Fraud (Identity), $2.03 billion in losses
- PBX Hacking, $1.94 billion
- IP PBX Hacking, $1.94 billion
- Subscription Fraud (Application), $1.93 billion
- Subscription Fraud (Credit Muling/Proxy), $1.75 billion
What You Can Do To Stop Telecom Fraud
The top two things a business can do to prevent telecom fraud is to practice strong password management with their phone system and disable any features, such as call forwarding, that can be used in hacks.
Other preventive measures include:
- Remove any inactive or locked mailboxes
- Apply restriction filters to voice mail ports
- Block international calling which your company does not require
- Block 1-900, 1-976, 1010XXX and 101XXXX dialing in your system
Moving your business communications to PLW Hosted PBX Services will eliminate any possibility of toll-fraud risk with your legacy-based phone system. Contact PS LIGHTWAVE today to learn more.
PS LIGHTWAVE provides high-speed, fiber Internet for public and private commercial entities in the Greater Houston and surrounding areas.
Through our high-quality infrastructure, innovative technology and expert, locally based support, we deliver not only the best in connectivity and reliability but in scalability and redundancy. We invite you to learn more about our services, our history and our dedicated team.