Phone hacking is constantly in the news.
The practice of manipulating or gaining unauthorized access to phone systems and mobile phones is known as Phone hacking. Hackers take advantage of the fact businesses are closed for longer periods over holidays and weekends. This makes it the period they are most likely to strike. We wanted to make our customers aware of the risk. Phone hacking can have devastating effects on your business, in terms of surprise call costs.
Security of any telephone system or computer system is a balance between ease of use and protecting the system. Typically, the easier to access and use, the less secure a phone system could be. Some precautions are very easy to implement.
This results in the devices and services being more easily and more often hacked. If you want high security, expect to have some inconvenience. Research has shown that the most commonly used PIN numbers are “0000” and “1234”. Beware using personal information, like dates of birth as this can be known or easy to guess. Dont make phone hacking easy for the hackers!
The National Fraud Intelligence Bureau (NFIB) is warning small to medium-sized businesses, schools, charities and medical/dental practices of phone system fraud. This is where fraudsters hack into phone lines and make premium rate or international calls costing thousands of pounds. Estimates show that since the end of June 2013 there have been over 500 Action Fraud reports relating to this – costing victims over £10m.
The victims are often small to medium-sized businesses. The NFIB has also noticed that a number of schools, charities and medical/dental business practices are being targeted.
Dial-through fraud occurs when hackers target Private Branch Exchanges (PBX) from the outside and bridge through them to make a high volume of calls to premium rate or overseas numbers. PBX are the phone systems on customer premises which are connected to the outside world via SIP, ISDN or analogue connections.
As a result, this type of fraud is most likely to occur when organisations are most vulnerable. Typically when businesses are closed is the most likely time for this to occur. The hackers know that the customers telephone systems are NOT always closed at this time. Examples are in the early hours of the morning or over a weekend or public holiday.
How to protect against this type of phone hacking fraud
Use strong pin/passwords for your voicemail system and ensure staff change them regularly. Do not make it obvious, by using simple ones like 1234, 4321, 6666 or other repetitive digits.
- Make your voicemail pin number longer as most systems will accept 8 digit numbers and some as many at 15.
- Disable access to your voice mail system from outside lines. If this is business critical ensure the access is restricted to essential users and they regularly update their pin/passwords
- If you do not need to call international numbers/premium rate numbers e.g 0906xxx, ask your telecoms provider to place a restriction on your telephone line.
- Ask your network provider to block outbound calls at certain times, perhaps out of business hours.
- Ensure you regularly review available call logging and call reporting options.
- Regularly monitor for increased or suspect call traffic.
- Check Hunt Group voicemails as well, to see if they have a similar pin number or call back access feature.
- Speak to your maintenance provider to understand the threats and ask them to correct any identified security defect.
In summary, creating a process and mindset around regularly understanding the threats posed by hacking in ones phone service is critical. After all, it is the businesses responsibility to protect itself from any unforeen security breaches.