You power down for the last time, wish your colleagues farewell for a week or two, and close the door behind you. You jump in your car and venture home to adopt your position in the comfy armchair, forgetting all about the office you left behind.
Meanwhile, crafty criminals set to work, toiling away to find a way into your communications systems in order to make costly outbound calls to premium rate numbers, mobiles and even international destinations.
It may sound far-fetched, or even impossible, but try telling it to a victim of toll fraud who has been slapped with a bill for thousands. It happens frequently, nobody is totally safe, and the only way you find out about it is when the bill lands in your inbox.
However there are certain measures and precautions that you can take to help mitigate the risk of toll fraud.
What is Toll Fraud?
A crime in which a "hacker" obtains access to your telecommunication services by breaching computer security, accessing your PBX and using its communication facilities illegally.
Toll fraud is estimated to cost UK companies in excess of £1.3 billion a year.
How to Protect your Systems
Toll fraud usually occurs outside of business hours when the activity is likely to go unnoticed.
Fraudsters can make huge volumes of calls, running up bills of thousands of pounds per trunk, per day, and because carriers are providing their services legitimately you will be liable to foot the bill.
A bad case of toll fraud can have serious financial impact on your business.
If you haven’t done so already, we recommend getting a ‘Fraud Risk Assessment’ conducted on your system. This will help highlight some key areas that can help prevent fraud on your system such as:
- System administration passwords
- Random mailbox password checks
- Review switch setup
- Update barring policies
- Additional programming requirements
- Next actions to protect the system
Key Steps to Implement Now
We can’t eliminate the risk of toll fraud, but taking the steps outlined below and carrying out the recommendations highlighted through a risk assessment will certainly help mitigate the impact.
- If you have SIP Devices (iPad, soft phone, mobile client, SIP phones etc.):
- You MUST ensure that there is a ‘strong’ password used – not the extension number or easy-to-guess passwords.
- You should only use SIP devices if both the phones system and the SIP device have a mechanism to secure SIP (Digest Authentication etc.)
- Never expose SIP phones (softphones or hardphones) to the Internet without encryption or a VPN.
- Ensure that your individual voicemail box users have changed their passwords
- Consider changing to 6 digit passwords and changing frequently
- Remove unused IP or analogue extensions and mailboxes
- Keep all your information safe
The last thing you want is to find that your system has been breached and you have a large bill to pay. Let us help you mitigate that risk.
Speak to us about Toll Fraud to learn how we can help, get in touch with us today.