Whatever happened to telecom fraud? Does it still exist? Should you as a business owner be concerned? Despite huge advances in security technology and increased telecommunication security protection and customer awareness, phone fraud continues to be a major concern for all businesses. Just the thought of the possibility of thousands of dollars in losses to a business because of phone fraud is daunting. The fact is that phone fraud still has the potential to put your business out of business and that is a scary proposition. Even with the advent of VOIP technology, the thieves have continued to figure out how to hack even the most complicated systems and companies like yours and mine can still suffer as a result.
Telecom Fraud Types
There are three primary kinds of phone fraud that most of us should be concerned with and that will be addressed in this article. Nuisance fraud (cramming and slamming), proprietary phone system (PBX and key system) fraud, voice mail fraud and the newest challenge, VOIP phone system fraud.
Nuisance Fraud: Most of us as business professionals will at some time or another encounter nuisance fraud, otherwise known as slamming and cramming. Nuisance fraud usually cannot make or break a business when it strikes, but it can drain revenues if left unchecked on the phone bill.
Cramming occurs when a third-party provider charges for services or fees that the customer has not authorized. These charges are neither ordered nor desired by your company. These charges can include products and services such as bogus voice mail service charges, operator assisted calls, calling card programs, monthly service fees and credit check services. Also, bogus yellow pages and white pages advertising can also mysteriously appear on your business phone bills or be billed to you directly.
Cramming is the addition of charges to a subscriber’s telephone bill for services which were neither ordered nor desired by the client, or for fees for calls or services that were not properly disclosed to the consumer. These charges are often assessed by dishonest third-party suppliers of data and communication service that phone companies are required, by law, to allow the third-party to place on the bill.
Have you ever looked at your local telephone bill and seen odd charges from “other service providers that you do not recognize?” If you have, chances are very good that you’ve been crammed. For large businesses, the charges are buried deeply in the bills and are difficult to notice, and can go on for years, month after month without being noticed.
How can you get refunds and combat cramming? First, call your local phone provider and ask them to reverse the charges to the offending party. In most cases, they will. If they do not cooperate, contact the FCC, your better state attorney general and the FTC to lodge a complaint. However, first let the crammer know that you would like give them the opportunity to refund your money.
Slamming can occur when there is an unauthorized switch or change of a carrier providing local, local toll or long distance service. Slamming is frustrating because dishonest phone companies are able easily to change or “pic” your long distance service to their plans, often at a much higher rate than your preferred or selected carrier had provided. Even after you discover the fraud, there is still the headache of switching all of your lines back to the long distance provider you should have and getting the fraudulent service to issue you a refund. How do you prevent it? Ask the carrier to put a “pic freeze” on your phone lines. Insist on a corporate password for access on your all of your local, cellular and long distance phone accounts and restrict all access to those accounts to two key people in your company.
Phone system and voice mail fraud: These kinds of frauds continue to be problematic for many companies and will continue to persist as long as companies have PBX and Key type phone systems in place and long distance calls cost money and hackers can easily gain access. Proactive prevention of this type of fraud is much easier than correcting it once it’s occurred and let’s face it, like most criminals, hackers are lazy and they’ll leave your company alone and go someplace else if your system has the necessary safeguards in place. First, make sure that your phone system manufacturer provided master default passwords for your phone and voicemail systems are changed at your location. Hackers know these passwords and can easily hack your system if they can get access. In fact, many of these phone system master passwords (i.e.: Avaya, Siemens, Nortel, Mitel, Cisco) are posted on the internet, available to anyone. A password change can be done by placing a call to the company that maintains services your phone systems.
Also, make sure that your remote access to you phone systems are secure. This can often be done by using security encryption technology for remote access to your system. Next, make sure that your employees do not use easy passwords like “1111″ to access their voice mail boxes. These can be easily hacked. Also, set your voice mail system to automatically prompt and ensure that employees to change their passwords every 90 days at minimum. When employees leave the company, make sure that you delete their unused voicemail boxes as quickly as possible. Why? The hacker takes control of the voice mail box and records the word “yes.” He then places a third party and instructs the outside operator to call the number of your departed employee’s old mailbox. The operator says, do you accept third party charges for Mr. Jones’ call and the voice mail box answers, “yes” as programmed.
Another major threat to companies today is the problem of weak links in personnel, particularly the company receptionist. This is sometimes referred to as “social engineering fraud.” Employees and your receptionist should be alert for a call that is received whereby an individual may identify him/herself as someone working for the phone company who is testing lines. They might say, “I’m with the phone company and I’m running a test on your phone systems, please transfer me to a particular extension.” Transferring a caller to certain digits first accesses an outside phone line “dialing 9″ and “dialing the 0″ accesses the outside operator who can facilitate a call to anywhere in the world for the crooks. The calls are then back billed to your company. Hackers have also been known to use other ploys like finding out who the board members for large companies and then impersonating that individual on a call to that company. The receptionist may not be able to recognize their voice because typically board members don’t interact with receptionists as much as employees do. However, due to a board member’s prestige, power or reputation in the company, the receptionists are well aware of their power, so the caller is able to get unlimited transferring ability to commit his crimes. The crime usually is not discovered until after the arrival of the phone bill. Warn the receptionist and employees of this ploy. Numerous companies milked for thousands of dollars in overseas calls because of this crime.
If your business has a toll-free inbound number, be on alert! Hackers can call in on the toll free number and use codes and features to place calls overseas or ring up service charges on paid calling services.
Another thing you should do is restrict some call forwarding and conferencing features on your company phone system that might assist hackers in forwarding calls on your dime. Arrange to meet with your phone system vendor to conduct a vulnerability analysis ensure that your phone system is secure. Most of the larger telephone equipment manufacturing vendors, Siemens, Avaya, Nortel and Mitel have security bulletins and security support programs to help keep your systems secure and up to date.
VOIP fraud: The third and final telecom voice fraud concern to be discussed is the latest threat to companies and that is VOIP fraud. Voice over IP fraud is still in its infancy but becoming more prevalent. Again, as previously mentioned in the earlier section regarding phone system fraud, one of the best ways to prevent this kind of fraud is to change the system passwords in your VOIP phone system.
There is starting to be increased attention surrounding recent attacks on VOIP systems but actual cases of documented fraud are now just starting to become a problem. In 2007, two men were arrested because they routed calls through unprotected network ports at other companies to route calls onto providers. Over three weeks, the two routed half a million phone calls to a VOIP provider. Federal investigators believe the two made as much as $1m from the scam. Nevertheless, actual cases of VOIP fraud on these systems are still somewhat rare, however, there is a lot of potential for harm as vulnerabilities and holes in security are becoming more prevalent and more easily exploitable by resourceful hackers.
VOIP hackers can exploit system passwords to gain access to company VOIP voice systems and have and can potentially steal millions of minutes of long distance service. How? Hackers read up on VOIP vendor security bulletins and gather public information on company IP addresses that are posted on the internet, which allows them to hack into client systems. They devise and use customized software code to decipher access codes and access exposed data ports and data gateways and computer systems. Hackers can find it easy to use default or poorly chosen passwords.
To counteract these attacks on your company and keep updated with the latest security technology and VOIP fraud prevention advice, consult with your VOIP equipment vendors and ask specific questions on how to best protect your systems. If you have a large VOIP system, it may make sense for you to have a professional conduct a security audit on your system. IP business consumers and IT managers need to use the latest encryption techniques for their network access and train and monitor their employees on effective safeguarding of their company data and IP system information.
Shoulder surfing alert still applies. I often go to a coffee shop to access their wireless network to make some low cost long distance business calls from my VOIP account. However, a person could easily peek over my shoulder and access my login and password. Armed with this information, they could sell or access my carrier account information and do a lot of damage to me and my company.
How To Spot Telecom Fraud
The best way to determine if a telecom fraud is being committed on an organization is to do an extensive telecommunications audit and complete phone system review at least once per year.
Mark Evans is Principal and founder of BottaBoom Consulting LLC, a contingency-fee based telecommunications audit company that has been saving organizations money for years and fighting phone fraudsters. In his words, “Reviewing phone bills is like trying to find hidden treasure, and there is a lot of gold to be found in almost every company’s phone bills.” BottaBoom offers clients a free introductory cursory phone bill audit to see if a more-in-depth audit is of value to the client. Clients realize a majority of their savings if a full blown telecommunications audit is conducted thereafter. His company can be reached at their website:http://www.bottaboom.com or by direct by phone at: 520-579-8454.
Tags: phone bill audit, telecommunications audit
