What Is PABX Fraud & Why Do You Need To Know About It?

If your business utilizes a PABX Phone System, there is a good chance you chose it for it’s convenience and cost-effectiveness, but there is also a good chance that you are unaware of it’s extreme security risk to your business.

What Is PABX Fraud?

PABX or Toll fraud and now known as ‘Phreaking’ is when hackers fraudulently access a company’s PABX system and uses it to make expensive long distance calls. This fraudulent activity is beginning to impact Australian businesses quite heavily.

Who Is Responsible?

The long and the short of it: You are. Obviously that’s never a nice thing to hear, but your telecommunications provider will charge you for all charges on your telecommunications account, regardless of whether they were authorized or not.

It is up to the owner to provide and maintain the security of their PABX – but it is on the PABX provider to advise you and brief you on how you can protect yourself.

CUBE Voice & Data can provide preventative advice related to your specific PABX.

Whilst you are responsible, it goes without saying that CUBE Voice & Data will alert you if we are notified of any activity which we may deem unusual. Possible security breaches to the system or charges incurred on your account, but are usually only picked up after the activity has occurred.

So, How Can You Protect Yourself?

As a rule, CUBE Voice & Data puts a barring on disables all calls to international numbers, unless you specify that this needs to be enabled.

  • Refrain from using default pin numbers like 1234 or 0000.
  • Regularly change your voicemail pins.
  • Disable the ability to outbound call or call forward from your voicemail ports.
  • Disable or delete any unused voicemail boxes.
  • Disable DISA (Direct Inward System Access) access ports unless absolutely necessary.
  • Keep your PABX admin access unit in a safe and secure location.
  • Enable the ‘Restrict After Hours’ outgoing call function.
  • Review accounts monthly and look for unusual call records or discrepancies against normal use.
  • Observe call times: Heavy call volumes at nights or on weekends and public holidays.

How Do They Do It?

As software and hardware becomes more sophisticated, so do the hackers and their ability to exploit weaknesses in company’s PABX systems.

They figure out the 4 digit voicemail access pins and gain access to the DISA then they reprogram the PABX system to make international calls. To avoid being detected, the hackers will attempt to gain access when you are typically away from the business i.e. at night, on weekends and on public holidays.

Why Do They Do It?

Money! They receive income by utilizing their own premium rate services quite often on-selling the calls being made from your company’s PABX lines.

What Should You Look Out For?

First and foremost, review your monthly accounts and look for any irregular activity – or make yourself aware of ‘normal activity’.

Obvious irregular activity:

  • Heavy call volumes late at nights or on weekends and public holidays.
  • International calls on your bill to places you don’t usually call.

Less obvious activity:

  • Hearing a ‘busy’ error message, whilst attempting to retrieve voicemail.
  • Calls of very short duration on your bill i.e. calls under ten seconds.

PABX Fraud has a serious Impact on these businesses – don’t let it happen to yours.

Case Study 1: A Melbourne based real estate company was the victim of PABX Fraud. Hackers had accessed the company’s system through the roaming sales executives’ voicemails. Over 4000 calls were made to Sierra Leone during an 8-hour period.  Luckily the customer was alerted and international calls barred within a 24-hour period however the customer had $12,000 worth of calls to Sierra Leone. After a lengthy TIO investigation the customer was ordered to pay the charges.

Case Study 2: A government department was a recent victim of PABX hacking. Although advised, the problem was not rectified for a number of days after the initial breach. The customer eventually received their bill to find out that $80,000 worth of calls to Columbia occurred as a result. The customer was liable to pay the charges.

­­Case Study 3: A small construction business suffered a recent PABX attack. The business was surprised when they received a bill from a different carrier to their normal provider, itemising calls to Liechtenstein totalling $8,500. The customer did not usually make calls overseas but still had International access on their phone lines.

http://www.darkreading.com/attacks-breaches/man-admits-to-laundering-$196-million-in-hacking-telecom-fraud-scam/d/d-id/1324296

http://www.afr.com/technology/time-to-face-up-to-the-problem-of-toll-fraud-in-the-telco-industry-20160331-gnv2pb

http://www.stuff.co.nz/business/small-business/64341406/smes-vulnerable-to-phreaking

Please Note: No responsibility will be taken by CUBE Voice & Data should your PABX system become compromised. Your company will be required to pay any charges generated as a result.