Wednesday, June 12, 2013

Telephone System Hacking | Eos Communications

?

Please read these basic steps to protect your Business

?

What is Phone System Hacking?

Phone system hacking is one of the many forms of cyber crime that is on the increase. Also known as ?toll fraud? and ?call phreaking?, telephone systems are hacked into and used to make calls, often to premium rate or international numbers. This can result in extremely expensive call bills. See: BBC Radio 4 programme: http://www.bbc.co.uk/programmes/p017fb0c

?

All telecommunications systems are likely to be attacked at some time, but some are more vulnerable than others. EOS Communications has introduced a very high level of security into our Hermes? VoIP System, which looks for suspicious activity and also has credit locking so that even in the event of a hack, the call costs are strictly limited. Clients using traditional PBX systems may have a somewhat higher level of risk and the key to minimising the risk hinges on getting the security right. The business client clearly has a responsibility and vested interest in minimising the financial risk to their Company.

The main points to consider are outlined below.

?

?How can you protect your business?

?

Basic Security Measures

These include:

  • Restrict certain numbers or destinations (e.g. premium rate and international calls)
  • Analyse PBX call logs and reports for anomalies, out of hours calls, etc.
  • Change voicemail passwords on a regular basis and avoid obvious combinations (e.g. 1234 or the extension number)
  • Lock surplus mailboxes and de-activate all unnecessary system functionality
  • Use smart cards or tokens if remote access ports are used
  • Restrict access to equipment (e.g. comms room)
  • Safeguard internal directories, call logs reports, etc. to prevent unauthorised access
  • Review procedures for leavers and for vetting new recruits
  • Review and update system security, with action plans for any weak areas identified

?

What if the worst happens?

It is highly advisable to review your insurance coverage in light of these emerging cyber risks. Once the risks have been identified and a management programme is in place, those risks that remain can be quantified and their consequences measured against the ability of the current insurance programme to respond.

Cyber fraud may be covered under a crime policy, along with theft from the company or customers, committed by an employee. However, many standard insurance programmes will not cover telephone fraud, with some crime policies being silent on the matter and others completely excluding it. A few provide an element of cover as standard, but only for an ?inner limit? and also only if certain security procedures are in place. However, insurers can often be persuaded to include it for a nominal additional premium.

?

Key Recommendation: Review your business insurance policy and ensure that it provides sufficient coverage for telephone fraud.

?

Discussion on Security Measures

Firstly, it is vital that employees are aware of the risks. Cases of Hacking are often linked with the stealing of authorisation codes and passwords. It is essential that your staff safeguard these. The numbers should never be written down or programmed into auto-diallers. If you have staff that travel outside of the office they should also be aware that criminals can be watching or listening in to phone calls in order to find out the relevant numbers.

It is important to establish the identity of anyone placing a reverse charge call to the company before accepting it. An ever increasing problem is the receipt of a phone call where the caller asks to be transferred. This is yet another way in which access can be gained to your network and an outside line. Establish a system whereby any suspicious activity is reportedly immediately to a manager.

?

Secondly, control of your phone calls is a good way to heighten the security of your firm. Most thieves will focus on making non-permitted long distance calls. You are able to place restrictions on this by eliminating or restricting unnecessary calls to other countries. This is ideal if you know the countries you do not do business with. You could also place limits on which of your staff are allowed to make such calls or on what times calls are made, as this could stop phone calls in the evening.

?

There are certain signals to look out for that will alert you of hacking. A growing number of thieves will try to deceive your workforce in order to gain access. For example, they could ring you on a local access number or 0800 service and ask to be continually transferred between personnel until they obtain an outside line. It is recommended that all of the following should be looked into; obscene phone calls, continuous hanging up of the phone, recurring incidents of asking for an invalid extension number, wrong numbers, callers asking who they have reached and silent calls that wait for you to hang up. All of these techniques have been used in the past and should raise alarm bells if they occur in your office.

?

Passwords are the easiest form of protection but there are several ways to make these more secure. The more characters you use the better. You should also avoid patterns in your system such as digits that follow in order or all of the same numbers. Do not use default passwords or access numbers as they are simple to crack. Keep away from making the password the same as the extension number or those which are related to the owner, such as an I.D. Room or social security number.

In line with this it is also advisable to frequently change the passwords. We would recommend doing this quarterly, as well as when anyone leaves the firm who had access to them.

?

In addition, you should keep a regular check on your voice mail system. Within this fraudsters could access board messages, make their own mailboxes or transfer until they find an outside line. You could stop this by the use of internal calls only within the voice mail, getting rid of mailboxes of previous employees immediately or making sure there are no spare, needless mailboxes. Users should change their Personal Identification Numbers routinely for access to the voice mailbox, as well as taking the previous advice of making sure that these involve the maximum amount of characters to reduce the chances of a hacker. Remote access telephone numbers should not be published either as this puts you at risk.

?

Next, auto-attendants answering the company?s telephones can also leave them open to fraud. The telephone hackers will go from the automated attendant and dial the 90XX or 900 extensions. On several exchanges these numbers will connect them to outside lines. You can limit or block the capabilities of local dialling or long distance trunks in order to stop this. Block access codes such as 900XXX can be used in these circumstances.

?

In summary, the best way to prevent hacking is to look out for the warning signs, such as anything out of the normal. This may manifest itself in the form of out of hours calls, calls to other countries that you don?t recognise having done business with or several incoming calls on your call detail records followed by long outbound calls.

Hacking can lead to very extensive losses that can escalate extremely quickly, so if you notice any of these signs you should call EOS and your line/least cost routing provider. We can then help you to prevent further instances of hacking. Although there is currently no totally foolproof way to stop hacking, you can educate yourself and your workforce to lower the chances of it happening, stop it if it occurs and thereby reduce the harm it can do. The most likely times for it to happen will be when security is lowest, which is normally outside of working hours. You should therefore keep a list of things to look out for as well as what to do if you notice them.

?

The Bottom Line

EOS Communications strongly recommends that all the telephone system-related applications are included as part of the company security policy and ensure that the insurance policy provides sufficient protection against the risks of hacking and fraudulent activity.

?

EOS Communications cannot accept liability for any cost incurred due to telephone system hacking of any kind and has taken all reasonable steps to prevent such incidents.

?


Source: http://www.eoscommunications.com/uncategorized/telephone-system-hacking-is-on-the-increase

bridge to nowhere primary results dale earnhardt jr michigan primary daytona 500 winner cleveland plain dealer john scott

Posted by at

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.

Subscribe to: Post Comments (Atom)