Categories
No category

Protect against telephone PBX fraud

The council receives regular alerts from the police and national fraud agencies relating to organised fraud. There has been a recent fraud alert which the police say has been specifically targeted to schools in relation to telephone services. Please check your systems and follow the guidelines below. If you have any concerns, please contact the council’s Fraud Team.

Telephone PBX fraud
Private Branch Exchange (PBX) is a telephone switching system that connects internal telephones, as well as connecting them to the Public Telephone Network, and Voice over Internet Protocol (VoIP) providers. The PBX will often allow access to voice messaging systems. PBX fraud occurs when hackers target these systems from the outside and use them to make a high volume of calls to premium rate, or overseas numbers, to generate a financial return for themselves.

How does it work?
Depending on the type of system used there are a number of ways a hacker may gain access to a PBX system including: Incorrectly configured firewalls and set ups, poor security settings, lack of maintenance as well as the use of default/easy passwords.

Once access is gained, the criminals can exploit services such as voicemail, call forwarding and call diversion to direct calls to a number of their choosing. This will often be to premium rate or international numbers.

In this fraud, the criminal tends to make their money in two ways:

  • Dialling premium rate numbers that are associated with international calling companies.
  • Dialling international numbers through the compromised telephone system, most noticeably to Eastern Europe, Cuba and Africa.

This type of fraud is most likely to occur when organisations are most vulnerable i.e. during times when businesses are closed but their telephone systems are NOT, for example in the early hours of the morning or over a weekend or holiday.

How can schools protect against PBX fraud? 

  • If you still have your voicemail on a default PIN/password change it immediately.
  • Use strong PIN/passwords for your voicemail system, ensuring they are changed regularly.
  • Disable access to your voicemail system from outside lines. This is usually used for remote workers to access. If this is not business critical then disable it or ensure the access is restricted to essential users and they regularly update their PIN/passwords.
  • If you do not need to call international numbers/premium rate numbers, ask your telecoms provider to place a restriction on your telephone line.
  • Consider asking your network provider to not permit outbound calls at certain times e.g. when your business is closed.
  • Ask your telecoms provider to alert you immediately if there is any unusual call activity taking place on your telephone lines.
  • Ensure you regularly review available call logging and call reporting options, regularly monitor for increased or suspect call traffic.
  • Secure your exchange and communications system, use a strong PBX firewall and if you don’t need the function, close it down.
  • If you use a maintenance provider speak to them or ensure that the person responsible for the PBX understands the threats and ask them to correct any identified security defects.

 

Leave a Reply

Your email address will not be published. Required fields are marked *