Criminals have been targeting business phone systems for years, for the purpose of committing toll fraud.
This is the first installment of a two-part series on the PBX’s role in toll fraud.
Toll fraud is a serious problem. Large businesses and government organizations have experienced losses in the hundreds of thousands of dollars. Typically the crime is committed through illegal access to an organization’s Private Branch Exchange (PBX) or phone system.
The customer is responsible for toll fraud if the calls originate from their PBX. The long distance carrier is under no obligation to reverse the charges. The only reason a carrier might do so is as a measure of goodwill or due to an upcoming contract negotiation.
Insurance carriers will only cover the loss if it can be proven to be the result of employee dishonesty and the company possesses that type of coverage. It does not fall under property loss, however, because toll charges are not considered tangible property. If a business were able to convince an insurance carrier that their loss was a tangible one, the carrier would deem the crime as an off premise theft, which would limit the amount recovered.
There are a number of methods a criminal can use to access a company’s PBX:
Direct Inward System Access (DISA) is a feature that gives employees remote access to their company’s phone system. It is used to reduce the cost of outbound calling for remote and traveling employees. Criminals purchase access codes from unscrupulous or ex employees. They have even video taped business people placing calls on pay phones to uncover their dial in phone numbers and access codes. Once they have these codes, criminals resell long distance in call-sell operations.
Remote Maintenance and Testing System Ports (RMATs) allow a technician to access a phone system remotely to troubleshoot or make system changes. The port can also offer access to a company’s phone system to hackers who can then manipulate the system to permit fraudulent calling. This frequently occurs on a Friday night so unauthorized toll calling can occur undetected all weekend. Toll charges in the hundreds of thousands of dollars can be generated.
Voicemail or auto attendant. Hackers enter a phone system the same way employees access their voice messages remotely or an incoming caller accesses different extensions on a phone system. Once they have access they attempt to crack a password and take over the functionality of the phone system.
Toll fraud is serious threat and businesses need to take the proper precautions to protect themselves. In the next installment of this series, we detail the methods a company can utilize to protect their phone systems and prevent toll fraud.