11 steps to reduce the risk of telecoms fraud over Christmas

11 steps to reduce the risk of telecoms fraud over Christmas

Jack Warhurst - Fraud, Collections & Credit Operations Manager

Jack Warhurst - Fraud, Collections & Credit Operations Manager

During public holidays the industry always sees an increase in attempted PBX hacks primarily due to the fraudster attempting to take advantage of empty premises or reduced business operations, such as the internal spend and usage monitoring.

The threat of hacks are too significant to be ignored. TalkTalk Business recently commissioned research with Cenuswide which indicates that over a quarter of businesses have fallen victim to a PBX hack in the last 5 years with the average cost of the attack reaching over £12,000.*

To help your customers increase their PBX security and get on the front foot in the fight to prevent financial loss, check out my 11 top tips:

  1. Lock down international and premium rate access if this type of calling is not going to be required.
  2. Remove all default password settings when deploying the PBX and limit access to any maintenance ports.
  3. Change passwords and access codes regularly and create longer passwords using both alpha and numeric. Avoid 000, 1234 and extension numbers.
  4. Consider limiting call types by extension - if a user has no requirement to ring international or premium rate numbers then bar access to them.
  5. Review any DISA (Direct Inwards System Access) settings and control or deactivate – this is typically used to allow employees to dial in from home to make outbound calls (usually high value call types – mobile and international in particular) via the company PBX .
  6. Secure the system physically - site it in a secure communications room and restrict access to that area.
  7. Regularly review call usage - Analyse billed calls by originating extension and identify irregular usage.
  8. Ensure you fully understand your systems functionality and capabilities and restrict access to those services which you do not use.
  9. Block access to unallocated mailboxes on the system and change the default PIN on unused mailboxes.
  10. Be vigilant for evidence of hacking – not being able to obtain an outbound line is usually a good indicator of high volumes of traffic through your system. Check for calls outside of business hours.
  11. Assess security of all PBX peripherals and applications: platform, operating system, password and permissions scheme. Carefully evaluate the security of any on-board remote management utility (e.g. PC Anywhere).

Lastly, I hope you and your customers have a great Christmas and prosperous New Year, should you have any questions for our Fraud team you can get in touch directly by contacting fraud@talktalkplc.com

*TalkTalk Business & Cenuswide Next Generation Voice Survey (1,000 participants)