11 steps to reduce the risk of telecoms fraud over Christmas

11 steps to reduce the risk of telecoms fraud over Christmas

Kara Howard, Head of Communications Portfolio

Kara Howard, Head of Communications Portfolio

Did you know that during public holidays the industry sees an increase in attempted PBX hacks? During the festive period, business premises are often left empty or operate on skeleton staff. Fraudsters attempt to take advantage of this by hacking into the internal spend and usage monitoring.

Typically, PBX fraudsters make their money by making lots of calls to premium rate international numbers from someone else’s PBX and then sharing the revenue with whoever rents the number.

The threat of hacks are too significant to be ignored. TalkTalk Business has previously commissioned research with Cenuswide which indicated that over a quarter of businesses have fallen victim to a PBX hack in the last 5 years with the average cost of the attack reaching over £12,000.* Can your customers afford to take the risk? 

Tips to increase PBX security 

To help your customers increase their PBX security and get on the front foot in the fight to prevent financial loss, check out my 11 top tips:

  1. Lock down international and premium rate access if this type of calling is not going to be required.
  2. Remove all default password settings when deploying the PBX and limit access to any maintenance ports.
  3. Change passwords and access codes regularly and create longer passwords using both alpha and numeric. Avoid 000, 1234 and extension numbers.
  4. Consider limiting call types by extension - if a user has no requirement to ring international or premium rate numbers then bar access to them.
  5. Review any DISA (Direct Inwards System Access) settings and control or deactivate – this is typically used to allow employees to dial in from home to make outbound calls (usually high value call types – mobile and international in particular) via the company PBX .
  6. Secure the system physically - site it in a secure communications room and restrict access to that area.
  7. Regularly review call usage - Analyse billed calls by originating extension and identify irregular usage.
  8. Ensure you fully understand your systems functionality and capabilities and restrict access to those services which you do not use.
  9. Block access to unallocated mailboxes on the system and change the default PIN on unused mailboxes.
  10. Be vigilant for evidence of hacking – not being able to obtain an outbound line is usually a good indicator of high volumes of traffic through your system. Check for calls outside of business hours.
  11. Assess security of all PBX peripherals and applications: platform, operating system, password and permissions scheme. Carefully evaluate the security of any on-board remote management utility (e.g. PC Anywhere).

Lastly, I hope you and your customers have a great Christmas and New Year, if you have any questions for our Fraud team you can get in touch directly by contacting fraud@talktalkplc.com

*TalkTalk Business & Cenuswide Next Generation Voice Survey (1,000 participants)