Call Fraud and How to Prevent It
Imagine one day your company phone bill is $10,000+ more than usual. That’s quite the cost to absorb when you’re not expecting it. Depending on the size of your company, a phone bill like that could certainly make life tough. Unfortunately, something like that can all too easily happen if your business is lax on security.
What is Call Fraud?
Call fraud, also known as toll fraud, happens when hackers use your PBX (Private Branch Exchange) to place calls while leaving you on the hook for the bill. Your business can find itself with a costly phone bill overnight, thousands of dollars higher than usual.
- Use strong passwords. It may seem obvious, but the most basic way to improve security is to use more complex passwords. Change any default login information right away and don’t use common PINS such as 1234 and the like. It’s also a good idea to change your passwords every so often.
- Set up a firewall. This is something you’re probably already doing but is still worth mentioning. Just make sure everything is configured properly so there are no issues with your PBX.
- Disable or Restrict Voicemail Call Thru
- Do not post a DID directory online. Having a list of direct inward dialing numbers on your website or elsewhere gives options to hackers looking at your company.
- Restrict voicemail access attempts and disable old mailboxes. It might be a good idea to limit the number of failed attempts to access a voicemail box, both so a potential hacker doesn’t have unlimited tries and so you’re alerted to the attempt.
- Implement international calling restrictions. Since most call fraud cases have to do with racking up a large bill with international calls, a great way to fight it is to restrict international calling to only those employees who need it. You can also block certain high-fraud countries.
- Review call logs regularly. The best way to catch unwanted activity is to check for it! Reviewing your call logs for unusual activity is a simple way to monitor your business.
If you’re using a 3CX PBX, they have a list of common user mistakes that leave vulnerabilities. There top 5 include:
- Weak Credentials
- Allowing Remote Access
- Too Many Countries Allowed
- Lazy Outbound Rules
- Misconfigured E164 Settings You can read more about their top 5 most common user mistakes here.
Security With Voxtelesys
Voxtelesys has added safety measures to help prevent fraud as well as minimize the impact in the case a customer’s system is compromised. First of all, international calling is disabled by default. We allow international calling only if the customer requests it. Even then, we block the ultra high-cost calls and destinations that hackers normally call unless we receive a customer request.
If a customer’s system does end up compromised, that customer will be protected from losing more than a certain amount. We have a daily spend limit set to each account, $50/day by default. This limit can be increased as required on a per-customer basis. If a customer’s PBX is hacked, the most someone can steal is the daily spend limit. Once that limit is reached, usually at night when hackers think no one is watching, we disable the account and block all calls. This avoids the $10,000+ unexpected phone bills hackers might cause you at a different telephone company.
Contact us today and let us help you protect your company from call fraud.