Theft of long distance service, telecommunications services and toll fraud come in many different forms. Understanding your telecommunications system and the techniques used by the criminals are key to limiting your vulnerability to this type of crime. SimpleVoIP is dedicated to providing information and updates to help protect our customers from fraud-related activity.
Understanding the different types of fraud that could affect you.
Hackers use a carrier's network to process illegal phone calls by infiltrating your phone equipment.
PBX/VOICE MAIL FRAUD
This is far and away the most prevalent type of fraud out there right now and the biggest threat to businesses that use a PBX or Voice Mail. Hackers will gain access to your phone system and place Long Distance calls directly from your lines. Access to your system is most commonly gained through voicemail with weak passwords. Once inside your system they use the system commands (for example "0 out" option) to gain dial tone and place calls that look no different from any other call originating from your business. They can also gain access via factory set system passwords that were not changed upon installation. Since this type of fraud occurs as a result of access of customer purchased equipment and weak password management, you will usually be held responsible.
SimpleVoIP has taken many security measures to reduce the chance of hacking on the Hosted PBX platform including Local Calling Area NCOS on the "0 out" option, call log availability and password change access through the Admin portal. Clients should know about these tools and use them to monitor their system.
SimpleVoIP Network Security is an internal department within SimpleVoIP. In this capacity, the team monitors our network solely for the protection of SimpleVoIP. Network Security has no obligation to provide security to our clients. It is only as a courtesy that they may identify and communicate unusual call volumes, tolls, and traffic to our client. The restrictions put on phone equipment are the client's responsibility.
Ways to protect yourself
Calls cannot be made from your phone lines without your consent or knowledge if you put restrictions in place. These restrictions are generally arranged through your interconnect and/or company that sold and services your phone equipment. We hope the information below will assist you in opening that communication.
Protect and Secure your System(s)
- Restrict access to specific times (business hours) & limit calling ranges;
- Block all toll calls at night, on weekends and on holidays;
- Restrict call forwarding to local calls only;
- Block all 10XXXX calling from your PBX if this service is not necessary;
- Block, limit access or Require attendant assistance to overseas calls;
- Establish policies on accepting collect calls and providing access to outside lines;
- Educate switchboard operators and employees;
- Secure equipment rooms (lock up all telephone equipment & wiring frames).
PBX (Private Branch Exchange) and DISA (Direct Inward System Access)
- Change default codes after installation of new equipment;
- Never publish DISA telephone numbers;
- Issue a different DISA authorization code for all users and warn DISA users not to write them down;
- Do not use sequential access numbers;
- Use longer DISA codes (minimum 7-9 digits) and change the codes regularly;
- Disconnect telephone extensions that are not in use;
- Restrict DISA access at night, weekends and on holidays (prime time for fraud);
- Block or restrict overseas access;
- Program your system to answer with silence after five or six rings (hackers look for systems that answer with a steady tone);
- Identify invalid access attempts to your DISA and route them to an operator;
- Implement DISA ports that drop the line when an invalid code is entered;
- Program your PBX to generate an alarm when an unusual number of invalid attempts are made, and to disable the port after a set number of invalid attempts.
- Establish controlled procedures to set and reset passwords;
- Change passwords regularly;
- Use maximum length passwords for system manager box and maintenance ports;
- Prohibit the use of trivial, simple passwords (i.e. 222, 123, your last name, etc.);
- Limit the number of consecutive log-in attempts to five or less;
- Change all factory installed passwords;
- Block access to long distance trunking facilities and collect call options on the Optional Auto Attendant*;
- Block or restrict overseas access;
- Block or preferably delete all inactive mailboxes;
- Limit your out-calling;
- In systems that allow callers to transfer to other extensions, block any digits that hackers could use to get outside lines, especially trunk access codes;
- Conduct routine reviews of the status of your system and system usage.
If you have been a victim of fraud or would like more information, please contact our Customer Care team here.
*Additional charges may apply