In Australia over the last few years there has been an increase in pabx hacking and it can be a massive problem that could leave you $1000’s of dollars out of pocket. Phone system hacking is typically instigated by overseas scumbags (and I use this word lightly) that are exploiting well known weaknesses in phone systems locally, to help you prevent phone system hacking.
Their pabx hacking normally takes one of two forms:
- They hack the system to make international calls on your dime
- They hack the system to make calls to their own services (or services they have revenue share deals with) so they make more money. These are typically expensive premium rate information lines services that charge a fortune anyway (900 numbers in the USA and 1900 numbers locally). This is called International Revenue Share Fraud or IRSF.
How does phone system hacking actually happen?
If customers use default passwords on their system, voice mail or VoIP service, the international (sometimes local) aforementioned scumbags will know what they are by trying a couple of popular default codes. Once they have access to your system or voicemail they do their worst.
Most phone system fraud will occur at night as it is initiated by overseas operatives. Customers won’t know their phone system has been hacked until they get a massive phone bill. If they’re smart they won’t rack up a massive bill in one go. They might milk you systematically over a long period of time. They’re able to continue hacking your pabx becasue most customers don’t carefully check their phone bills. If you get a $14,000 bill as one person did you might start asking questions but if your bill was $200-500 more than normal most larger companies wouldn’t even know.
What can you do to prevent phone system hacking and fraud?
One of the easiest things you should do is block international phone numbers on your phone system. That is unless you deal internationally. Even then there may be only a few staff in the office that actually need to make those phone calls so you should block everyone else. You can also block 1900 and 900 numbers. No one in a typical company should be calling these numbers in a professional capacity. We had one customer years ago that called us after getting a phone bill with lots of sex line calls. It actually turned out that it was the night security man once we did a trace on the extension and time of calls. e have seen countless examples when examining phone bills for analysis that have involved staff calling astrology hotlines, gambling hotlines, lotto results etc. All of this can be eradicated with some simple pabx programming to stop hacking going on at all.
Here are even more ways to protect your phone system from being hacked:
- Don’t use default voicemail PIN numbers
- Delete voicemail boxes that are no longer in use from staff leaving etc.
- Cancel call forwarding or outbound call ability from your voicemail altogether.
- Make sure you aren’t using the default pabx admin password
- Totally eliminate after hours calling except for emergency or predetermined phone numbers.
- Disable DISA access unless absolutely necessary.
- Check your phone bills for after hours, weekend, holiday use and any weird numbers that are being called
All of these things can be easily performed by a qualified pabx technician either at the time of installation or with a service call. If your phone system supports remote maintenance then you don’t even need to have a tech attend site. Phone system hacking is a serious problem and one that is so easily alleviated if more customers were made aware before it’s too late and they’re victims of pabx fraud! Don’t let this be you.
