HOW TO PROTECT YOURSELF FROM TOLL FRAUD

There are many different types of toll fraud and we won’t be going into all of them today. Instead we are going to focus on the one we see as being the most pertinent to Australian businesses: PBX hacking. Typically a scammer will write a script that crawls the internet looking for vulnerabilities in companys’ firewalls (like open ports). Once an opening is detected, the scammer can then punch requests at it in order to tease out information about what the system is and how it might be vulnerable. Eventually they will have all the information they need to brute force their way through the firewall. For anonymity purposes and to reduce their own infrastructure costs, experienced scammers will do this via either a proxy, or a botnet (sometimes called a zombie network) of previously hacked computers.

Once the firewall has been breached the scammer can gain access to the PBX, build a back door into the system, and use it to route as much traffic through it as they think they can get away with.

WHAT DO TELCO’S DO TO PROTECT AGAINST IT

From the Telco’s perspective (assuming it has been done elegantly) toll fraud is very difficult to detect. This is due to the fact that the traffic appears to be authentically originating from the company’s PBX with the source IP, user account, user ID, and password all matching the company’s records.

This means that some of the best tools in a telecommunications provider’s arsenal are the ability to monitor for the presence of toll fraud by scanning for atypical call activity, and the imposition of limitations to minimise the damage that can be done. For security reasons we will refrain from going into specifics, but the following list represents some typical strategies that providers employ:

IMPOSING CHANNEL LIMITATIONS

Along with bandwidth limitations, toll fraud is one of the primary reasons that providers limit the number of concurrent calls that can be made from a single PBX. While this tactic may not actively discourage fraudsters, it limits the amount of damage that can be done over a short space of time. Because providers can see the number of calls that are attempting to connect (not just the ones that get put through) they are able to use this as an indicator of abnormal traffic activity. Additionally, because the vast majority of call fraud occurs to international numbers, providers will often impose separate limitations on how many concurrent international calls a customer can make.

IMPOSING A THRESHOLD ON THE MAXIMUM PER MINUTE COST OF A PHONE CALL

Providers often impose an upper limit on the per-minute costs of calls that they are happy to connect, unless clients have specifically request that this limitation be removed. This limitation is used to prevent scammers from being able to dial premium rate numbers.

LIMITING THE AMOUNT OF CREDIT THAT A COMPANY IS EXTENDED

In a worst case scenario, telecommunications providers seek to protect their customers from exorbitant call costs by placing an upper threshold on the amount of billable calls that a company is able to incur. The rules around this differ from provider to provider, and are likely to be dependent on the size of a company’s average bill, so it is worth checking with your provider what your limit is and negotiating an increase or decrease as you see fit.

WHAT CAN YOU DO TO PROTECT AGAINST PBX HACKING?

USE COMPLEX AND VARIED PASSWORDS

Time and time again we find toll fraud comes back to weak passwords. So even though it seems obvious, we are going to say it anyway: “Don’t use common passwords like 1234, password, guest, 1000, test, or the same four digit code as the extension phone”. If you have trouble remembering your passwords, either use some secure software like Keepass to generate and keep track of them, or use a combinations that are easy to remember like “14CharlieSheen?” or “3BlindMice!”.

CHECK YOUR ISDN FAILOVER CONFIGURATION

If you are using SIP based telephony, but have also chosen to maintain or setup a failover to an ISDN line, make sure your ISDN lines can’t be used to call high toll numbers. Why? Because if a scammer bombards your PBX with traffic, it is likely that some of the fraudulent calls, being unable to connect via SIP, will fail-over to the much more expensive ISDN connection.

BLOCK COUNTRY PREFIXES

Most PBX’s allow customers to block outbound traffic to international numbers. So if you only conduct business domestically this is one of the best options available. Not only does it impose additional limitations on hackers, it is capable of preventing other less technologically advanced forms of toll fraud (such as late night staff making long calls to family members in other countries). Even if your business frequently needs to call international numbers, it is still unlikely that it will need to call all of them. As such, we recommended that you block all unnecessary destinations. Unless you have a clients or suppliers in these countries, this list of the top destinations for toll fraud call terminations might be a good place to start.