Case Studies

PBX fraud warning

by Mark Rowe

The National Fraud Intelligence Bureau (NFIB) is warning businesses of PBX fraud – where fraudsters hack into phone lines and make premium rate calls. PBX/dial-through fraud occurs when hackers target Private Branch Exchanges (PBX) from the outside and use them to make a high volume of calls to premium rate or overseas numbers. PBX are systems which enable organisations improved communication.

The victims are often small to medium-sized businesses, but the NFIB has also noticed that schools, charities and medical/dental practices being targeted where fraudsters are taking advantage of flaws in security systems. Since the end of June 2013 there have been nearly 500 Action Fraud reports relating to this – costing victims over £6m.

This type of fraud is most likely to occur when organisations are most vulnerable; at times when businesses are closed but their telephone systems are NOT, for example in the early hours, or over a weekend or public holiday.

Advice – visit http://www.actionfraud.police.uk

Use strong pin/passwords for your voicemail system, ensuring they are changed regularly.
If you still have your voicemail on a default pin/password change it immediately.
Disable access to your voice mail system from outside lines. If this is business critical ensure the access is restricted to essential users and they regularly update their pin/passwords
If you do not need to call international numbers/premium rate numbers, ask your telecoms provider to place a restriction on your telephone line.
Consider asking your network provider to not permit outbound calls at certain times such as when your business is closed
Ensure you regularly review available call logging and call reporting options.
Regularly monitor for increased or suspect call traffic.
Secure your exchange and communications system, use a strong PBX firewall and if you don’t need the function, close it down!
Speak to your maintenance provider to understand the threats and ask them to correct any identified security defect.

Related News

  • Case Studies

    East-West conference

    by Mark Rowe

    Attending the 37th East-West International Security Conference organised by Capricorn Conferences and Exhibitions on June 4 and 5 at the Lisbon Marriott…

  • Case Studies

    Agile resilience webinar

    by Mark Rowe

    Agile resilience: lessons from Covid-19 for the ‘next normal’. That’s the title of an October 7 afternoon webinar by the business body…

  • Case Studies

    Visual evidence

    by Mark Rowe

    The March print issue of Professional Security features body-worn video and Cumbria-wide CCTV monitoring, among projects that have cash from the Police…

Newsletter

Subscribe to our weekly newsletter to stay on top of security news and events.

© 2024 Professional Security Magazine. All rights reserved.

Website by MSEC Marketing