It may be old school, but ahead of the Easter public holiday, police are warning businesses and colleges about PBX fraud, because while premises are closed, your telephone systems are not. Have your PBX systems settings been properly set? police ask.
The NFIB (National Fraud Intelligence Bureau, run by the City of London Police) says that it has seen a significant rise in the number of reports made of PBX and dial through fraud. Around 6pc of the total of these reports relate to a school or college, although this is only based on what is reported and the figure could be much higher, police say.
The losses involved can be high, especially when they are made during times that a school or business may be closed, for example the school holidays or weekends; as it is likely that the fraudulent calls will go unnoticed, until the bill arrives.
Private Branch Exchange (PBX) is a telephone switching system that connects internal telephones, besides connecting them to the Public Switched Telephone Network (PSTN), Voice over Internet Protocol (VoIP) providers and Session Initiation Protocol (SIP) trunks. The PBX will often allow access to voice messaging systems.
The dial-through fraud occurs when hackers target these systems from the outside and use them to make a high volume of calls to premium rate or overseas numbers, typically to eastern Europe, Cuba and Africa.
How do hackers do it? Thanks to incorrectly configured firewalls and set ups, poor security settings, lack of maintenance or use of default or easy to guess passwords, the authorities say.
Things you can do
There are things you can do against the risk of a hack. Do you have your voicemail on a default PIN or password? Change it. If you allow access to your voicemail system from outside lines, usually for remote workers, disable it. If you do not need to call international or premium rate numbers, ask your telecoms provider to place a restriction on the line. Or ask your network provider to not permit outbound calls out of normal hours. Review call logging and call reporting options, and monitor for increased or suspect call traffic.
