How to protect your enterprise against long-distance fraud
Telecommunications fraud is a global concern that can affect any business, regardless of its telephone provider or the country in which it resides. Telecom fraud generally involves an unauthorized third party gaining access to a premise based business telephone system and placing costly long-distance calls.
Many businesses around the world have recently fallen victim to this fraud. Fraudsters most often call a business after hours, and then employ a variety of manual and automated techniques to try and guess at the passwords used to protect access to voicemail equipment, such as Private Branch Exchange (PBX) systems. If these passwords have not been changed from their default settings, or if passwords used are easy to guess at (such as 1234 or 1111), it is fairly easy for these criminals to gain access to voicemail equipment, or other telecom fraud. Once inside, long-distance calls are initiated, resulting in unexpected charges.
Fraud costs us all
Fraud creates an enormous financial burden for us all:
- Internationally, telecommunications fraud costs around $12 billion a year.
- Canada accounts for about $30 million of that loss.
- Almost one in four international companies has been or will be the victim of some type of toll or long-distance fraud.
- And all of these losses must be covered by the prices of the goods and services offered by the businesses that are defrauded. That means that consumers like you pay the cost.
As a subscriber, you must pay for all calls originating from or charged to your telephone line. This applies to all customers, no matter who made the calls or accepted the charges. But you can protect yourself. Start by adopting good telecommunications habits. And if you notice any suspicious activity on your line, contact the authorities and your long distance provider at once.
The following examples of fraud type will help provide you with information to assist in preventing such occurrences.
- Ensure all voicemail access passwords are 6-8 digit combinations and employees do not use easily guessed combinations. This includes temporary voicemail boxes.
- Ensure the voicemail access passwords expire after 60 days.
- Ensure the voicemail and administrative system access is revoked after 3 failed login attempts requiring a hard reset.
- Ensure all unused voicemail boxes are deleted from the system.
- Ensure through-dialing is disabled unless it is absolutely required. Through-dialing is the feature which allows for local and long-distance calling from within a mailbox.
- Ensure that if through-dialing is enabled, that its usage generates a report that is monitored daily to ensure no abuse has occurred.
- Ensure that overseas long-distance calling requires a unique end user authorization (Class of Service – COS) code which is different from the voicemail access password and restricts access after 3 failed attempts.
Calling Card Fraud
- Protect your calling card number and Personal Identification Number at all times.
- Treat your calling card like you would your credit card.
- Do not select the same Personal Identification Number (PIN) you use to access your bank.
- Do not write down your Personal Identification Number and leave it in your wallet.
- Memorize your Personal Identification Number.
- Never tell anyone your Calling Card PIN.
- When you use your Calling Card at a pay phone, make sure no one is watching you key in your PIN.
The majority of recent fraud cases have occurred around premise based Private Branch Exchange (PBX) systems, by direct inward system access (DISA). Intruders gain access to businesses that use a PBX phone/voicemail system and use system commands such as an 800 number or other access number to gain a dial tone. They place unlimited long-distance calls directly through these lines for unscrupulous operators reselling long-distance at a profit. These calls appear no different to the service or equipment providers than any other call originating from that business.
Be careful when surfing the web. Some sites will try to draw you in with a free offer, and then secretly download a program known as an Internet auto-dialer. The auto-dialer commands your browser to dial a long distance number - and you get billed for the call.
When travelling abroad
When travelling outside the country, use Canada Direct to avoid unexpected charges on your phone bill. Be aware that when a phone number begins with 011, it is an overseas call and the related charges are usually higher. Note: Calls to some area codes can be considered overseas calls even when the number begins with 1 (i.e. 1-XXX-XXX-XXXX).
Controlling Long-Distance Calling
Check your monthly phone bill carefully for any unusual charges. If you receive a collect call, make sure you know who the caller is, otherwise don't accept it. Don't let strangers use your phone.
Restrict Automated Attendant
Automated attendants that allow callers to be automatically transferred to an extension without the intervention of a receptionist can also serve as an open door to telecom fraud. Tele thieves enter the automated attendant function, and then dial the 91XX or 9011 extension. On many PBX and voicemail systems (with dial-out capabilities left active), these extension numbers connect to outside long-distance lines. To reduce automated attendant fraud, restrict or block access to long-distance trunks and local dial capabilities. In particular, block access codes such as 9XXX and possibly even the 8XXX fields or install a "verify extension field" capability, if available.
Monitor and Analyze Your System
Continuous monitoring of your company's calling patterns will help you to identify fraud at an early stage and minimize loss. It's a good idea to regularly monitor your PBX, voicemail, automated attendant and 800 call detail records. Learn to spot patterns such as an increase in after-hours calls, calls to countries you don't do business with and multiple short duration inbound calls (especially after working hours). Watch for numerous incoming calls on your 800 lines followed shortly thereafter by a surge in long duration outbound 800 calls, which may indicate that an unauthorized third party has entered your phone system through your 800 lines and is dialing out.
Contact NorthernTel Customer Service immediately at 1-800-360-8555 if you notice any unusual activity on your phone line.