Is your PABX as safe as you think it is? With the advent of voice over Internet Protocol in SA, PABX hacking is set to increase.
PABX telephony fraud is the theft of telecommunications services. It also involves deliberate abuse of the voice network in an attempt to reduce or avoid the charges that ordinarily would have been incurred by the culprit.
PABX telephony fraud may be perpetrated either from within the organisation by employees or contractors, or by third-parties outside of the company. Whatever the source, the result is the same - the call costs are forced onto someone else, usually the company that owns the PABX.
Trends show the threat of these activities comes primarily from within the company. The fact that the PABX is locked up in a secure room does not mean that it is safe from access by the wrong people. The PABX can be accessed by using a handset to program it or by dialling in to the maintenance port from outside the company.
Why are PABX systems so easy to target?
PABX systems offer many features and with stiff competition in the market, more and more features are developed all the time. Follow-me functions, diverts to cellphones and voice mail, even programming the system to open the entrance doors at an office can be put in action simply by punching a few numbers into a handset.
These features are all software-based and in the majority of situations they can be used remotely. In addition, the maintenance and service of PABX systems will often be provided from a remote location via a modem.
This means fraudsters can operate relatively openly with very little risk of being identified.
What`s in it for the fraudsters?
Trends show the threat of these activities comes primarily from within the company.
John Bannister, IT director, Multimatics
Assuming the person is aiming to make money and not just save a few rands on the odd personal phone call, there are a variety reasons:
* To sell international calls cheaply - this has actually happened to some of my clients. The fraudster operates a phone-shop business from a location away from the offices. Here, a local call cost will be incurred and the call will be sold, for example, for R1 per minute, thereby netting about 50c per minute from the transaction.
* To forward the trunk lines to revenue share premium rate numbers in which the fraudster may have a financial interest. The cost of these calls can be as high as R3.90 per minute to the company, and the fraudster receives a percentage of this amount from Telkom.
* Telkom does not allow businesses to SMS from Telkom trunk lines. However, this can be done from private lines. If Telkom does implement the service for businesses, then the premium-rated SMS numbers could also be used by fraudsters with a financial interest in those numbers.
* If the fraudster knows that "premicells" are attached to the PABX system, it may be possible to SMS premium-rate services via the SIM cards in the premicells. The charges for these can be as high as R30 per SMS, with the individual netting up to R22 per SMS - a good profit should the fraudster have a financial interest in the premium-rate service.
Share