Unexpectedly high volumes of VOIP calls over historically quiet festive season
While the telecommunications industry prepares itself for the annual slowdown and for a select lucky few a shutdown, another group wait in anticipation for their opportunity to capitalise on vacant offices, unmonitored PBXs and susceptible VOIP providers. The guilty parties may not always fit a single profile and sometimes the culprit causing the high telephone damage may be sitting right under your nose.
Leave your home unoccupied for long enough and criminals will make an attempt to break in and the same can be said about your PBX.
Hacking is usually easy and possible because the victims are generally oblivious of the potential threats and the PBXs are not properly secured. Calls are placed and routed via the PBX and, in the majority of cases the business owners only become aware of the problem when it's too late.
Common configuration mistakes inVOIP securitythat can increase the risk of PBX hacking:
* Weak user authentication and access control.
* Inadequate use of encryption.
* Unauthorised access: Would you open your door to stranger? Why would you allow unauthorised access to your PBX?
* Default Passwords: One of the largest contributing factors in PBX hacking. Default passwords can be found online in the relevant PBX user manuals etc.
The familiar face
Your PBX doesn't always have to be compromised for your telephone to suddenly sky rocket. Staff members left to work during the quiet period have been found guilty of telephone misuse. Employees suddenly have the urge to call everyone and anyone, anywhere around the world to make time in the day go by faster. Premium numbers, competition numbers and anything that can be dialled successfully is called. Nothing is off limits because it's "free".
The call costs rapidly begin to add up and after a few days of abuse, the owner is in for a bad festive surprise.
Finding the culprits can sometimes be easy by simply using the data on the PBX but if the users were sneaky they would use someone else's extension. If your service provider didn't suggest implementing a pin code system or you opted not to make use of pin codes, finding the guilty party may require a bit of unnecessary work.
Common overlooked options to prevent in-house abuse:
* Implementation of Pin codes.
* Setting call limits per user.
* Unless your clients are outside of South Africa Block international calls.
* Remind the users that usage will be monitored.
The wolf in sheep's clothing
These companies have no operations and their sole purpose is to persuade Service Providers to offer VOIP services on credit. If successful, they will max out the account as fast as possible. The abuse again is typically done over weekends or public holidays so that the providers are less likely to notice.
When the invoice is eventually submitted the scam artists use a variety of delay tactics, from fake payment confirmations to small payments to persuade the provider to not cut off the service
The use of service with no intent to pay. Often this type of fraud is associated with other crimes, such as identity theft. The true impact of subscription fraud often goes unrecognised because providers categorise it as bad debt.
Fraudsters gain access to a service in one of three ways:
* Identity theft (Using the identity of another person).
* Using false details.
* Using valid details, but disappearing without paying.
Wanatel would like to remind all VOIP providers, Resellers, installers and clients to remain vigilant all year round. There is no such thing as being too secure. Fraudsters are constantly on the lookout for opportunities. Do not let your guard down because if you do your telephone bill will go up.