By James Passingham, Technical Director, Foehn
Virtually everyone in the modern world is familiar with cyber-crime, fraud and scams as they relate to computers, but the issue of telecoms fraud is less well known. There are various types of telecoms fraud that take place and perpetrators often have a variety of motives, predominantly though the extraction of money from an unsuspecting business.
Awareness of telecoms fraud is growing among individuals and companies, but is at nowhere near the levels of awareness associated with computer crime. And there are a growing number of instances where telecoms fraud is costing small companies a relatively large fortune. I know of one company — an IT business, ironically — that on a Friday switched its new phone system on, only to have racked up an £18,000 fraudster’s bill by Monday, and it could have been a lot worse.
Scams vary in size and complexity. With ‘old style’ phone fraud, criminals would simply hack into voice mail systems and get them to ring premium rate numbers. With more companies now adopting SIP for its added flexibility and functionality, it’s important that the team managing it understands the risk of fraud, with the additional security vigilance necessary, and sets in place the right levels of protection.
Scams are carried out remotely by highly technically capable individuals and organized criminal gangs who know they have little chance of being tracked down, let alone prosecuted.
If these phone thieves have successfully made off with some of your money, exactly who is liable? Is it the carrier’s responsibility or the equipment manufacturer? The answer is actually the company as it has a responsibility to protect its own systems. And as this type of fraud is growing, insurance companies are becoming less inclined to pay out — again pointing the finger at businesses that they feel should be protecting themselves.
Phone fraud is on the increase — it now runs into the billions of pounds — so what can be done to protect your system, and more importantly, your bank balance?
There are of course some really obvious measures, such as checking your company’s phone bill frequently and looking for anomalies, especially large ones! Unless your carrier has its own system in place, often you will not see a bill until it’s far too late. Ideally use a carrier that has a fraud alarm system.
Consider setting an upper limit on your bills so that if a financial ceiling is hit, the alarm bells start ringing immediately rather than a week or month later.
Carry out a security audit to make sure the system settings are as secure as they can be. Make sure that only authorized people in the business have access to premium rate numbers and also ensure that passwords held on servers (which criminals may try to hack) are both strong and secure.
If you don’t have expertise in house to do this, then definitely consider bringing in a professional firm that understands the issues and complexities of phone security — it’s a small price to pay for what can otherwise be a huge financial hole.