Toll Fraud Policy
In 2013 the communications Fraud Control Associations (CFCA) Telecoms Fraud Survey reported that:
- Global communications fraud was estimated to be more than $46 billion
- Over $8 Billion was attributed to the hacking of both traditional and IP telephone systems
- The UK is the third most targeted country in the world
- Toll-Fraud in the UK costs businesses £1.2 billion each year
Toll-Fraud is organised crime
Whether you have an analogue, digital or IP based system, fraudsters hack into your PBX/IP PBX, normally out of office hours, and gain access to your phone system in seconds. They use advanced software to crack passwords and bypass firewalls.
Once the system has been accessed, unauthorised and illegal calls are made to any location in the world. The stolen call time is passed off as legitimate call traffic in the form of calling cards and low-priced calling tariffs. In almost all cases there is a link to organised criminal gangs purporting to be legitimate businesses.
Often businesses are not made aware that they have been hacked until they receive telephone bills for what could be thousands of pounds.
RTF Networks endeavours to lock down all systems that we install or maintain, but hacking and fraud technology is advancing all the time leading to a continuing rise in toll fraud
The Solution – Safeguard Fraud Potection>
SafeGuard Fraud Protection can be added to your lines from under £1 per month.
The service will automatically place a network call bar on any phone number with usage of over £500 in a 24-hour period.
If the 24 hour £500 threshold is breached, you won’t be liable for usage above that.
Should you have any questions about this service please contact our Customer Relations team on 01622 238 448 and they’ll be happy to discuss it with you.
Our Toll Fraud Policy can be found below>
RTF Networks is dedicated to reducing the risk our customers face to the best extent possible. Whilst we appreciate that no telecommunications system will be completely immune to the danger, our advice regarding security can alleviate the risk significantly.
The main points to consider are listed below.
It is vital that employees have all the necessary training to optimise the efficiency of the system. Cases of Toll Fraud are extensively linked with the stealing of authorisation codes and passwords.
It is essential that your staff safeguard these to the best of their ability.
The numbers should never be written down or programmed into audio diallers. If you have staff who travel outside of the office they should also be aware that thieves can be watching or listening in to phone calls to find out the relevant numbers.
Furthermore, it is important to establish the identity of anyone placing a collect call to the company before accepting charges. An ever-increasing problem is the receipt of a phone call where the caller asks to be transferred. This is yet another way in which access can be gained to your network and an outside line.
An advisable approach would be to establish a system whereby any suspicious activity is reported immediately by your employees. Suspicions may be aroused by the nature of the call or by the number of phone calls received.
Control of your phone calls is a good way to heighten the security of your firm. Most thieves will RTF Networks on making non-permitted long distance calls. You can place restrictions on this by eliminating or restricting unnecessary calls to other countries. This is ideal if you know the countries you do not do business with. You could also place limits on which of your workers can make such calls or on what times calls are made, as this could stop phone calls in the evening.
There are certain signals to look out for that will alert you of toll fraud. A growing number of thieves will try to deceive your workforce to gain access. For example, they could ring you on a local access number or 0800 service and ask to be continually transferred between personnel until they obtain an outside line. It is recommended that all the following should be considered; obscene phone calls, continuous hanging up of the phone, recurring incidents of asking for an individual extension number, wrong numbers, callers asking who they have reached and silent calls that wait for you to hang up. These techniques have been used in the past and should raise alarm bells if they occur in your office.
Passwords are the easiest form of protection but there are several ways to make these more secure. The more characters you use the better. You should also avoid patterns in your system such as digits that follow in numerical order or all the same number. Do not use default passwords or access numbers as they are simple to crack. Keep away from making the password the same as the extension number or those which are related to the owner, such as an I.D Room or social security number.
In line with this it is also advisable to frequently change the passwords. We would recommend doing this quarterly, as well as when anyone leaves the business who had access to them.
In addition, you should keep a regular check on your voicemail system. Within these fraudsters could access board messages, make their own mailboxes or transfer until they find an outside line.
You could stop this using internal calls only within voicemail, getting rid of mailboxes of previous employees immediately or making sure there are no spare, needless mailboxes.
Users should change their Personal Identification Numbers routinely for access to the voice mailbox, as well as taking the previous advice of making sure that these involve the maximum amount of characters to reduce the chances of a hacker. Remote access telephone numbers should not be published either as this may also put you at risk.
Next, automated attendants answering companies’ telephones can also leave them open to fraud. The toll fraudsters will go from the automated attendant and dial 90XX or 900 extensions. On several exchanges these numbers will connect them to outside lines. You can limit or block capabilities of local dialling or long distance trunks to stop this. Block access codes such as 900XXX can be used in these circumstances.
In summary, the best way to prevent toll fraud is to look out for the warning signs, such as anything out of the normal. This may manifest itself in the form of out of hours calls, calls to other countries that you don’t recognise having done business with or several incoming calls on your call detail records followed by long outbound calls.
If you notice any of these signs you should take the following steps as toll fraud can lead to extensive losses that can ascend extremely quickly. You should call RTF Networks and your line/least cost routing provider. We can then help you to prevent further instances of toll fraud. Although there is currently no way to stop toll fraud you can educate yourself and your workforce to lower the chances of it happening, stop it when it occurs and thereby reduce the harm it can do. The most likely times for it to happen is when security is at its lowest, which is normally outside of working hours. You should therefore keep a list of things to look out for as well as what to do if you notice them.
RTF Networks recommends that the customer include the telephone system related applications as part of their company security policy and seek insurance against such acts.
RTF Networks will not be liable for any cost incurred due to toll fraud of any kind and has taken all possible actions to prevent such incidents.