Tips to Defend Against Fraud During the Holidays

Guest Blog by Sascha Mehlhase, Senior Director of Product Management for West Telecom Services and Flowroute

5
Tips-Defend-Fraud-Holidays-Flowroute
Unified Communications

Published: December 16, 2019

Guest Blogger

With the holiday season upon us, many people are preparing for time off from work. However, with fewer people in the office to monitor phone lines and network activity, the holiday season is also an opportune time for fraudsters to strike.

According to a report released by Europol’s European Cybercrime Centre and Trend Micro, telecom fraud is growing globally and costs organisations and carriers more than $32.7 billion a year. Companies impacted by telecom fraud are also at risk of losing customers due to damaged customer relationships or company reputation. The combination of the economical and reputational losses can put some companies out of business.

With the threat of telecom fraud looming, it is important for business decision makers to be aware of the common types of fraud, so that they can detect instances and stop them before it is too late. Below are four common types of telecom fraud professionals should be aware of before leaving the office on holiday, as well as all year round.

  1. Identity fraud. Perhaps the most common type of fraud, identity fraud, occurs when hackers impersonate a business or individual and misattribute calls from their account. This fraud is also known as caller ID spoofing because fraudsters make it look like the call is originating from a trusted source, such as a victim’s bank, school, local phone number or reputable private company. Identity fraud also includes voicemail hacking, which is when a hacker gains access to a voicemail and changes the outgoing greeting to include words like, “yes,” “operator,” or “I will accept the charges.” Here, hackers can place collect calls (often to international numbers) and connect to an operator letting the call run for hours to incur fees

Another subset of identify fraud is robocalling. Robocalling is when a computerised auto dialler delivers a pre-recorded message, often under the guise of a false identity. Recently we’ve seen a rise in robocalls in the U.S. with approximately 26.3 billion robocalls (pdf) made in 2018. Through this fraud, victims can be tricked into providing billing information or sensitive customer data to a hacker.

  1. Premium route fraud. Through this type of telecom fraud, scammers develop tailored scripts and monitor for open ports within an enterprise’s telecom system to hack into. They can then redirect calls initiated from within the PBX-controlled network to a premium route or numbers controlled by the attacker. In many cases, these routes are to international destinations or numbers that do not have designated fees or “rate decks.” Further, premium route hackers usually attack after hours or when they know people will be out of the office to prolong the duration of the calls and increase the revenue they can gain from their attack
  2. Subscription fraud. Hackers leveraging subscription fraud falsely gain control of a customer’s billing credentials and their relationship with a carrier. A hacker can then create new subscriptions or make purchases on a user’s account. Often, hackers will lock the victim out of their account by changing passwords and security settings – giving themselves total control
  3. Black/grey routes: In this type of fraud, fraudsters steal and resell SIP trunking accounts to provide inexpensive calls to destinations with strict route laws. The colour title relates to the legality of a route or call between a source and the destination, often between specific countries. For example, black routes are illegal on both ends, whereas grey routes are legal for one country, but illegal on the other end. If a fraudster facilitates a black or grey routed call, the business victim could be subject to higher charges or regulatory fines

How businesses can defend against telecom fraud

Given the diverse range of tactics fraudsters can deploy, hackers may appear to have the upper hand. However, businesses can avoid falling victim to these attacks by working closely with their carriers, IT departments and communication service providers to fortify against, detect and stop threats before they result in real damage. Here are four simple but effective best practices to ensure optimal protection all year round.

  • Conduct an annual security audit. Audits are notoriously low on the totem pole of favorite business procedures, but they are a critical element to keep a company and its customers secure. If a business operates one or more PBX systems on a public IP address, they should be conducting an annual audit of the system to ensure that existing fraud controls are still aligned with traffic patterns
  • Deactivate unused mailboxes, extensions and calling features.Have you ever heard the phrase “out of sight out of mind?” Hackers certainly have, and they take advantage of forgotten accounts. Businesses should take inventory of the tools that are not in frequent use and delete them. Additionally, it is wise to create a schedule for updating passwords on a regular basis
  • Set and define calling parameters. Setting a maximum default rate for outbound calls and creating call limits in a destination whitelist helps businesses maintain total control over where their calls are routed. Setting these boundaries also gives companies power to block calls trying to connect outside of an approved area, as well as make exceptions for calls that need to connect in the case of emergencies or outages. Calling parameters are a great way to protect against grey and black route fraud
  • Enable IP-based authentication for outbound calls.If a company’s phone system has a static IP address, consider setting up verification filters for outbound calls to further secure the account. This will restrict access to telephony resources from an internal IP address, allowing only people with the correct authorisation to place calls or send messages on the network. If the network requires multiple mobile users logging on from dynamic IP addresses, consider creating a blacklist of IP addresses that have been flagged as potential hackers

Businesses should be proactive about telecom security all year round. Knowing how to identify the common types of telecom fraud is the first step in preventing damages and securing the safety of the business. The holidays serve as a reminder of when fraudsters are likely to attack; however, businesses that invest in security practices year-round will be well positioned to avoid the financial and reputational damages telecom fraud can cause.

 

Sascha Mehlhase
Sascha Mehlhase

Guest Blog by Sascha Mehlhase, Senior Director of Product Management for West Telecom Services and Flowroute, now part of Intrado
Sascha Mehlhase is the senior director of product management for West Telecom Services and Flowroute, now part of Intrado. He has more than 15 years of product management experience in software engineering and B2B SaaS platform development. Prior to joining the company, Mehlhase was the director of product management at Motorola Solutions, where he was the strategic lead as the company developed software solutions for mobile broadband work-group communications.

 

Security and ComplianceSIP
Featured

Share This Post