Does your business use a Private Bank Exchange (PBX) system? If you’re not sure what a PBX system is, it is a phone switching system that connects your internal phones to each other and to an external phone network, often via Voice over Internet Protocol (VoIP).
Fraudsters are hacking into these systems and then using them to make hundreds or even thousands of premium rate/international calls, often to places like Eastern Europe, Cuba and Africa. This type of fraud is called PBX fraud, but has also earned the name “dial-through fraud.”
Your business is typically responsible and will get the bill if your PBX system is hacked, even though you’re essentially an unwilling victim. And while you may wonder how much international calling could cost, it can be a lot more than you think. This type of fraud has reportedly cost some individual businesses amounts that have reached into the millions.
How Do Scammers Do It?
Scammers use a number of different techniques to perpetrate “dial-through” fraud. In one scenario, for instance, they attack vulnerable IP servers looking for weaknesses, and when they find one, they hack into the phone system and create fake extensions. They then use these extensions to make pricey overseas calls. This fraud often takes place during off hours when businesses are closed. In another technique, the scammer will trick someone at a business into call forwarding their number to a long-distance number.
Tips for Protecting Your Business from PBX Fraud
While there seems to be no end to the lengths scammers will go to dupe businesses and individuals out of their hard-earned money, there are some things that you can do to protect your business from this type of fraud. These include the following:
1. Make your employees aware of such scams and when transferring or forwarding calls, they should always confirm that the call is going to a legitimate extension at your business.
2. Require all employees to change their default passwords to your voicemail system. Be sure they use strong passwords and make sure passwords are changed on a regular basis and often.
3. Make sure Internet firewalls are configured for maximum security.
4. Ask that your provider limit outbound calls from your phone system at times when your business is closed.
5. If your business doesn’t need to make international calls, ask that your provider restrict such calls completely.
6. Work with your PBX maintenance person or consultant to help identify any weaknesses in your system and to ensure that your settings are properly set up to minimize the risk of being hacked.
