Is Your Business Vulnerable to Telecoms Fraud?

Monday 31st October 2016

The latest statistic from The Telecommunications UK Fraud Forum (TUFF) estimates £953 million is lost to telecoms fraud in the UK per year, with cases frequently costing small businesses over £100,000. With the cost of fraud rising so significantly it has never been more important to protect your business.

Telecoms fraudsters hack into phone lines and use them to make unsolicited phone calls to premium numbers, which can result in thousands of pounds’ worth of call charges in just a few hours. Attacks on unmonitored lines often go unnoticed until charges are invoiced, meaning early detection of unusual call activity is key to reducing the risk of financial damage.

One of the biggest challenges facing many companies when it comes to their communication networks is how they can tackle the ever-present risk of fraud. Telecoms fraud might not necessarily be top of many people’s list of priorities when they are drawing up risk management plans and putting in place strategies to protect their businesses but it is an area that can have huge consequences if it is not given the attention it deserves.

Such is the scale of the problem, that organisations around the world lost $38 billion (£31 billion) from telecoms fraud, according to the Communications Fraud Control Association’s 2015 Global Fraud Loss Survey.

The results of this survey confirm that telecom fraud still remains a lucrative criminal business.
Jacob Howell - Board member of the Communications Fraud Control Associations

What type of Fraud is this?

  • Telephony Dial Through Fraud
    • Criminals exploit vulnerabilities in both traditional and VOIP PBX systems to realise their funds using two main methods; by making numerous calls to premium rate numbers that they are affiliated with and thus share in the profit made by generating high volumes of calls to these numbers, or by selling the access details of the compromised PBX on to other fraudsters who make high volumes of calls to international numbers
    • Although fraudsters tend to target business phone lines to make money compromised PBX’s may also give criminals access which will allow them to listen to company phone calls or steal and delete sensitive business data, the cost of which could be far higher than the cost of the compromised phone calls.
  • SIP trunk Fraud
    • As more businesses switch to SIP phone lines, it seems vital security steps are overlooked with securing it. Single attacks can cost thousands, yet it’s so easily overlooked.
    • There are so many benefits to cutting the cord and moving to a SIP line, including increased flexibility, cost savings, and more mobility that’s needed in modern business. But, it’s incredibly easy to overlook the security risks of what many simply consider a utility.
  • Social Engineering & Hacking
    • Social hacking is the method of obtaining unauthorised access to data, systems, or communications via means of deception.  These social hackers will attempt to deceive your colleagues using increasingly creative techniques, most of which are modernised confidence tricks that make targets feel good about helping out a stranger.
    • Like traditional hacking techniques, they involve background research to find a suitable target.  To substantiate an attack, social hackers often require a believable backstory to spark the emotional responses they want.

Criminals use auto-diallers to identify systems which are worth hacking into. Once they are able to establish the type of system they are attempting to access (often identifiable from the default digitised voice recordings), the system is subject to a sustained attack so as to establish the pass code that will give them access to the PBX system itself.

Once access has been gained to the PBX, they will use it as a switchboard to continually dial their own premium rate numbers in order to ensure that they receive all revenue generated.

Alternatively, fraudsters use the phone lines as a platform for offering international calling card services. In such instances, criminals sell calling cards to third party individuals whose calls are then routed through the victim’s compromised telephone system to worldwide destinations.

The money made on the calling cards goes directly to the fraudster, whilst the victim company is again left with a bill that they MUST pay.

So what can you do to protect yourself?

Partner with an organisation that can identify, react and mitigate the risk of these kinds of fraud activities.

ITRM’s service monitors every single call that traverses our network, constantly looking for specific patterns, certain types of calls or trigger points whilst calls are in progress. Our network alarms are set to trigger on certain criteria.

Length of call, number of short calls in a certain time frame, and cost of calls form some of the criteria that we use to ensure attacks are quickly identified. The ITRM team then look to identify the user – to ensure valid calls are not impacted – and from that, the validity of the call itself with management from the client.  From there we can block certain calls and reinstate and increase security levels to protect against the risk of attack.

These kinds of attacks can quickly rack up costs so having a knowledgeable, proactive and reactive partner to support your organisation is key to mitigating risk of telecoms fraud.

Is your business vulnerable? Call ITRM now