Hackers are targeting small business VoIP phone systems

Do you currently have your own telecommunications system located on your business premise? If so have you ever experienced, heard or considered the risks of toll fraud.

With many businesses nowadays utilising SIP trunks, dialling out over the internet, and IP based private branch exchanges, also known as PBX’s, as their communications platform to make and receive calls, a new threat has developed that many organisations are unaware of.

Toll fraud, which is the process where computer hackers use a range of attacks to infiltrate a PBX system usually that are located on businesses premises. These attackers will create their own users or extensions on your PBX, registering them in some lovely location overseas, making outbound calls all at your expense.

The two main ways attackers derive profit from fraudulent activities are; the phone cards scam and the premium rate number scam. The phone card scam is where the hacker sells an international calling card that will allow you to make international calls that have heavily discounted rates. These are usually sold in countries where international calling is very expensive. When the consumer uses this card that they have paid for, their calls are actually routing through your PBX without them or you knowing, with all the profit ending up in the hands of the hacker. Eventually you will be hit with a massive bill and rectify the security flaw in your system until the next time the attacker finds a weakness in your system.

The second type of attack and the most common these days is the premium rate number scam. This is where the hackers breach your security defences of your PBX create an extension on your system or maybe even call forward from your IP handsets to a premium rate number, such as a 1900, that they own. This is much simpler than the calling card scam which is why it is becoming a huge problem.

In 2013 alone toll fraud rose to $46.3 billion USD and is rising, due to the correct security measures not being put in place on your onsite PBX. With the hackers getting smarter and finding new ways to make expensive calls with you picking up the tab, the most important way to stop these threats is to constantly monitor attacks and put new measures in place to stop them occurring again.

However, with most onsite installations your IT or Telecommunications contractor will arrive, possibly even remotely, at your location on to make changes or install the PBX, set it up to your requirements and then walk away to allow you to run your business. As mentioned previously the big issue with this is that no one is monitoring your PBX for attacks that could occur and by the time you have discovered this you have a massive bill from your service provider.

How can you protect your communication systems from fraudulent activity?

Now you are probably asking: how can I reduce or eliminate the threat of fraud? Quite simply you need a VoIP provider in Australia that has a network and security system in place that constantly monitors the inbound attacks from attackers and constantly puts new measures in place to stop them prevailing. Essentially your require a sophisticated firewall and anti-fraud system that allows your organisation to withstand even the most advanced attacks from various algorithms.

Furthermore, a bespoke mPBX hosted PBX solution that has been developed in such a way that you are fully protected from the increasing amount of scams, hacks and fraudulent activity is also highly recommended. For example, only using complex passwords on each of your SIP device accounts which only allows users with the correct account information from registering the device. Likewise, a restrictive firewall that has been built to stop brute force attackers from trying to connect with multiple passwords every millisecond is another security measure recommended by business VoIP providers. If your organisation receives more than a few wrong attempts it is best practice to drop all requests from the attacker’s IP address and add them to a blacklist to stop them returning from that location.

Nevertheless, these are just some of the safety precautions that are recommended to businesses both large and small, to reduce or eliminate the risk of being a victim of fraudulent activity. What you really need is an expert team of highly trained security engineers are also able to make suggests to how to setup your internal network on-site PBX no matter which communication solution you require.

So hopefully now the next time you look at that device sitting on your desk you use every day for communications you will not only now understand the risks that exist but will now know that there are ways to protect yourself from such attacks.