How much could PABX fraud cost your business?

MEDIA RELEASE

September 13, 2011

How much could PABX fraud cost your business?

Business owners are being warned to secure their PABX phone systems to prevent hackers from accessing them during the Rugby World Cup.

The Telecommunication Carriers Forum (TCF) says the incidence of PABX fraud increased four-fold during 2010, with an estimated 30 to 40 New Zealand companies getting hit by international PABX fraudsters every month. They racked up international telephone calls worth hundreds of thousands of dollars.

TCF CEO David Stone says that while PABX fraud has fallen this year, it is still the main fraud risk facing telcos and their customers. He says there is a real danger that the incidence of PABX fraud will increase during the Rugby World Cup.

“With so many tourists expected to visit New Zealand, international fraudsters may take the opportunity to target New Zealand for PABX hacking during this time,” he says.

Mr Stone says that leaving your PABX unsecured is like leaving your PIN numbers or bank account details and access codes pinned to your front door.

“Security of your PABX is easily as important as the security of your PC; it’s relatively easy to defraud you of thousands of dollars if you haven’t made your system secure.”

What is PABX fraud?

PABX fraud happens when someone hacks into an unsecured voicemail system (or similar) that allows incoming callers to dial extensions directly. The hackers then redirect internal DDI calls to an external international number.

Who is at risk?

Anyone with a PABX system is at risk from hacking. It makes no difference whether the system is linked to the PSTN or is an IP system. One recent case involved an individual who had downloaded a free software-based VoIP PABX and installed it on their home computer.

How to guard against PABX hacking

1.CHOOSE A STRONG PASSWORD: Voicemail and Direct Inward Systems Access (DISA) passwords should be changed on a regular basis, avoiding factory defaults and obvious combinations such as 1234 or the extension number.

2.CHANGE IT: Make sure all security features – passwords, PINS etc – are changed following installation, upgrade and fault/maintenance. Don’t forget to reset password defaults.

3.KEEP IT CONFIDENTIAL: Keep all internal information such as directories, call logging reports and audit logs confidential. Destroy them appropriately if no longer required.

4.REVIEW REGULARLY: Review system security and configuration settings regularly. Follow up any vulnerabilities or irregularities.

5.VENDOR TERMS AND CONDITIONS: Make sure you have the right terms and conditions reflected in your contracts with your PABX, VoIP and/or voicemail maintainer in order to keep your system regularly maintained and serviced to stay safe.

For more tips on preventing PABX hacking on your system visit: http://www.tcf.org.nz/PABXfraud

If you have any questions regarding your own particular PABX, contact your vendor for advice on securing your system.

ENDS