The UK is a prime target for telephone fraud with scammers aiming to extort money by trick people into calling back bogus numbers and incurring high charges. The scale of global telecoms fraud is unknown but the most recent data available comes from report which showed 170m fraudulent calls were blocked across the world in 2018 to hundreds of destinations, the UK accounted for 25m, or 15 per cent, considerably higher than other countries in the G20 group of large economies.
Some useful basic information is available on the National Fraud and Cyber Crime Reporting Centre website here
A senior manager should be aware of these safeguards and ensure staff follow them as appropriate:
- Remove all default password settings when deploying the PBX and limit access to any maintenance ports.
- Passwords and access codes should be changed regularly and if possible be alpha/ numeric and as many digits as the system allows. Avoid 000, 1234, extension number=PIN passwords.
- Delete/change passwords for ex-employees.
- Consider limiting call types by extension, if an extension user has no requirement to ring international/premium rate numbers then bar access to these call types.
- DISA – (Direct Inwards System Access) is typically used to allow employees to dial in from home and make outbound calls (usually high value call types, ie mobile, international etc) via the company PABX. Your CP has deactivated this; if reactivated it should be closely controlled.
- Secure the system physically, site it in a secure comms room and restrict access to that area.
- Regular reviews of calls should be carried out to cover analysis of billed calls by originating extension also to identify irregular usage and unexpected traffic.
- Ensure you fully understand your system’s functionality and capabilities and restrict access to those services which you do not use.
- Mailboxes – block access to unallocated mailboxes on the system, change the default PIN on unused mailboxes.
- Be vigilant for evidence of hacking – inability to get an outbound line is usually a good indicator of high volumes of traffic through your system. Check for calls outside business hours.
- Assess security of all PBX peripherals/applications: platform, operating system, password and permissions scheme. Carefully evaluate the security of any onboard remote management utility (eg PC Anywhere) for possible holes.
- Check firewall logs weekly.
- If relevant set access PIN on smartphones that will use VOIP.
- Limit VOIP registrations to office network.
- For SIP systems, set credit limits per phone per day.
For any further information or to speak to one of our team, please call 0808 146 7000