Phone phreaking; How to prevent phone system hacking
Phone phreaking is a form of hacking that applies to telephone networks. Hackers, usually based abroad, tap into the business? phone systems and take control of the lines to gain free phone services. Often the hackers use the lines for costly international calls, or to dial premium rate lines that they have set up before hand.
Companies that are hacked are liable for any of the costs occurred. . A Channel 4 News item valued the UK?s losses to this criminal activity at ?1 Billion in 2012 alone. The average loss being between ?1500 and ?3000, these costs generally only take 2 to 3 days to be incurred, however bills of tens of thousands are worryingly common.
Any business with a phone system is potentially at risk from these hackers, in particular companies that have phone systems that allow employees to call in from the outside and use their company?s network to make calls. Employees need a PIN to access their voicemails, and to make calls, however this is often where the weakness lies. Many businesses are unaware of the risk of phone phreaking, or don’t fully understand their PBX systems. Unless the PIN number is manually changed, the PIN is left as the manufacturer issued, default number; 1234, for example. Hackers can then easily guess the PIN; once they are in they can take control of the lines. These activities are commonly carried out during weekends and bank holidays to avoid detection. But with the high call charges it doesn?t take long for them to add thousands to the company?s telecommunication bills.
It is not only private businesses at risk; anyone with a phone system is a potential target including schools, charities and public bodies. The most high profile case in the UK was New Scotland Yard, from which hackers took ?1?million over an 18 month period.
There are a?number of changes and adjustments?that can be?carried out?to minimise the risk of your phone systems being compromised.
All of these adjustments will help limit the possibility of your system being hacked but having processes of early detection are also essential to limit your exposure to loss. These methods include making sure that you review your phone bills for any un-usual activity as high volumes of calls can sometimes start a few days after the initial attack has happened. If you have any call logging software on your phone system, you could schedule twice daily destination reports and also review these for any unusual call traffic. Obviously these methods will require the commitment and diligence of the person that is responsible for the monitoring and this task will need to be delegated to someone else on Holidays and Sickness absence.
You could also install a Voice Firewall which can be configured by you independently of your telephony provider to block calls to certain known fraudulent destinations and also monitor the calls for known patterns of fraudulent behaviour. This can then be set to notify you of suspected attacks without the need of daily personnel interaction.
If AdaptiveComms provide your telephone bill we can block at network level all international and premium calls .If that is not appropriate for your business, we can provide and install a firewall for any system.
These precautions can dramatically decrease risk, but no method is guaranteed. Your business is liable for any costs incurred, not your supplier.
For further details or to discuss your options with an AdaptiveComms expert please call us on :01704 540547.