Private Branch Exchange (PBX) fraud occurs when hackers target these systems from the outside and use them to make a high volume of calls to premium rate or overseas numbers to generate a financial return.
Criminals use technology to hack into the PBX system. This can be straightforward, as often victims leave the passcodes on default settings. Once access is gained, the criminals can make their money by either dialling premium rate numbers to which they are affiliated, or dialling international numbers.
The victims are often small to medium-sized businesses, but also a number of schools, charities and medical/dental practices are being targeted, with losses sometimes up to tens of thousands of pounds.
This type of fraud is most likely to occur during times when businesses are closed but their telephone systems are live, for example in the early hours of the morning or over a weekend or public holiday.
The good news is that some simple steps will significantly reduce your risk of victimisation:
- If you still have your voicemail on a default pin/password change it immediately
- Use strong pin/passwords for your voicemail system, ensuring they are changed regularly
- Disable access to your voice mail system from outside lines or ensure the access is restricted to essential users who regularly update their pin/passwords
- If you do not need to call international or premium rate numbers, ask your telecoms provider to place a restriction on your telephone line
- Consider asking your network provider to block outbound calls at certain times e.g. out of hours
- Regularly review available call logging information and monitor for increased or suspect call traffic
- Secure your exchange and communications system, use a strong PBX firewall and if you don’t need the function, close it down!
- Speak to your maintenance provider to understand the threats and remedy any identified security defects