Telecommunications fraud is a global concern that can affect any business, regardless of its telephone provider or the country in which it resides. Telecom fraud generally involves an unauthorized third party gaining access to a business telephone system and placing costly long-distance calls.
Rogers monitors network traffic for unusual or suspicious activity on a continuous basis. However, your business is ultimately responsible for all calls originating from and accepted to your telephone line. It is essential that you take all appropriate measures to protect your business phone systems from fraud.
Telecommunications fraud generally involves a third party making long-distance calls at the expense of a business. Forms of fraud involve:
The majority of recent fraud cases have occurred around Private Branch Exchange (PBX) systems, by direct inward system access (DISA). Intruders gain access to businesses that use a PBX phone/voicemail system and use system commands such as an 800 number or other access number to gain a dial tone.
They place unlimited long-distance calls directly through these lines for unscrupulous operators reselling long-distance at a profit. These calls appear no different to the service or equipment providers than any other call originating from that business.
Voicemail fraud is the most prevalent type of fraud and the most significant threat to businesses that use a Private Branch Exchange (PBX) phone system or voicemail. An unauthorized third party can gain access to a business's phone system and place long-distance calls directly through these lines. They gain access most commonly through voicemail menus protected with only simple passwords (1111, 2222, 1234, etc.) or unchanged factory default passwords.
Once inside your system, an unauthorized third party can use the system commands to gain a dial tone and place calls that appear no different to your service or equipment provider than any other call originating from your business. Having a good password management policy and practice is a strong start towards protection.
An unauthorized third party steals a calling card or calling card number and then uses it to make calls.
An unauthorized third party can gain access to your Internet dialler if you access the Internet via a dial-up connection, and use your phone line to place long-distance calls.
While no telecommunication system can be made entirely free from the risk of fraud, diligent attention to system security can reduce the risk considerably. The following actions can limit the risk your business faces.
Remote access allows callers from the public network to access your business's PBX system using an access code. For example, an off-premises executive may use it to dial directly into the PBX in order to make a long-distance call less expensively than with a credit card. It's also one of the primary avenues of illegal entry into your system. To lessen the vulnerability of your remote access system, use authorization codes or other passwords to control access and limit calling range after normal business hours or provide attendant intervention.
Never use default passwords or default access numbers for your system as they are easy to crack and almost everyone knows them. One of the most effective security measures is to select hard-to-break passwords and remote access codes. Use the maximum number of characters, mixing the pound sign (#), asterisk (*), and numeric digits (0-9).
Avoid passwords that contain the following:
Tips to safeguard your DISA (direct inward system access) number:
It's a good idea to change passwords and access codes at least four times a year for both switch (software based/remote access) and hardware-based voicemail systems and automated attendant services. Always change or remove authorization codes when authorized users leave the company, especially when technicians depart. Do not write down remote access codes or passwords, or program them into auto-diallers.
Prevent unauthorized third parties from connecting to your voicemail system and accessing private bulletin board messages, creating their own mailboxes, or accessing the PBX system by taking the following measures:
After remote access and voicemail, automated attendants are the most common entry point for unauthorized third parties. Automated attendants answer a company's telephone, but can also serve as an open door to telecom fraud. Telethieves enter the automated attendant function, then dial the 91XX or 9011 extension. On many PBX and voicemail systems (with dial-out capabilities left active), these extension numbers connect to outside long-distance lines. To reduce automated attendant fraud, restrict or block access to long-distance trunks and local dial capabilities. In particular, block access codes such as 9XXX and possibly even the 8XXX fields or install a "verify extension field" capability, if available. Review the recommendations in the "Smart Passwords and Access Codes" section.
Continuous monitoring of your company's calling patterns will help you to identify fraud at an early stage and minimize loss. It's a good idea to regularly monitor your PBX, voicemail, automated attendant and 800 call detail records. Learn to spot patterns such as an increase in after-hours calls, calls to countries you don't do business with, multiple short duration inbound calls (especially after working hours).Watch for numerous incoming calls on your 800 lines followed shortly thereafter by a surge in long duration outbound 800 calls, which may indicate that an unauthorized third party has entered your phone system through your 800 lines and is dialling out.
Reach Customer Care at 1-800-496-4401.
If you detect or suspect tampering, or that you are the victim of telecommunications fraud, take immediate action. Telecom fraud charges can mount quickly - you can't afford to lose a minute. Your first call should be to your equipment vendor and your second to your long-distance provider. Together they can begin to pinpoint the fraud source and block further fraud attempts.
While no telecommunications system can be made entirely free from the risk of fraud, diligent attention to system security can reduce the risk considerably. One thing you can almost count on - when fraud happens it won't happen at a convenient time. These criminals often will direct their heaviest assaults on your network when vigilance is at its lowest, during non-business hours, in the middle of the night, on weekends or holidays. That's why it's a good idea to include telecommunications fraud in your Crisis Intervention Plan (CIP). Your plan should contain a checklist of actions you can take the moment you spot fraud. With a CIP in hand, you can minimize the time necessary to stop fraudulent calling, and perhaps even stop the unauthorized third parties in their tracks.
Rogers is committed to joining with our customers and law enforcement officials in the battle to control telecom fraud. As your partner, please contact Rogers if you suspect fraudulent activity has occurred in your network. Reach Customer Care at 1-800-496-4401.