Telecom fraud: The cost of doing nothing just went up

Craig Pollard, head of project management at Siemens Communications examines the increasing threat of telephony fraud and highlights the vulnerabilities to IT managers. a 2005 Elsevier Ltd. All rights reserved. It is probably little surprise that telephony fraud has become big business. However, with the International Forum of Irregular Network Access estimating that the total cost of telephony fraud worldwide has grown to £40 billion, it is clear that more needs to be done to tackle the issue. Indeed, techniques adopted by hackers have become significantly more sophisticated. Traditional PBX systems are being targeted internally by unscrupulous employees and externally by organised crime gangs, both of whom are intent on using voice communications for fraudulent activities. The threat of telephony fraud Organisations must therefore remain vigilant to a variety of criminal practices or they will continue to count the costs. Some examples of such practices include PBX hacking, abuse of corporate call forwarding and the courier scam. 0167-4048/$ see front matter a 2005 Elsevier Ltd. All rights rese doi:10.1016/j.cose.2005.07.006 PBX hacking Fraudsters can break into a traditional PBX if the switch is not properly configured and password usage is not effectively monitored. Should a hacker compromise the PIN and password number on a PBX, they can break into a company’s telephone system and make anonymous and free telephone calls. By simply raiding an organisation’s bins, a criminal could potentially locate confidential information not properly disposed of and assume the identity of a trusted employee. Once they have assumed a false identity, fraudsters could access a company’s online directory and gain access to other individuals’ PIN numbers by posing as maintenance workers. The maintenance port of a PBX is an area of frequent fraudulent exploitation. Hackers often use the dial-up modem attached to such ports, used to assist remote maintenance activities, to gain access to the network. When a PBX is linked to an organisation’s IT network e as is increasingly