The Toll of Toll Fraud and What You Can Do About It
-Cyndi L. Fenske, Freelance Technical Writer and PBC Receptionist
Toll fraud is something every business owner should be aware of. Affecting vulnerable businesses, large and small, hackers can break into phone lines and accrue enormous charges. In 2013, for example, toll fraud cost small business victims $4.73 billion globally. How it works is simple enough. According to the New York Times, “Hackers sign up to lease premium-rate phone numbers, often used for sexual-chat or psychic lines, from one of dozens of web-based services that charge dialers over $1 a minute and give the lessee a cut….Hackers then break into a business’s phone system and make calls through it to their premium number, typically over a weekend, when nobody is there to notice.” These calls are often long distance and international. Some hackers even call on a toll free line which causes the business to pay double for an incoming and outgoing call.
Ultimately, the responsibility for the security of a phone system is up to the business owner. Since fraudulent calls are placed over many different inter-exchange carriers (IXCs), each carrier must pay that portion of the call handled by them. When the call is placed to an international location the domestic carrier must pay the foreign carrier regardless of the fraud. The end user, or business owner, controls access to his or her PBX system, not his or her telecommunication provider, so the business owner is responsible for the charges incurred. The responsibility for the security of the PBX system is the business owner’s and he or she should take steps to protect his or her assets.
It is important for business owners to be aware of the risks associated with an unsecure phone system, but not feel like helpless victims. Several preventative measures can be taken to protect from toll fraud; some of these include:
- Disabling the external call forwarding feature in voice mail
- Removing any inactive mailboxes
- Checking your recorded announcement regularly to ensure the greeting is indeed yours (Hackers tend to attack voice mailboxes at the start of weekends or holidays)
- Considering disabling the remote notification, auto-attendant, call-forwarding and out-dialing capabilities from voice mail if these features are not used
- Considering restricting international or long distance destinations to which your company does not require access (Restrictions should also include 1-900 calls and 1010 casual dialing within the PBX/Voice Mail system. While you can request this of your phone company, you should also set these restrictions up in your phone system)
- Cancelling extensions that are no longer used along with their associated features and access rights
- Practicing strong passwords
- Monitoring your company’s call patterns regularly
- Making sure your system is kept in a secure location to which only authorized users have access
It is also important to understand that if your provider blocks international calls, this will not block calls to certain locations outside the U.S. but still within the “North American Numbering Plan” (i.e. Canada, Puerto Rico, US Virgin Islands, and other Caribbean countries.)
At Paul Bunyan Communications customer service is our top priority. We work hard to protect our customers from toll fraud and other scams and are happy to work with you to protect your phone system from accruing fraudulent charges. Please contact PBC if you would like assistance or have any questions about toll fraud. Paul Bunyan Communications customers are encouraged to call their dedicated Account Executive at (218)444-1234 to schedule the preventative maintenance on your system (in some cases charges may apply) or to gather more information.