Today's Fraud term is PBX Dial-Through
Dial-through fraud relies on a feature that exists on every PBX.
This feature allows employees to call into the switchboard or their voicemail
and make outgoing calls after inputting a password or pin. Now this is a
very convenient feature and the reasons that it exists are
legitimate:
- Enable
traveling or out of office employees to make work related calls without
having to pay for the calls themselves.
- Enable
people to return calls without having to write down or remember the number
left in the message.
Although this feature may be turned
off upon installation, hackers will try to break in and create their own
mailbox, which will allow them to dial in and then make any calls they wish.
(Next week we will discuss how they can get into the system to do this.)
To protect your company you need
to ask these questions -
- Do
we need this at all?
- If
so does everyone (and all mailboxes) need it? Can you think of a reason
why the server room, break room,conference rooms, or Lobby need a mailbox,
let alone one with this feature?
- For
those who need it, can calling cards or dial back be used instead?
If the answer is that you do need it, then limit it to:
- Selected
people, and make sure that they use strong passwords (no 1111, 1234, or
their extension).
- Specific
times of day - do they need to make work calls on weekend nights?
- Specific
call types - do they need to make local calls, long distance calls,
international calls, calls to Cuba?
Also, make sure that people are
aware that the return the call feature on their cellular phone can be set to
call premium numbers that can cost more than $2 per min.
