I was just reading an interesting article by Steven Cotton
of the TM Forum entitled Fraudsters
Will Be Fraudsters, But How Does Provider Indifference Help? In it he
explains about a recent phishing attempt that came to his in-box and how the
service provider’s support group did not know if they had a security or fraud
department and could not be bothered to care.
Now if you look at most of the recent stories labeled as telecom fraud they are frequently about
people being defrauded using the phone rather than fraud hitting the PBX. In
these cases it us usually someone tricked by phone or email into going down to
Western Union an sending money to someone that they know who is in some sort of
“trouble.” Now the cases and cause of
the trouble is varied (bail, hospital charges, fees to get car fixed, etc.) but
the common item is that they always want the money sent via Western Union – who
has no verification, tracking or roll-back options once the cash is taken.
Now Steve ended his blog entry with this line
I'd suggest that the industry should at least set a basic goal of making the fraudsters at least break a sweat as they perpetrate their nasty business.
I suspect that this is exactly the case, and if there was a
way to force Western Union to verify the identity of the person claiming the
money, say the way that a person-to-person call works, would cut down more than
half of this kind of fraud.
The same is true in PBX related fraud, keeping default
passwords, leaving the system ports open, not watching your phone bill, and not
proactively protecting your system makes it just as easy to defraud you as
those who are praying on phone scam victims.
