Posted on Monday 28th Sep 2015
Is your system safe from cyber attacks?
‘Phreaking’ is and has been for some years a major issue. Systems have traditionally been hacked through their voicemail systems, many pin codes were left default giving easy access for the knowledgeable hackers. Once in, the phreakers reconfigure the system enabling them to get dial tone to make their own calls on your system. Not a major thing most people think, how many calls can they make? Well plenty, and you should be more concerned where, International calls, premium numbers, or even sell off details so they can be used as least cost routing for th unsuspecting purchaser.
This is mostly done when the offices are closed and no one would suspect until the bill arrives.
It is costing companies in the UK alone £Millions, an instance of phreaking can cost a single company upwards of £10000 and your provider will not cover you for this. It is your system and your issue.
Moving forward it has now become part of cyber crime. We speak to many companies that believe their system is safe, “...it’s behind our company's firewall which is very secure….” or “...it's a hosted system so how could they make any calls from our phones?” But again these issues are mostly the same, simple or default passwords causing an easy path. 1234, 4567, 2580, extension numbers as passwords, and so on.
Make your pin numbers at least 6 digits long with no pattern, if possible add letters both upper and lowercase along with symbols.
Basics to prevent against this type of fraud
- Use strong pin/passwords for your voicemail system, VoIP handsets and Phone Systems ensuring they are changed regularly.
- If you still have any of the above on a default pin/password change it immediately.
- Disable access to your voice mail system from outside lines. If this is business critical ensure the access is restricted to essential users using CLI recognition and request they regularly update their pin/passwords. Alternatively have the voicemail sent as an attachment via email.
- If you do not need to call international or premium rate numbers, ask your telecoms provider to place a restriction on your telephone line.
- Consider asking your network provider to not permit outbound calls at certain times e.g. when your business is closed, this is particularly easier on SIP trunking and hosted services.
- Ensure you regularly review available call logging and call reporting options.
- Regularly monitor for increased or suspect call traffic.
- Request a daily spend limit on your account to limit the risk, most companies have a similar spend each month.
- Secure your exchange and communications system, use a strong PBX firewall and if you don’t need the function, close it down!
- UDP port 5060 is the most common risk, use a different port or port redirection if possible.
- Speak to your maintenance provider to understand the threats and ask them to correct any identified security defect.
If you are unsure or require assistance please call us on 01924 241260, we are happy to conduct an initial assessment of your services where we can.
To report a fraud and receive a police crime reference number, call Action Fraud on 0300 123 2040
Get In Touch!
Simply fill in the form below, and we will get back to you as soon as possible.