Toll fraud is, or should be, a concern for any business with a telephone system. There are many scams that hackers may use to attempt to steal your business telephone system potentially costing your business thousands of dollars over a single weekend. The purpose of this article is to discuss a social engineer scam called the “Extension 900 Scam”.
In this scam, the hacker calls your main number or toll free number and ask your receptionist to transfer him to extension 900. In most business telephone systems, “9″ is the access code for an outside line and 00 is the number for the international operator. If the receptionist transfers the call, he is connected to an international operator who will then politely assist the caller with his connection to an international number. Your business will pay for this fraudulent call.
How this scam works.
Most hackers/thieves understand that not all systems are blocked from this kind of attack. It’s a simple matter of calling your main number and asking to be transferred to extension 900. Most companies do not have an extension 900. Most companies do not have ANY numbers beginning with a 9. The digit 9 is almost always exclusively used to access outside lines. So if the caller is successful in having his call transferred to 900, he is connected to an international operator. The actual code is: 9(outside line) + 00(international operator).
A good receptionist will understand that there is not an extension 900. They will usually know most of their internal extensions by heart. If the receptionist tells the caller that they don’t have an extension 900, the caller will say something on the order of “the president of the company told him to ask for that extension and was waiting for his call”. If the receptionist insists that they do not have an extension 900 the caller may very well become threatening and try and intimidate her into transferring the call.
How to Protect Your Business
The most important thing is to educate your end users, especially your receptionist or operators. Bear in mind that it doesn’t have to be the receptionist who answers the call in order to make this work. For example, if you can dial a direct number to any office in your building, you can ask any one to transfer you. That person could be the warehouse clerk or janitor, it doesn’t matter. So be sure to educate your users at least once a year.
Here are some more things you can do to stop this kind of attack.
1) Block calls to 9-00. If your company has no need to call an international operator, then it should be blocked. I would also include all international calling (9-011) if it is not needed by asking your carrier to block it. If you need to make the calls on the rare occasion, then use a prepaid calling card. You can get some incredible deals with these cards and you will limit your loss liability.
2) Block any Trunk to Trunk calls. If a call comes into your PBX or Key System, and you transfer it back out, that is a “trunk to trunk” call also called a tandem call. This can be blocked on most systems. Keep in mind what this may effect: do your executives call in and have their secretaries transfer them to an outside number? Do you have an after hours service that requires callers to be transferred to an outside service? If you don’t need to do these things then you should block trunk to trunk calls.
3) Restrict phones from being able to transfer callers to outside numbers. You may need this feature for some people but certainly not everyone needs it. Work with your telephone system vendor to set up the Classes of Service that will block this ability.
4) Restrict the calling areas telephones can call. Does every telephone in your business need the ability to call international numbers, or even to a number outside your business area? If a phone has no reason to call outside your business area then why give access to that ability? If you can’t call a long distance number then you can’t transfer a fraudulent caller to a long distance number.
5) Monitor your phone bills. It’s easier to get away with any toll fraud scam if you never check your phone bills. You need to watch for unusual calls.
6) Finally, be sure your phone vendor even knows what toll fraud is. This may be surprising considering that they are supposed to be the experts, but I’ve met many technicians that really don’t think about such things. Most have never had even the most rudimentary training regarding toll fraud security. I ran into one technician that was highly though of by our mutual customer. I noticed that a trunk to trunk transfer was enabled on the class of service of his voice mail system and insisted that it be removed. When I explained why, he even asked “Why would any one do that?” Now that you know be sure your vendor does.
Author: Ralph Willett
Article Source: EzineArticles.com
Provided by: Cool mobile gadgets
Related Posts -
VOIP IP PBX Equipments IP PBX is the acronym that stands Internet Protocol Private Branch Exchange and it denotes a telephone system that uses the internet protocol to transmit data. IP PBX is indeed a path-breaking development in telecommunication technologies. IP PBX is more meant for business enterprises that have to regularly contact...... - VoIP Telephony - What You Need to Know First About Emergency 911 Calls Voice over Internet Protocol providers Skype, and Vonage are just two of the many VoIP telecoms service providers which have, in the past, come under fire in the US, and elsewhere, for failing to connect emergency 911 calls. It is quite natural for users to assume that VoIP based systems......
- VoIP Phone Systems - How Your Business Can Benefit New technologies such as VoIP phones don't just replace previous technologies. They also give you much greater functionality, make you more productive, enhance your customer service and save you money compared to older technologies. Consider the advantages that a well-designed VoIP phone system can provide you with: Any and all......
- Toll Fraud Security and DISA Most businesses Telephone Systems have a feature called Direct Inward System Access or DISA for short. This feature allows authorized users to dial a special number into your telephone system and then either dial extension numbers directly or outside numbers utilizing your companys less expensive long distance trunks and......
- Tomorrow's Communications Today As electronic communications have continued to advance, older forms of technology have been refined in a lot of new ways. Hosted PBX phone systems are a very good example. As a phone system that can function from a remote location, the virtual PBX has made a big difference in......
Related Websites -
How to Get Exercise When You Don't Have Time Just because you do not have a lot of time on your hands, that does not mean that you will not be able to sneak exercise in to your daily schedule in order to get healthier and lose weight. Most people think that if they do not have an hour...... - Macau News January 2007 Stanley Ho buys into Star Cruises Stanley Ho is reported to be forming an alliance with Star Cruises, the fast-expanding cruise and gaming company controlled by Malaysia's Genting Group. He will be invited to buy up to 10 per cent of Singapore-listed Star Cruises, for which he will give rights......
- International Investing: What's Your Asset Allocation? The Digerati Life (RSS Feed) just keeps giving me more to write about. This time she presents an excellent article on international investing. In the article she gives great table relating your international asset allocation to a risk tolerance. If you have 25% of your money outside of the US,......
-
Player Profile for Double Bassist Mike Milligan While few people can name a double bass player (though many can name a bass guitar player) some bassists actually break out and perform solo bass. Some even go on to record an entire album of solo bass, like double bassist Mike Milligan. When many people think of a bass,...... - A Review Of The Amway Income Opportunity Amway ReviewAmway, or the American Way,as people prefer to call it is one of the most popular network marketing companies. Amway operates in eighty plus countries and distributes more than 450 products. More than three million people share the Amway vision as distributors or IBOs. It’s this income opportunity that......
Related posts:
[...] This post was mentioned on Twitter by Michael Kirchhoff, Rahma Allam. Rahma Allam said: PBX Toll Fraud Protection – The "Extention 900" Scam http://bte.tc/akSw #RTW [...]