DnA 5-7: How to Fight Telephone Fraud
Yes! More news comes from Pacific Bell, California's favourite BOC or Baby Bell, if you prefer. These press releases were received just after Digital News Associates magazine #4 (DNA, love those acronyms!) went to press. It concerns the abuse of PBX's (Private Branch eXchanges if you didn't know or have been smoking crack) and suggests ways for alert PBX and voicemail system owners to avoid losses to hackers. The second press release goes on to describe the Pacific Bell Lock-On program, which is truly frightening. Sprechen Sie Fascist? Note that they use the "H" word repeatedly in both.
PACIFIC BELL
Release: September 8, 1993
TEN TIPS FOR FIGHTING TOLL FRAUD
Remote access fraud involves computer hackers who electronically infiltrate a company's telecommunications equipment in order to gain free access to long-distance lines.
Equipment that can be vulnerable include PBX's, automatic call distributors, auto-attendants, call diverters and voice mail systems. In addition, thieves sometimes break in through equipment features such as DISA (Direct Inward System Access) and remote maintenance ports, which are designed to allow employees and vendor repair personnel to use the system when they are not on company premises.
Here is a common scenario:
- A hacker calls a randomly selected 800 telephone number.
- The hacker's computer is programmed to dial various codes until it cracks into the customer's system.
- The hacker obtains access to a second dial tone, transfers to an outside line, and can now place calls which will be billed to the host business.
The following are fraud-prevention tips from Pacific Bell's free booklet titled "Telephone Toll Fraud Protection:"
- Limit the number of employees who are given equipment access codes and assign random codes on a need-to-have basis only.
- Remove default pass codes installed by the manufacturer or vendor.
- Change DISA and voice mail pass codes frequently and increase the number of digits to a minimum of eight.
- Restrict after-hours and weekend access to DISA features.
- Deactivate a second dial-tone feature with your voice mail system if you don't need it.
- Screen or block calling access to foreign countries and area codes not relevant to your business operation.
- Monitor call detail reports closely and promptly investigate any patterns that might indicate the likelihood of unauthorized calls.
- Have your equipment vendor extend the answer cycle on DISA numbers and program your system to disconnect any incoming calls after one or two unsuccessful attempts have been made to input the access number.
- Ensure that operators and centralized answering points never automatically connect an internal call to an external network without proper authorization; it might be a hacker who has gained access to an internal station.
- Disable the maintenance port available to your equipment vendor so that it can be used only by authorized vendor personnel when your equipment requires service.
PACIFIC BELL
Release: September 8, 1993
LONG-DISTANCE CRIME WAVE
HITS CALIFORNIA BUSINESSES
Long-Distance theft is on the rise in Southern California, Pacific Bell warned today.
Since last fall, the number of remote-access fraud cases detected by the company has nearly tripled --Up to about 11 per month in the metropolitan area. Cases involve computer hackers who infiltrate business telephone systems, seize long-distance lines, and sell international calling to immigrants who may not be aware the telephone service is obtained illegally, or drug dealers who want to circumvent the billing records created by personal telephone service.
In the past nine months, thieves have rung up between $500,000 and $1 million in fraudulent toll charges billed to area businesses.
Ironically, the surge in number of long-distance thefts is an indirect result of successful fraud protection programs like the Pacific Bell LockOn program (TM)
"The good news is that our prevention, detection, and intervention efforts help ensure that theft is caught and stopped earlier, before losses escalate." said Brian George of Pacific Bell's Centralized Fraud Bureau. "The bad news is that the hackers simply target another business, so more companies end up being victimized."
George said the average loss per incident of fraud is approximately $7,000, a reduction of more than 50% since Pacific Bell launched its LockON program last fall. Most losses are long-distance charges assessed by inter-exchange carriers such as AT&T, MCI or Sprint.
"Given the increased chances of being hit by a hacker, it's more important than ever for businesses to protect themselves," George said. "We offer a number of free safeguards through LockOn that can help businesses prevent long-distance theft, or detect and stop it quickly if it occurs."
Services available through Pacific Bell LockOn include:
Prevention -- Pacific Hell Fraud Consultants can provide provide companies with a free telecommunications risk assessment and advice regarding security improvements. Also available is a free guide "Telephone Toll Fraud Protection."
Detection and Intervention -- Pacific Bell's Centralized Fraud Bureau continually monitors the network for fraud warning signals, such as unusually high traffic levels to certain foreign countries. If fraud is identified, the company works with the customer, equipment vendor, and long-distance company to secure the customer's system.
Prosecution -- If suspects can be identified, Pacific Bell works with law enforcement agencies to prepare evidence for prosecution.
Customers who would like more information about toll-fraud protection services should contact their Pacific Bell account executive or local Pacific Bell business office.
Pacific Bell is a subsidiary of the Pacific Telesis Group, a worldwide diversified telecommunications corporation based in San Francisco.
You've been warned....