"Protecting Your Business by Controlling Telecom Fraud " Is an educational blog that covers several best practices to help you protect your business from fraudulent activity. Over a series of blogs and webinars, we’ll dive into the fundamentals of VoIP fraud, identify typical fraud activities, and discuss essential prevention methodologies you can use to protect your platform, your customers, and your business.
What is VoIP Fraud and How to Prevent Hacked Equipment & Settings
VoIP fraud is defined as the unauthorized use of paid communications services charged to someone without their knowledge, service provider or customer. As mentioned in our webinar “Protecting the Customer Experience by Controlling Telecom Fraud”, a single fraud event can cost a customer anywhere from $3,000 to $50,000, and more often than not, occurs more than once. This is why we are focused on a series of educational content to help you learn how you can help protect your company and your customers with simple steps. Our 1st part in the series begins with tips on preventing hacked equipment and settings. This is the easiest and most common form of fraud, that is also the simplest to prevent.
Fundamentals of Fraud
Device Fraud: Device fraud is simple -- the internet is scanned to search for vulnerable endpoints; vulnerable endpoints are those easiest to access by using the default usernames and password. Most UI’s change this for you automatically, but in the instances that a change was not made, those endpoints become the most vulnerable and easy access for fraudsters. From then on, attackers can set up call transferring to their own phone service and control those devices.
This results in them either pumping as many calls as possible to the numbers on their systems or routing all customer calls through the phone system you are using, costing them nothing, but still billing for usage.
How to Prevent:
Call Forwarding Fraud & *72: Call forwarding fraud is a bit more difficult but still fairly simple. Think of this as the “Nigerian Prince” of phone fraud. The way this works is:
How to Prevent:
Call forwarding can also be setup through your Web/User Portals and UI/API’s. Make sure your username and password are unique and have been changed from the default, making it more difficult for attackers to access the account.
Fun Fact: It would take an attacker mere seconds to decipher your password if it is any one word in the dictionary. Even for variations like this: Pa55word, 123V0IP, H4ckerGrl. As they already have millions of variations set up to scan. Try using a combination of words, such as Turtle-Balloon-Safari.
Voicemail Callback Fraud: Voicemail fraud is another tedious but effective form of fraud. Attackers know how to compromise voicemail systems to accept and make collect calls without your knowledge or permission.
How this works in more detail:
Another version of the scam completely bypasses the guessing aspect and breaks directly into a voicemail system's call forwarding feature, and programs the system to forward calls to an international number on their phone service.
How to Prevent:
*All preventative methods are suggestions and not guarantees.
At the end of the day, it comes down to educating yourself on current security risks that could affect your platform, protecting your infrastructure through preventative planning and development, and doing your due diligence on best of breed security initiatives to keep your systems and your customers protected.
Here are some great articles we found enjoyable to read:
If you're looking to explore a new communications platform the offers the security and flexibility to grow your business, learn more about KAZOO platform offerings today!