Focus on: How to combat toll fraud

Focus on: How to combat toll fraud

Aginsky, Alon

Some estimate that telephone fraud in the U.S. exceeds 3 billion dollars annually. The frightening part is that this is only from customer premise equipment (CPE) and does not include calling card and cellular fraud.

PBX toll fraud is very big–and very organized. The “hackers” have their own communication network on the Internet, have their own magazine called 2600, and they meet monthly in more than 15 U.S. cities and five different countries. They know everything you would like to hide about your PBX. Some of them have even programmed PBXs, voice mail systems, ACDs and other telecommunication equipment. They know how to get in, access your “secret” passwords, and manipulate your data, long-distance routing tables and even your “personal” mail boxes.

What can you do? How can you better protect your PBX, voice mail and ACD, and how concerned should you be about the future of toll fraud? Here are some answers to the most common questions.

Q: What is toll fraud?

A: Toll fraud is defined as the unauthorized use of a company’s phone system. It is theft of long-distance services by a) an unrelated third party, b) a staff member of a long-distance carrier, local telco or vendor, or c) the user’s staff member.

Q: What are the most frequently used methods of toll fraud?

A: There are seven frequently used methods of committing toll fraud. They are:

1. Free access through “800” lines,

2. PBX manipulation,

3. Voice mail penetration,

4. Failure to install/use CDR or SMDR,

5. Maintenance port tampering,

6. Remote access abuse (DISA),

7. Staff/operator deception.

Q: Who is most likely to access our equipment unlawfully?

A: As is the case with any other unlawful act, criminals in this industry, who are referred to as “hackers,” do it mainly for the money. Others do it for fun, professional challenge and/or out of boredom. Still others know how easy it is, know the codes, have the proper equipment and cannot resist the temptation. They pick up an 800 number listing of U.S. corporations, download the listing to their PC database, and use a variety of “home-grown war dialers” to call into your auto attendant at your expense. In most cases, they can recognize the manufacturer/brand by the prompts and determine which password ranges on which to concentrate. With some luck and persistence, they will “hack” into their first system within the hour.

Most of the activity is through call/sell operators who operate in urban communities, mainly by immigrants for immigrants who call to countries like the Dominican Republic, China, Pakistan and Egypt at a rate of $10 for a 30- to 45-minute call. The calls usually take place after regular business hours or on weekends where the excessive PBX traffic will go on unnoticed and uninterrupted.

Q: How do hackers get the numbers?

A: There are different methods of obtaining telephone codes:

1. “Dumpster divers,” or the people who go through your trash and look for phone bills, computer printouts or product manuals.

2. “Shoulder surfers,” those people who stand particularly close to you at a pay phone (in airports, bus terminals, etc.) while you dial your DISA password, voice mail code or calling card number so they can capture your dialing sequence.

3. Hackers publish their findings in magazines, BBS and even on the Internet.

Q: What do they do with these codes once they have obtained them?

A: Since the primary motive is money, they look for buyers. On the streets of New York City, for example, where 60 percent of toll fraud attempts originate, a good number (or, in street slang, a “Montebello”) will go for $3,000 to $5,000 depending on the supply/ demand at that time.

Q: Why are PBXs a perfect target for these hackers?

A: Today’s PBXs are feature-rich, and more and more features are developed each day as the various PBX manufacturers attempt to gain a competitive edge. These features are all software, and therefore programmable, which in most cases means they can be accessed remotely. In addition, maintenance and service is provided by interconnects from remote service centers via modem lines. All of this creates a very familiar environment for the hacker to operate in with very little risk of being identified.

Q: What are hackers looking for in your PBX?

A: The easiest vehicle for them is to gain control of your direct inward service access (DISA) where a remote user can gain access to an outside line from your PBX by punching some “long” authorization codes. Most companies use it for the traveling employee.

Second, they would love to “take over” your maintenance port. By controlling that port, which is the heart of your PBX, they can do whatever they want, including changing your routings and passwords and deleting/adding extensions. And, if their intent is vicious, they can actually shut down your PBX and take you out of business.

Voice mail is probably the most popular vehicle of toll fraud these days. Like PBXs, voice mail systems are also very sophisticated and full of features. You can, among other things, sit on the beach in the Caribbean and program your voice mail box in Chicago to place any inbound call on temporary hold, grab another line, call your cellular phone then conference the two lines–all within seconds. Meanwhile, the caller has no idea that you are actually enjoying the sun and sipping Jamaican rum. Hackers want to use exactly that feature to forward calls to a “phantom” mail box that will give just a dial tone. Then, they dial the rest from any public phone in Miami, Dallas or Amsterdam.

Another kind of voice mail hacking involves changing the greeting in an “orphan” mail box to a simple greeting, which may consist of 10 seconds of silence followed by, “Yes, operator, I will accept the charges.” The hacker can then dial “0” from any pay phone, tell the long-distance operator he or she would like to call London, and charge the call to a “third party” which is “the hacker’s” company at 555-4444 extension 777. When the operator calls that number and asks to be transferred to extension 777, his/her 10-second inquiry (“This is the long-distance operator. Mr. Joe Brown is calling London, will you accept the charges?”) will be accepted by the well-timed, prerecorded fraudulent greeting.

Q: What can be done to combat fraud ?

A: The following are some basic steps you might want to consider adopting in the fight against toll fraud:

Education: First, get yourself and your immediate staff acquainted with toll fraud. Periodically remind all employees who have been issued authorization codes (DISA, voice mail, etc.) of the importance of keeping these codes secret and the need to change them frequently. Also, warn all employees about “shoulder surfers” and advise them not to write their codes in public or yell them out in a crowded area. Second, educate yourself with the many features of your PBX, voice mail and/or ACD. Shut down all of those not in use or not in service, and change your PBX passwords as frequently as possible.

Ports: Install a “dial back” modem on your maintenance port, and always have your service provider call you before accessing your PBX.

Block: Block access to destinations where your company does not do business. If circumstances do not permit this, at least block calls to some or all of the 10 most popular fraud destinations (i.e., 800 area codes, Pakistan, Egypt, India, the former Soviet Union, El Salvador, China, Colombia, Mexico and Ghana).

Voice Mail: Make sure your voice mail system is a “closed loop” and cannot be manipulated to get an outgoing dial tone. Check your valid mailbox list and delete any box that is no longer in service. Disconnect callers after three unsuccessful attempts at dialing their mailbox code. Instruct employees to change their voice mail passwords and delete “old” messages.

Codes: Choose random. lengthy passwords (10 digits or more) and change them frequently to make it harder for hackers to discover them. Keep these codes in a safe place and never write them on the wall next to the PBX.

DISA: Consider disconnecting DISA. If this feature is necessary, ensure that only those employees who have a real need for international calls will be allowed to use it.

Fee calls: Block all 900, 570 and other types of “toll” calls.

Call Accounting System: If you have a PC-based call accounting system, frequently run exception reports such as after-hours/weekend activity, long-duration/high-cost calls, short-duration incoming calls and “800” number usage to track “800” to “900” numbers. In addition, invest in a real-time toll-fraud detection system that will “learn” your company’s calling pattern and alert you by pager/printer and audible alarm when a suspicious call occurs.

Insurance: Consider purchasing an insurance package that indemnifies against losses caused by hackers. Although they are costly and do not cover loss of business, they can protect you from horrendous fraud charges.

Communication: Stay in touch with your interconnect, and ask them to pay extra attention to uncommon telephone traffic and alert you when they notice any suspicious calling patterns.

Fighting The Toll Fraud Battle With Smarter Weapons

Getting somebody else to pay for a personal toll call is not exactly a new kind of fraud. It has been around since the early days of dial telephones. The introduction of direct “1 plus” dialing for long-distance in the late ’50s just fueled the practice. And the long-distance price wars of the last decade have lowered prices so much that employees barely even consider it an infraction of company policy. Everyone knows they are not supposed to make personal long-distance calls on the company, but hey, “We’re only talking pennies here.”

However, the pennies add up and toll abuse has become a significant cost to every corporation. In the early ’80s companies began installing toll restrictors on certain lines ahead of their KSU or PABX. Those early toll restrictors cut off calls that started with the digit “1.” But some employees couldn’t be stopped with such simple weapons. They knew they could still make long-distance calls through the operator. So toll restrictor manufacturers were forced back to the drawing boards. Their next models cut off the call at the first sight of either a “1,” or a “O.”

Then the telcos started charging for directory assistance. Unaccustomed to the practice of writing down phone numbers, employees started racking up directory assistance charges by the score. Companies quickly purchased the newest toll restrictors to eliminate the unnecessary expense of directory assistance.

The turning point in the war against toll fraud came with the introduction of “900” numbers. These calls were no longer little infractions of company policy. They were expensive. The battle was now a war and companies turned to heavier artillery.

The pressure was on manufacturers of key systems and PABXs. They soon started offering toll restriction capabilities built right into the system. With these newer systems, the company could individually program user stations either to allow or disallow long-distance calling. That too worked for a while.

But the battlefield has changed again. And by all signs, it will be in constant flux for sometime to come. Today, we are witnessing a rapid increase in the number of area codes, and local calling areas are shrinking as new exchanges are added almost daily. Some across-the-street calls are now long-distance. Yet the older systems restrict employees from making those “local” calls.

The larger PABX suppliers are offering software upgrades to handle the new requirements. But the price tag is huge. So are the costs of installation and changes. Smaller key system users are being forced to find new solutions or junk their system altogether.

Manufacturers of add-on toll restrictors once thought they were in a dying business because of all those built-in features. But today, they cannot keep up with the demand.

The newer add-on toll restrictors can be easily programmed to allow or restrict not only area codes, but local exchanges as well. Most offer bypass access codes to allow certain employees to bypass the restriction. Some models incorporate a programmable time warning tone to alert employees of long-distance time used. They even contain a programmable cut-off feature that disconnects the call after a pre-determined length of time. That sure keeps employees from wasting long-distance time.

The single most important advantage to the add-on toll restrictors is their low cost. The average toll restrictor carries a retail price of only $150. That’s a huge savings compared to a software update for a PABX, or scrapping a key system.

As you shop for an add-on toll restrictor, ask your telecommunications supplier about the restrictor’s ability to deal with foreign exchange calling patterns. Some manufacturers have already anticipated that need and are offering foreign software for a small upcharge.

Toll fraud will never be eliminated. But the weapons for fighting the battle are getting smarter, more versatile, and less expensive. There are still some mighty sophisticated systems out there. But many times their purchase cost, installation cost, and update cost is in reality more than the cost of the toll fraud itself. That’s why the newest add-on devices look so attractive. They are simply more cost-effective.

We strongly encourage you to submit any questions concerning telemarketing and business telecommunications to: Q&A, One Technology Plaza, Norwalk, CT 06854. If you would like your questions answered specifically by Mr. Aginsky, please address your envelope to his attention. We will try to print as many questions and answers as space permits.

Rick Muscoplat has been a marketing consultant for 15 years. His clients are manufacturers of telecommunications and security equipment. He has actual hands-on experience in installation and sales, as well as new product development. His consulting practice is located in St. Paul, Minnesota.

Copyright Technology Marketing Corporation Nov 1995

Provided by ProQuest Information and Learning Company. All rights Reserved