Private Branch Exchanges, or PBX's, are used by many big and small businesses and organizations for their traditional landline and Voice over Internet Protocol (VoIP) phone systems. Bad guys like to hack them with both new and existing tactics. When successful, they can leave businesses with huge headaches and phone bills to match - more than $5 billion in global industry-wide losses.*
The bad guys try a variety of methods to get into phone systems, such as voicemail hacking and searching for gaps in security. Once in, they can control a business' phone system and use that system to make expensive international phone calls.
They make their money by working with the owners of international phone numbers. The owners charge phone companies high fees for connecting the calls and kick a portion of that back to the bad guys. Charges can add up very quickly and phone bills can rise to shocking levels. For small and medium-sized business owners, these bills could be devastating.
What makes this scheme effective is that it's extremely difficult to detect without a service like AT&T NetPROTECT, which can detect irregular calling behaviors. Without a watchdog service like this, a business' first clue could be a phone bill that is many times more than their average bill.
To help minimize the risk of phone system fraud, businesses should do the following:
- Change passwords: Credentials for both administrators and user mailboxes should be changed frequently. Make sure all default passwords on equipment are also updated.
- Tailor access to the PBX: Regularly ensure that access is provided only to those who need it, especially as individuals join and leave the organization.
- Limit device access: Make sure your PBX or Call Manager only allows the registration of internal trusted devices or softphones for remote users.
- Don’t be a hero: Get help and have your PBX vendor run security audits to check for loopholes.
Even as bad guys grow more sophisticated, they remain opportunistic. Don't be an easy target. PBX fraud impacts businesses and organizations of all sizes. Variations of this scam have been around for decades, and since 1992, AT&T NetPROTECT has been helping protect businesses as technology evolves.
There are many things you can do to help protect yourself from fraud. A good place to start is with our top five security tips. You can also learn more about the different ways AT&T is helping to fight fraud here.