What is Toll Fraud?
Toll fraud, or phone phreaking, is where a cyber criminal hacks into your telephone system and uses it to make calls to international or premium rate numbers at your expense, the end result being a huge bill.
In the last 3 months 2 our our customers have fallen victim to this crime. Although Concert will never profit from fraud the cost to our customers was still over £10,000.
Imagine the following scenario:
All of your employees leave the office on a Friday at 17:30 and come back on Monday at 09.00. During this time someone hacks your phone system and makes international calls at a premium rate, for example at £1.15 per minute.
In essence this may not seem like very much, but think about how many minutes that call could last while your office is unmanned over the weekend. From 5.30pm Friday to 9am Monday morning is 63.5 hours, thats 3,810 minutes! Now multiply this by the premium £1.15 per minute and you’re already looking at a £4,381.50 bill on top of your usual monthly cost.
Now consider that this is based on the assumption that you only have one phone line. What if you have 5 lines and the same happens to each? Now your looking at £21,907.50 of fraudulent activity!
You can begin to see why toll fraud can be such an expensive and damaging form of cyber crime.
How bad is toll fraud in the UK?
Phone hacking and telecommunications fraud is thought to cost the UK as much as £1.5 billion a year with some individual business seeing bills as large as £ 35,000 and in today’s connected world, every business is at risk of toll fraud.
It doesn’t help that a staggering number of organisations, large and small, have neither the knowledge nor the resources to ensure that their systems, processes and people are protected in the face of this ever changing digital environment.
Is there any good news?
Sort of – there are some ways that you can try and prevent toll fraud.
A few suggestions on how to protect your phone system:
- Security – have an annual review – maintain strong physical security. Keep an eye out for new vulnerabilities to your phone system.
- Restrict International calls – outside working hours, restrict international calls, these being the major destinations for toll fraud. If your company needs to make International calls, set up a password for them.
- Passwords – always change the default password provided and make a habit of changing them regularly, preferably on a monthly basis.
- Employees – when an employee leaves the company delete their accounts and create new ones for any new starters. Also educated your employees about toll fraud and have a reporting process in place if they suspect any unusual activity.
- Phone audit – probe your phone systems for any vulnerabilities that may have been overlooked or neglected.