The estimated cost of toll fraud, or phone hacking, to businesses is $4billion annually; double the cost of credit card fraud. But we rarely hear about it, despite this tremendous burden it places on carriers and enterprises. Maybe it’s not as sexy as credit card fraud, or because it hits companies rather than consumers directly, there’s not as much interest. However, it can have tremendous impact on a company’s bottom line, and instances of toll fraud are being reported regularly. Just this past week, authorities in the Philippines arrested six adults and three minors for hacking AT&T and causing a $24 million loss for the carrier and its clients over the past few years. Overall, it is estimated to cost businesses $4 billion annually.
What are toll fraud and phone hacking?
Toll fraud or phone hacking is an individual (or group of individuals) illegally access a phone system to dial in and get transferred to any telephone number, typically overseas.
More than putting companies at financial risk, phone hacking presents a security risk for companies as the hackers can gain access to entire phone systems, voice mails, and even eavesdrop on phone calls, getting access to sensitive information.
At vCom, we’ve found instances of fraud across a dozen of our customers over the past few years. Like credit card fraud, toll fraud charges happen quickly, easily reaching thousands or tens of thousands of dollars. Unlike credit card fraud, however, calls don’t get “declined” as charges do; and carriers don’t credit enterprises the same way that credit card companies credit consumers. Instead, the enterprise is liable for the cost of the fraudulent calls. And despite preventative measures, the amount of total fraud has more than tripled.
How does it happen?
Hackers, as their name implies, hack into voice mail systems by using default passwords and easily guessed passwords, and then can use the password pattern to hack into other voice mailboxes in the network. Once they have control of the voice mailbox, they can change the outgoing message to one that dupes automated operators to accept collect calls, or the hackers take advantage of remote notification services to forward the call to an international number.
How can you prevent fraud?
Even companies with sophisticated technology to prevent toll fraud can be vulnerable. There are some key steps you can take to help protect yourself, including
- Powerful Passwords
- Change your default password
- Make your password complex
- Don’t use obvious passwords
- Don’t use a standard formula for enterprise passwords
- Change your password regularly
- Better Behaviors
- Regularly check our voicemail greeting
- Check up on your voicemail during holiday / vacation periods
- Block international calls
- Disable automated features that are not used
Making it as difficult as possible for hackers to get into your system is critical and worth the effort. Recovering those lost dollars – and the potentially lost sales when your lines are tied up by fraudulent international calls – is almost impossible.