PCs and computer servers aren’t the only technology systems hackers stake out.
Major data breaches grab headlines, like Home Depot’s recent computer security problems, by virtue of the millions of customers they potentially affect. Small businesses, meanwhile, continue to fall victim to another form of fraud that can lead to real losses. Understanding the threat can help you bolster your small business security.
As low-tech as it sounds, hackers are resorting to phone scams to line their pockets. Their methods are surprisingly sophisticated, and their attacks can reach heights unimagined by phone phreakers of the past.
Many attackers exploit the gaps between a phone service provider’s obligations and the security protections offered by a customer’s phone systems. The problem has been getting much worse over the past three years.
And making a wrong guess isn’t a problem. The fraudsters simply call back continuously using automated, multi-line computerized approaches that are the phone-based equivalent of a brute-force attack on a server. Once they establish a foothold, the real damage is done.
Small Business Security: The High Cost of Telephone Fraud
Once armed with a valid PIN code, hackers will begin calling premium international phone numbers with high per-minute charges. The owners of these numbers are typically in league with these hackers.
In the end, the hackers pocket their ill-gotten gains, and the cycle repeats. When the billing period ends, the victims receive a massive phone bill.
That was the case recently for Foreman Seeley Fountain Architecture, a seven-person firm in Georgia. The company was on the hook for more than $160,000—which ballooned to nearly $200,000 after fees—following a phone hacking incident.
Business owners shouldn’t expect much help from the phone company if they find themselves in the same situation. The telecom vendor is not responsible for the security of your on-premises equipment, no more than your ISP is responsible for your PC.
In the case of the architecture firm, lawyers got involved. Regardless of the outcome, it’s an added expense that can strain a small business’ finances.
Other scam variations include dialing up a small business’ toll-free number after-hours and letting the auto-attendant pick up. Customers get a big phone bill and less-than-reputable employees at the phone service provider will share their haul with their partners in crime.
Even small businesses running Asterisk and other VoIP on-premises solutions aren’t immune. A poorly secured or configured implementation can open them up to attack.
Fortunately, there are ways small businesses can protect themselves.
Phone System Fraud: Small Business Security Tips
Keep current on any software updates, and check with your phone system vendor regularly. Automatic updates are not the norm in this industry, particularly with older phone systems.
Change default passwords and PINs. That act alone helps eliminate a back door through voicemail. In the same vein, disable little-used features like the ability to redial numbers from the outside, which are ripe for abuse.
Finally, consider a cloud-based business VoIP service. At a fraction of the cost of on-premises private branch exchange (PBX) systems, a cloud-based VoIP service provides monitoring capabilities, account controls, built-in security and fraud-detection capabilities that can help small businesses stop hackers in their tracks.
Here at CTI Technology, we believe in helping people protect their companies. With one quick call we can help you discover efficient, secure, and cost efficient solutions for your business.
So what’s the hold up? Check us out at ctinc.com