What is Call Hacking?
Call Hacking refers to criminals that hack into office telephone systems to utilize the company’s phone lines in order to place unauthorized international calls.
Once the criminals have access to the hacked mailbox, they use a feature called ‘Call Thru’ that allows them access to your phone lines to place unauthorized international calls– racking up thousands of dollars in international usage.
How can I prevent my PBX system from being hacked?
There are immediate and long-term steps that you can take to help prevent Call Hacking.
1. Change Your Voicemail Passwords Immediately & Frequently. DO NOT USE PREDICTABLE PASSWORDS SUCH AS YOUR EXTENSION NUMBER, LAST 4 DIGITS OF YOUR DID, “0000”, “1234”, etc.
2. Disable International Calling with your Carrier. If this is not an option for your business, ask your Carrier if a PIN code can be enabled when placing international calls.
3. Disable ALL Default Mailboxes. Contact your phone system provider to see if your system has active default mailboxes such as 999, 990, etc.
4. Disable or Restrict Voicemail Call Thru– Once hackers access the voice mailbox they change the Transfer Type to 011 IDD (International Direct Dialing Number) to allow international call transferring. We recommend disabling Call Thru or apply restrictions on the voicemail port to only allow call forwarding to local area codes.
5. Limit Voicemail Access Attempts. Do not allow unlimited unsuccessful attempts to enter the voice mailbox- configure the system so that (3) unsuccessful attempts result in call failure/voicemail lock-out.
6. Consider Switching from Landlines to Voice over IP. Business VoIP phone service (also known as SIP Trunks) offer certain security features that landlines just cannot. This includes the ability for real-time monitoring, alerts & action, PIN-code protected international dialing and the ability to disable international calling completely or restrict certain times and days from placing international calls. VoIP technology also includes automatic call logging which may help identify the extension being used to compromise the PBX and it may also identify the source of the external call.
7. Do Not Place DIDs or Extension Number Lists on the Internet. Do not place a complete list of direct dial (DID) contact numbers or extension numbers on your website. This provides hackers with a complete list of company phone numbers and extensions that they can try to hack into.
8. Disable Mailboxes Immediately When Employees Leave Your Company. Disable an administrator, employee or contractor’s mailbox account when he or she leaves your company.
9. Schedule Regular PBX Checks. Schedule regular checks with your phone system administrator and form a regular risk mitigation strategy to limit any system vulnerabilities.
10. Lock Your PBX Closet. Criminals commonly use ‘butt set’ devices to gain dial tone through copper phone lines and can even hear live phone conversations. Since butt sets plug directly into the PBX, please ensure your PBX room is locked when not attended.
11. Consider Upgrading Your Digital Phone System. Outdated technology, including older types of digital phone systems, are not capable of receiving new security enhancements since most of these models are no longer manufactured. Moving to Virtual PBX software will provide automatic security updates so you’ll always have the latest and greatest security enhancements.
We highly recommend upgrading to our 3CX phone system because the 3CX has set a new standard for PBX security by encrypting voice traffic via SRTP, detection and auto blacklisting of SIP Attack tools, provisioning phones via HTTPS, connections to client and console via SSL, and has received an A+ rating from SSL lab.
The 3CX also uses anti-hacking algorithms to block IP addresses automatically that are attempting SIP connections or admin type connections that make it through the firewall. Security enhancements are pushed to the system and can be updated automatically or manually. The 3CX provides real-time alerts of any anti-hacking attempts and SIP Trunk status, as well as the overall health and service status of the system.
If you suspect your PBX phone system has been hacked or would like to talk about solutions to minimize your risks, please contact ACC Telecom or call 410-995-0101 immediately.
For over three decades, ACC Telecom has provided voice and data telecommunications and security solutions to businesses throughout Maryland, Washington DC, and Northern VA.