What is PBX Hacking/Fraud?
PBX Hacking/Fraud is not a new telecommunications threat but is certainly one to be aware of. PBX Fraud/Hacking usually involves a third party making international calls at the expensive of a business. Hackers gain access to the business’s PBX phone system and generate a profit from the international calls, leaving the business who owns the PBX phone system liable for payment.
If you suspect your PBX phone system has been hacked or would like to talk about solutions to minimize your risks, please contact ACC Telecom or call 410-995-0101 immediately.
Steps you can take to prevent against PBX Fraud
1. Choose VoIP- VoIP phone service (SIP Trunks) have the ability to require a PIN code to place international calls or international calling can be disabled completely. VoIP technology also includes automatic call logging which may help identify the extension being used to compromise the PBX and it may also identify the source of the external call. VoIP phone lines are now available for ANY phone system- no phone system upgrades required. Contact ACC Telecom or call 410-995-0101 to learn more.
2. Voicemail Passcodes- Change voicemail passwords frequently and do not use predictable PIN codes like extension numbers, the last 4 digits of your DID or generic PIN codes such as 1111 or 1234.
3. Disable or Restrict Voicemail Call Thru- Once hackers access the voice mailbox they change the Transfer Type to 011 IDD (International Direct Dialing Number) to allow international call transferring. ACC recommends disabling Call Thru or set restrictions on the voicemail port to only allow call forwarding to local area codes.
4. Do Not Place DID Lists on Internet– Do not place a complete list of direct dial contact numbers on your website. This provides hackers with a complete list of company phone numbers that they can try to hack into.
5. Limit Voicemail Access Attempts– Do not allow unlimited unsuccessful attempts to enter voicemail- configure the system so that 3 unsuccessful attempts results in call failure/voicemail lock-out.
6. Disable Mailboxes– Disable an administrator, employee or contractor’s mailbox account when he or she leaves your company.
7. Schedule Regular PBX Checks– Schedule regular checks with your phone system administrator and form a regular risk mitigation strategy to limit any system vulnerabilities.