Q. How do you know when you’re Phone System has been hacked?
A. When you get the phone bill!
In a reoccurring theme, The Salem News reported today about a small business in Ipswich MA. called Todd Tool and Abrasive Systems whose phone system was hacked during a four day period to the tune of $ 891,470 worth of phone calls. Even though Todd Tool was a Verizon customer the hackers used a dial around long distance service that placed the calls through AT&Ts network. The Salem News also reported that Verizon who was the service provider for Todd Tool, noticed an unusual amount of calls being made and shut down the ability to make these types of calls. Verizon ended up writing off $ 260,000 worth of calls. AT&T also had calls made through their service but they are not going to take a write off and they have filed a $1.15 million dollar law suit against Todd Tool for the calls. If AT&T wins in court, according to Michael Smith the owner, it could mean bankruptcy for Todd Tools.
I decided to ask telecom guru Rick Trinidad what a business could do to prevent hacker from doing the same thing. Below is a list of suggestions.
- Hire a company to do a thorough security analysis of your phone system security. If you can’t afford a $ 12,000.00 phone bill you might really need this.
- Make sure your voice mail system does not have the default passwords and that out bound calling features are turned off or addressed. Many voice mail systems can make out bound calls to notify you of messages. This can be used to make calls through your phone system.
- Old voice mail boxes need to be deleted. If you r like most companies people come and go but voice mail boxes remain active and do not get removed. Delete all old voice mail boxes.
- DISA is a phone system feature designed to allow companies to use their phone systems to place out going calls remotely. DISA or Direct Inward System Access allows just that. Access to your phone systems telephone lines through the phone system. It was developed long before Cell Phones as a way to reduce old expensive telephone calling cards. Really a favorite among hackers.
- Auto Attendant used for routing calls can also transfer calls to off-site locations make sure if you aren’t doing this that this feature is turned off. If you are using it this feature change your passwords frequently.
- Call forwarding to outside numbers is another feature while wonderful for working remotely leaves open a window of opportunity. Make sure who ever needs this feature really needs it and make sure this feature is turned off for everyone else.
- Operator transfers are another way hackers can use your phone lines to make calls. A caller posing as a telephone company repairman will call and say he is testing the phone lines and if the operator would please transfer them to 910333 or 910XXX— these are access numbers to Sprint or any other phone company to make calls direct through your lines through the phone companies network. The phone company will then bill back the call to you at the most expensive calling rate. For more on this check out Sprint’s Corporate security guide.
- Old Direct Dial Numbers that are no longer being used should be removed for your phone systems numbering scheme until needed again. Hackers are looking for anyway in to your systems.
- Conference Call Systems and Conference Bridges should be password protected. Hackers can get in to conference bridges to listen to sensitive corporate information. Use in house bridge as opposed to an out side conference call service for maximum protection. An in house conference bridge can be placed behind your company’s firewall and passwords can be changed for every conference.
- Call Accounting Software such as Tapit Call Accounting can help reduce un authorized phone calls. The Tapit Fraud alert module alarms you when set calling parameters are being breached by sounding an alarm and a text message.
For more information on how to avoid phone system hacking call 800-335-0229 or visit www.telcom-data.com