Telephone fraud (dial through fraud) is on the increase with extremely intricate syndicates working to attack users and ultimately make financial gain at the customer’s expense. At Rainbow Communications we are committed to minimising the risk and making our customers aware of the potential avenues that these criminals will look for and exploit.
Though Rainbow Communications checks call logs daily (Monday- Friday) to try to identify any fraudulent activities, this cannot guarantee against its detection and or costly bills. As soon as you suspect any fraudulent activity contact us immediately, we may suspend your service and in extreme circumstances may terminate your agreement. You should also notify the Police using the Action Fraud website or by dialling 0300 123 2040.
You should also register an up to date and accurate out of hours contact with your service provider.
Dial Through Fraud can affect any business. Taking a few simple steps can limit the risks and the consequences of your system being hacked.
Essential Precaution 1 – Apply Network Level Call Barring
We would strongly recommend using network level call barring (where applicable) and restrictions to control destination access should a breakout call occur (i.e. International & Premium Rate Numbers) and bar all out of hours calls, except 999.
Essential Precaution 2 – Protect Your Voicemail
- Use strong pin/passwords for your voicemail system, ensuring they are changed regularly;
- If you still have your voicemail on a default pin/password change it immediately;
- Disable access to your voicemail system from outside lines. If this is business critical ensure the access is restricted to essential users and they regularly update their pin/password.
Essential Precaution 3 – Restrict Access To Internal LAN
If your phone system is connected to your LAN. Restrict internet access to your phone system on all routers connected to your internal LAN network.
Twenty Three Easily Implemented Steps to Protect Your Telephone System
- Treat system access procedures as confidential and store them securely;
- Change access codes, when staff leave your organisation;
- Change the default manufacture/vendor access codes to an alpha numeric combination and do not use common organisation codes;
- Consider using variable length combinations;
- Limit how many people know these codes;
- Regularly change your access codes;
- Restrict the number of failed login attempts, ideally to three, before an alert is raised or the system locks out;
- Never use the telephone number as the access code;
- Do not give Direct Inward System Access (DISA) to 0800, 0500 or equivalent numbers;
- Scrutinise your call logging reports and itemised bill to identify increases in call volumes or calls to suspicious destinations;
- Bar country codes that you have no requirement to call, click on the following link for the Top Fraudulent County Dialling Codes Sheet1;
- Restrict all numbers that employees should not need to dial. International, premium rate, non-geographic and 07 personal numbers;
- Restrict after hours, weekend and holiday calling,
- Use Calling Line Identification (CLI);
- Change the number of ring cycles or use a time delay between call arrival and answer;
- Use a dial back feature for maintenance;
- Deny DISA access to system features (i.e. Leased Line Routes or PSTN numbers), remove access at certain times of day or restrict features DISA PIN users can access;
- Provide call logging that records outgoing call attempts from DISA including the PIN used;
- Provide a history file for DISA access attempts;
- Force password change after failed attempts and after a period of time;
- Disable the remote access port when not in use;
- Where DISA can access security features whilst the system is operational, a password and call back can be used;
- Be vigilant against people posing as a company employee and asking to be connected to a switchboard operator to get an outside line.
- Disable access to your voicemail system from outside lines. If this is business critical ensure access is restricted to essential users and that they update their pin/passwords regularly.
(THESE MAY NOT BE AVAILABLE ON ALL SYSTEMS)
Rainbow can conduct an audit of your telephony systems security and can implement any recommendations that your system supports, please call us on 0800 018 8082 to book an appointment (charges will apply). Please note this does not pass the liability of any dial-through fraud to Rainbow Communications, the liability remains with you the customer, but will reduce the risk of the fraud occurring.
If it is of concern some insurance providers may offer a Crime Insurance Policy to help mitigate against these frauds.