Is your business at risk of fraud this Christmas?
Telecoms fraud is four times bigger than credit card fraud and costs UK businesses more than £1.5 billion a year. With companies especially vulnerable over the Christmas period, we look at the UK’s largest source of fraud and set out some tips on how to avoid it.
Telecoms fraud is big business. It dwarfs credit card as a source of illegal income yet it receives few headlines. That’s surprising when you look at the numbers.
The estimated global loss due to telecoms fraud in 2015 was $38.1 billion, and of that £1.5 billion was borne by UK businesses. The average cost to each victim has been estimated at £10,000, but this may be understated. A BBC Radio 4 report stated that in just one month in 2013, 40 companies reported telecoms frauds costing on average £21,000.
Those numbers become more alarming given that up to 84% of UK businesses are vulnerable to being hacked.
What is it and how does it work?
Sometimes called ‘phreaking’, it is the practice of hacking into a telephone system to obtain free calls. It takes several forms and has other names, one of which is ‘dial through fraud’, describing one of the most common telecoms frauds in the UK.
Fraudsters will set up the fraud by finding a business with voicemail or that lets its staff call in from outside the office to make external calls. They then exploit weak passwords to gain access to the system and start the fraud. Typically, fraudsters will make calls to overseas premium lines they have set up themselves or sell access to the system to individuals to make international calls.
Most Victims are Oblivious
Most victims are oblivious to the fraud until they receive their next bill. The fraud is usually run in the evenings, on weekends and during holiday periods when it is less likely to be detected. That makes businesses especially vulnerable over holiday periods. Imagine the costs that could be run up through a business that is closed from Christmas Eve until the New Year!
Channel 4 news reported the case of Hambleton District Council losing £30,000 in two days over Christmas Day and Boxing Day a couple of years ago. Hundreds of calls were made through the council’s exchange to places such as Ethiopia, Pakistan and Bosnia.
The council had no option but to pay the bill. Liability for phone charges rests with the account holder, as they are responsible for the system’s security. In one case reported in The New York Times, an architect’s practice in San Francisco was lumbered with of bill of $166,000 run up over a single weekend.
What can you do to try to prevent it?
The best thing you can do is get a telecoms expert to check your security and Opus would be happy to help with this. In the meantime, the following steps will help reduce your exposure:
- Change all passwords regularly and use the most stringent password settings available. Avoid obvious codes such as the extension or easy to remember combinations such as 9999, 0000, 1234, etc.
- Consider limiting who is allowed to make international calls or calls to premium lines.
- Review calls by extension to check for unusual patterns or anomalies.
- Change the passwords on unused mailboxes or extensions of employees who have left the company.
- Block out-of-hours calls.
- Make sure you understand exactly how the system and its security works. If in doubt, speak to your telecoms provider.
- Put in place daily or weekly limits and alerts on call spending with automatic call barring when thresholds are exceeded.
If you have concerns about the security of your telephone system, please contact us by calling
0800 316 7566.