Tips for avoiding "gifts" that you'd rather not receive this time of year.

The holiday season is always a great time to reflect on our lives and the year just gone by. It brings back childhood memories, thoughts of loved ones and ... toll fraud. While the joy of the holidays and the pain of toll fraud may not seem to go together, it just might be the perfect time to start planning your defense against this criminal $3-5B industry according to analysts.

It's said that there are basically two types of businesses out there, ones who have already been hit by toll fraud, and ones who will be hit in the future. Toll fraud comes in three common flavors - equipment based, network based and espionage/human engineering based. The more you know about these the better you can protect yourself and your company.

Equipment based toll fraud typically comes from a lack of security for your PBX and Voice Mail systems. In may cases, these clever thieves know more about manipulating your equipment than you do and can very quickly obtain access to your systems for their own financial benefit. The following is a brief list of things you can do to minimize your vulnerability in this area.

Physical Security: Make sure your equipment rooms and wiring closets are secure. An unlocked room is like walking around with a "Kick Me" sign on your back - eventually someone will do what it says. Never allow anyone you do not know into your equipment rooms or wiring closets, even if they claim to be from your service provider or the phone company, without first verifying their credentials.

Password Security: Remove all factory default login IDs and passwords from your system. Make sure passwords are as long as possible and changed a minimum of 3 to 4 times per year.

Dial-Up Security: Consider disabling maintenance modems, or at the minimum configure them not to answer until after 3 to 5 rings because a common fraud technique is to have auto dialers randomly hunting for modems. You may also wish to consider purchasing port security devices or call back modems.

Call Transfer Security: Disable trunk-to-trunk connections in the PBX, voice mail transfer capabilities to external numbers, and auto-attendant transfers to 9XXX of 8XXX extensions.

Dialout Restrictions: Limit access to international dialing as much as possible, and consider implementing time of day restrictions as well. Unless you do business in the Caribbean, it's a wise precaution to restrict the following area codes: 264, 268, 242, 246, 441, 284, 345, 767, 809, 473, 876, 664, 787, 869, 758, 784, 868, 649 and 340.

Block 900 Numbers: Consider blocking 900 numbers at your switch. If you have legitimate needs to call any specific numbers, you can set up routing to match the full 10 digit number for these valid services. Block the 976 exchange for all area codes as these are heavily used for sex lines and often result in high 3rd party charges.

Remote LD Users: If you are still using features such as Direct System Inward Access that allows traveling employees to access to your system for their LD calls, STOP! Consider issuing them calling cards or cell phones with free LD instead.

Network based toll fraud typically comes from the use of calling cards and toll free numbers. Since most businesses rely of these necessary servers to conduct business, the only thing you can do is minimize your exposure in this area through the following:

Toll Free Inventory Controls: Keep track of all toll free numbers used by your firm, and disable any that are no longer needed or in active use.

Inbound Pay Phone Access: Consider blocking pay phone access to some or all of your toll free numbers as this is a major source of fraud. For more information please read Pay Phone Scams are Costly.

Calling Card Controls: Keep track of all calling cards issued to employees. Make sure that HR informs you when these employees leave your company, so you can deactivate the card. Also, route the call charges to employees so they can help you spot calls that they did not make. For more information please read Savings Tips On Phone Cards.

Circuit Inventory Controls: This sounds too simple to be a problem, but it is for many companies. If you close a facility, make sure to cancel all phone lines and confirm with your LD provider that those numbers no longer belong to you.

This is perhaps the hardest of the three types of fraud to protect yourself from since it relies primary on human nature but you can at the very least do the following:

Protect Privacy: Remind employees with calling cards that thieves are always lurking about at crowded locations such as airports. Have them use care to block the view of anyone that would want to steal their PIN numbers.

Paper Disposal: Are you aware of your company's policy with respect to trash? Properly dispose of all phone bills, outdated network documentation and in-house telephone directories to prevent "dumpster divers" from gaining valuable information regarding your network.

Protect Documentation: Keep network documentation out of sight from visitors, cleaning crews and others who might have access to your general work areas.

Unusual Call Types: Inform your employees to be on the lookout for suspicious inbound calling patterns such a sharp increase in wrong numbers, requests to be transferred within the systems and incoming calls with "modem tone" to their phone number.

Information Requests: Never give out network information over the phone unless you know who is on the other end. If you get a call from someone claiming to work for your maintenance company of the phone company, insist on calling them back at their office.

Email Requests: Never answer any inbound E-mail requests for information by following a web link. This is a "phishing" tactic often used to gain information on your network.

Returning Messages: Inform your employees to never respond to a page, or return calls, to a 900 or Caribbean number unless they recognize the number as valid.

The Australians say you should "Dig your well before you need the water". Since charges for fraud calls can easily rack up into the thousands of dollars an hour, you need to have your plan in place ahead of time. Here are a few more things to consider that can minimize your chances of getting hit hard:

Conduct A Thorough Review: Consider having a security review of your systems. Two options are to hire an outside consultant or bring in your maintenance provider.

Involve Your Vendors: Discuss this issue with your network and equipment providers and find out what steps they can take to protect you. Many providers offer services to monitor calls and notify you of any suspicious patterns.

Check Your Bills: Toll fraud calls have very clear patterns in most cases. Closely monitor your LD bills and look for any unexplained increases, excessive international or after-hours calls, or high pay phone originated calls to your toll free numbers.

Maintain Accurate Documentation: Keep up-to-date and detailed documentation of routes in your PBX, call flows of your auto attendant system, access codes for your voice mail, maintenance modem numbers, account numbers and a list of all toll free numbers assigned to your company.

Be Ready To Act: Documentation for your plan should include 24 hour emergency numbers for reporting suspected fraud to your network and equipment providers.

With all of those issues taken care of, you can go out and enjoy your holiday traditions with peace of mind. Except for the full combat shopping trips and compulsive over-eating, that is.

Click Here for more information on Contract Negotiation services from TelAssess.
To ask one of our experts a question (no cost, no commitment), click here.

©2004, TelAssess, Inc. All rights reserved.
This email newsletter may be forwarded in its entirety without permission.
Questions? Call us at 800.657.1595