Criminal hacker on computer

Criminal hacker on computer committing cybersecurity crimes such as ransomware, spoofing, spam and scam calls, fraud messaging and more.

What is PBX Hacking/Fraud?

PBX Hacking and Call Fraud is not a new telecommunications threat but is certainly one to be aware of.  PBX Fraud and Call Hacking usually involves a third party making international calls at the expensive of a business. Hackers gain access to the business’s PBX phone system and generate a profit from the international calls, leaving the business who owns the PBX phone system liable for payment.

 

Steps you can take to prevent against PBX Fraud

1.  Choose VoIP / SIP calling- VoIP phone service (SIP Trunks) have the ability to require a PIN code to place international calls or international calling can be disabled completely.   VoIP technology also includes automatic call logging which may help identify the extension being used to compromise the PBX and it may also identify the source of the external call.  Additionally, VoIP and cloud based phone systems, that utilize VoIP / SIP trunks for calls  typically have 24/7 call fraud monitoring tools that alert personnel once certain calling thresholds have been reached.

2.  Voicemail Passcodes- Change voicemail passwords frequently and do not use predictable PIN codes like extension numbers, the last 4 digits of your DID or generic PIN codes such as 1111 or 1234.

3.  Disable or Restrict Voicemail Call Thru-  Once hackers access the voice mailbox they change the Transfer Type to 011 IDD (International Direct Dialing Number) to allow international call transferring.  ACC recommends disabling Call Thru or set restrictions on the voicemail port to only allow call forwarding to local area codes.

4.  Do Not Place DID Lists on Internet– Do not place a complete list of direct dial contact numbers on your website.  This provides hackers with a complete list of company phone numbers that they can try to exploit.

5. Limit Voicemail Access Attempts– Do not allow unlimited unsuccessful attempts to enter voicemail- configure the system so that 3 unsuccessful attempts results in call failure / voicemail lock-out.

6. Disable Mailboxes– Disable an administrator, employee or contractor’s mailbox account when he or she leaves your company.

7. Schedule Regular PBX Checks– Schedule regular checks with your phone system administrator and form a regular risk mitigation strategy to limit any system vulnerabilities.

8.  Lock Your PBX Closet- Butt Set devices are commonly used by criminals to gain dial tone through copper phone lines and can even hear live phone conversations.  Since Butt Sets plug directly into the PBX, please ensure your PBX room is locked when not attended.

If you suspect your PBX phone system has been hacked or would like to talk about solutions to minimize your risks, please contact ACC Telecom or call 410-995-0101 immediately.

Since 1979, ACC Telecom has been serving the B2B telecommunications community with innovative products and services at a price point SMBs can afford.  Contact ACC Telecom today for your complimentary consultation on all of your business communication needs.

Skip to content