Software-based IP communications continue to grow in popularity because of the added reliability, reach and control they allow businesses to have over their telecom resources. However, as more developers continue to transfer enterprise communications from legacy telcos to cloud-based service providers, the threat of telecom fraud and cyber-attacks also rise.
According to the Federal Trade Commission, telecom fraud continues to account for more and more consumer complaints each year. A single telecom fraud event can cost a company up to $3,000 to $50,000, having lasting detrimental effects on the company’s customer relationships and ultimately its corporate reputation.
Fraudsters will often time attacks to occur during off-hours when employees are not in the office. This allows the fraudulent calls to go on for hours, running up a hefty bill until the activity is detected and stopped. Scammers will often reroute calls from the company to numbers around the world, increasing costs by tacking on international fees.
Business can avoid falling victim to fraud by partnering with their IP communications carriers to better understand what telecom fraud looks like and how it can be prevented. Companies should consider the following best practices to help ensure enterprise networks and services stay protected.
1.) Spot fraud to avoid it
One of the ways to avoid fraud is to know how to identify it. Four commonly reported types of fraud include:
- Premium route fraud: which routes calls at premium rates, often to international destinations;
- Identity fraud: where hackers impersonate an individual or business, misattributing calls from their account. This fraud is also called caller ID spoofing and often includes voicemail hacking;
- Inbound toll-free fraud: which places a call and then plays unrecognizable audio on the line, forcing the call recipient to stay on the line longer (extending the call and costs) all while the call recipient ties to understand the situation;
- Black/grey routes: where fraudsters steal and resell SIP trunking accounts to provide inexpensive calls to specific countries or destinations.
2.) Set and define calling parameters
This includes setting a maximum default rate for outbound calls and creating call limits in a destination whitelist. By setting a maximum outbound rate, the business has total control to block any calls that try to connect to a destination outside of the approved parameters. These parameters may differ for every company and can be altered as calling needs and traffic patterns change. The destination whitelist acts as an exception to the rule-book, explicitly defining the destinations that can be called, regardless of predefined outbound rates. Defining countries on this list will set security parameters that prevent charges from accruing if there is a breach or the network is hacked.
In order to see successful results with both of these tools, it is important to assess the normal traffic that the account serves. This will define the rate cap and whitelist parameters that will best suit the company’s requirements. The more selective companies are with setting their rates and parameters, the more effective they will be in preventing fraud attacks.
3.) Enable IP-based authentication for outbound calls
If a company’s phone system has a static IP address, consider setting up verification filters for outbound calls as a way to further secure the account. This will restrict access to telephony resources from internal IP address, allowing only people within the authorized network to place calls or send messages.
If the network requires multiple mobile users logging on from dynamic IP addresses, consider creating a blacklist of IP addresses that have been identified as potential hackers. This can be done by utilizing a third party tool that will help monitor log files and automatically block IP addresses that are unfamiliar or have failed a certain number of password attempts. These efforts will help to create dynamic fraud protections for the network and account.
4.) Conduct security audits
If a business operates one or more PBX systems on public IP addresses, it is recommended that the company conduct an annual security audit of the system to ensure that fraud controls are still aligned with traffic patterns, reflects the company’s risks and will not result in service interruptions. Annual audits will also protect the account from fraudsters roaming the web looking for susceptible targets.
Business can never place too much emphasis on fraud protection. Security is only as good as its weakest link; therefore, communications are only as safe as the cloud-based service provider can provide. If carriers are struggling to satisfy the requirements listed above, enterprises should consider reassessing providers to safeguard their customers and business. Having this proactive approach will keep the company a step ahead of fraudsters and potential threats.