As more and more businesses turn to IP telephony resources for their communications needs, the obligation to address fraudsters and potential scams becomes increasingly urgent. Telecom fraud – like any other security threat or malicious attack that occurs via the internet – continues to persist and evolve. Scammers are becoming savvier in their prowling for easy targets.
Meanwhile, threats of cyberattacks continue to rise. The Communications Fraud Control Association (CFCA) reported in its 2017 survey of telecom fraud loss that organizations and carriers experienced $29.2 billion in losses that year alone. As long as scammers can find a way to profit, such malicious attacks will not go away.
To avoid falling victim, it is paramount that enterprises invest in the right technology to safeguard their business, as well as educate their workforce on how these problems occur and the best practices for addressing telecom fraud. By taking a proactive approach and emphasizing prevention, organizations can bolster their security efforts and mitigate the risk they face of potential scams in partnership with their cloud-based communication service provider.
3 Common Types of Telecom Fraud Businesses Face
- PBX hacking
One of the most common areas that telecom fraud occurs is through PBX hacking and toll fraud, which accounted for 13% of fraud losses in 2017. This type of fraud happens when scammers develop specially designed scripts and survey for open ports to hack into an enterprise’s telecom system. When a vulnerable area is found, the scammer will attempt to gain control by validating access with a common or default password.
Once in control, the scammer can reroute call traffic and generate a profit with redirects to phone numbers with per-minute charge rates as long as the connection is open. A simple remedy to PBX hacking is to close any open ports and strengthen the passwords – something many organizations neglect to do. Bolstering an enterprise’s phone-system security must be a priority to prevent this type of fraud from occurring.
Another leading area of telecom fraud is robocalling. The spam-monitoring service Hiya reported 26.3 billion robocalls were made to U.S. mobile phones in 2018, an increase of 46 percent from 2017. The rise in robocalls leads to people simply not answering the phone – which is problematic for businesses that rely on robocall services for legitimate purposes, such as banks, medical providers and package delivery services.
As a measure of preventing unwanted robocalls, the FCC has begun implementing the SHAKEN/STIR protocols. SHAKEN (Signature-based Handling of Asserted Information Using Tokens) and STIR (Secure Telephone Identity Revisited) cover a framework of standards that aim to address the accuracy of caller ID information. They help consumers authenticate calls received by digitally validating calls passing through carrier networks.
- Subscription fraud
Lastly, subscription fraud is a growing threat in which the scammer uses a stolen or false identity to open a new account or obtain access to an existing one and purchase items or services. Fraudsters typically take the identify of an individual or larger organization and have no intention of paying for the services they “purchase.”
Subscription fraud may also occur by utilizing bots to hack into a series of random accounts by trying standard passwords to gain access. Combatting this type of fraud is proving to be challenging. A Cybercrime Report covering Q1, 2018 from ThreatMetrix showed the growth rate in attempted fraud is surpassing legitimate transactions by 83 percent compared to data from Q1 2016. Fortunately, carrier networks are working toward strengthening authentication measures to lessen this type of fraud, while also monitoring for high usage or spending and sending notification alerts to customers.
How Businesses Can Eliminate Threats
There are a few steps every organization can take to minimize the risk they face when it comes to threats of telecom fraud. And often, these steps must be initiated from within the organization to ensure protection is maintained.
- Identify potential vulnerabilities. Work with the communication provider to determine any vulnerable areas in the network system and address them immediately. This will eliminate any potential avenues of access for scammers. It is also critical to ensure ports are secure and will not be susceptible to breaches.
- Change passwords. This cannot be stressed enough. Not changing default passwords or neglecting to make passwords as strong as possible only increases an organization’s likelihood of experiencing a malicious attack. Address the problem before it begins by ensuring the business has effective safeguards in place.
- Adopt SHAKEN/STIR. Work with service providers to understand which protocols they’ve adopted to detect fraud. If they haven’t implemented the FCC’s SHAKEN/STIR protocols, encourage the carrier to do so, or find a carrier that will. Proper screening and authentication will eliminate hacking and unwanted calls, while also protecting the business from cyberattacks.
Taking the appropriate measures to safeguard against telecom fraud is an ongoing effort. Scammers are always looking for new ways to profit off unsuspecting individuals and organizations. The key is to remain vigilant, educated and proactive to stay one step ahead of the bad guys.