There is very important information on the page below relating to Telecommunications Hacking. Please read it carefully as it forms part of the information you need to know before you proceed with a Hosted Voice Solution from QCS Group.
What is Telecommunications Hacking?
Much like Computer Hacking or any other type of hacking, Telecommunications Hacking is defined as the use of telecommunications services without the owner's consent or knowledge. This industry-wide problem has been on the rise in recent years – impacting businesses that either own or operate Hosted Phone Systems, PABX's or Voice Mail Systems. The hackers gain access undetected and make unauthorised domestic and/or international calls which result in unauthorised costs being incurred by the owner of the phone system.
How it happens.
A hacker can compromise unprotected telecommunications equipment by dialling or logging in remotely to gain access to your communications system. Systems which have poorly secured or unsecured remote access options such as Voicemail, or DISA (Direct Inward System Access) are exploited and once having gained access, redirects calls to anywhere in the world. The hacker may then masquerade as a service provider offering international access, or often generate large volumes of calls to their own “Premium” services. The hacker generates revenues using your assets – resulting in substantial charges to your company.
As the Service Owner, you are responsible for the administration and security of your Phone System. This includes both physical security of PABX and Handsets, as well as Passwords and PINs used for remote access premises based equipment of Hosted Phone Systems.
In some circumstances, QCS Group may become aware of possible systems hacking or fraud, and as a matter of courtesy, provide you with notification, however we will only become aware after the fraud has been committed.
No responsibility will be taken by QCS Group where your systems security has been breached. You will be required to pay for any charges generated as a result.
Reduce Your Risk
Protecting your business assets from fraudulent use is best determined in consultation with your systems' maintainer or administrator.
QCS Group recommends that your systems' security regime include the following measures:
- Change default codes and passwords immediately once a service is activated.
- Don't choose obvious passwords i.e. extension number, 1234, Company name.
- Educate your staff on the importance of keeping codes and passwords confidential.
- Enforce company policy to regularly change PINs and passwords.
- Limit the number of employees with authorisation to set up new codes and passwords.
- When a member of staff leaves the company cancel their access rights.
- The External Call Forwarding feature for the Voice Mail System should be disabled, unless specifically required by a staff member.
- Disable any feature not in use that may be accessed remotely
- Delete any voice mailbox services that are not required.
- Only authorised personnel should have access to the phone system equipment.
- Keep phone system hardware in a secure place with restricted access.
- Ensure you have adequate barring levels placed on your phone system, for example bar 1900 calls or international calls.
- If your PABX has DISA enabled (Direct Inward System Access), then only limited specific staff should have access to that feature.
- Unused extensions should have their access rights deactivated.
- Check your phone bill for any unusual call traffic
Signs to look out for
Some of the warning signs that your systems' security has been compromised include but are not limited to:
- Large call volumes at night, weekends or public holidays;
- IDD calls to destinations you usually don't dial;
- An unusually high number of short duration calls;
- Difficulties (Busy or delays) with retrieving Voicemail messages.
Hacking and fraudulent use results in unauthorised call charges billing directly to your account. As a business, you are responsible for maintaining the security of your hardware.
You will be liable for all charges incurred on your account. For further assistance, contact your phone system maintainer or administrator to help minimise the risk of hacking.
Anyone with a communications system, either premises based PABX or a Hosted Phone System is at risk.
The following examples highlight the need to improve your systems security.
It's your responsibility to ensure the security of your communications system, failure to take security precautions could cost you a large amount.
For further information on PABX fraud call QCS Group on 1300 858 723.