MSPs have an increasing amount of cyber turf to defend with the rapid proliferation of IoT devices and interconnected networks. Add to the mix the arsenal of weapons the bad guys have, and an MSP could be forgiven for overlooking an old threat that has repurposed itself for today’s world: the phone. Notably, “toll fraud.”
What is old, is new again
Various forms of toll-fraud have been around since the 1950s and 60s. In the 1970s, hackers figured out how to manipulate internal tones used to route long-distance calls. Once they figured out how to do that, expensive long-distance calls could be made and billed to someone else. As the United States did away with tones and switched to computerized relays, hackers regrouped and started targeting those too.
In 2015, toll-fraud cost telecommunications companies and other victimized businesses $38.1 billion. With so much money at stake, it’s no wonder hackers find toll-fraud profitable.
Smarter MSP checked in with Dr. Esa Alsumiri, a cybersecurity specialist based in Saudi Arabia, for his take on how MSPs can defend their clients against toll-fraud.
What are the most common forms of toll-fraud?
Alsumiri says the two to keep an eye on are:
Pbx hacking: This is when a business’s internal telephone network is breached, and hackers use it to place expensive toll calls to numbers they own, so that they receive a portion of each dollar in toll charges that they steal.
Account takeover: A hacker gains access to an account used a compromised password, usually, and then starts making expensive toll calls.
“This is hacking by way of accessing your phones, networks, products, and services to make fraudulent long-distance calls on expensive routes without your permission,” Alsumiri says,
Mark Collier’s VoIP blog details an account of an attack against a small business owner that resulted in some 9,000 calls costing $150,000. Last summer, the Globe & Mail in Toronto reported that a small marketing firm that usually has a $250 a month phone bill received a surprise: a $60,000 phone bill.
The Globe & Mail reported: “Fraudsters set up revenue-generating numbers around the world — similar to 1-900 numbers in North America — and then hack into phone systems in places such as Canada. They use those phones to call the money-maker lines over and over again, racking up fees.”
Many carriers put the blame on the small businesses for not protecting their PBX networks, while victimized companies stuck with the bill blame the carriers for not policing the problem more robustly.
Most of the victims of toll-fraud are SMBs who rely on often outdated equipment to handle their phone calls. With all the advances in cyberspace, companies often put upgrades to their phone systems on hold.
Signs of toll-fraud
Toll-fraud can be very difficult to detect and sometimes isn’t spotted until a business owner receives an eye-popping bill from their carrier. Phone fraudsters will spend time “casing” a business’s telecommunications habits and hygiene. Often, toll fraudsters wait until the weekend to strike when people may not detect it immediately.
Other signs to watch for include:
- Unusual activity at off-peak times on your phone lines.
- Incoming calls from and outgoing calls to places that are not typical.
- Complaints from customers that they can’t get through because lines are always busy.
- Increase in sudden “hang up” calls.
- Sudden changes in normal calling patterns.
What should MSPs do?
Some absolutists say that MSPs don’t have much of a role to play in preventing toll-fraud, calling it a “phone company problem.” Still, with older phone relaying systems becoming increasingly integrated into the modern connected ecosystem, MSPs can and perhaps should safeguard clients against toll-fraud using tools already in most MSP toolkits. Toll-fraud protection can be priced in as a value-added service in an MSP’s comprehensive service package.
Alsumiri suggests the following steps that MSPs can take:
- Blocking specific country prefixes — If 98 percent of a client’s business is in the United States, consider blocking calls from countries where toll-fraud origination has been proven and problematic. The top 5 countries for toll-fraud calling origination are: Cuba, Latvia, Somalia, Lithuania, and Guinea. If it is unlikely a client’s business would suffer if calls from Lithuania are blocked, consider a risk assessment, and block accordingly.
- Using Session Initiation Protocol (SIP) to create firewalls that assist in protecting VoIP phone systems from fraud — This is a crucial step. Most companies would never leave data exposed by not having a firewall, but many businesses don’t give a second thought to leave their phones vulnerable. MSPs can step in to fill this void. Also, reduce ports exposed to remote access as much as possible.
- Use call analytics platform with fraud detection — Tollring’s iCall Suite is a good example.
- Ensure appropriate setup and monitoring for your PABX, PBX, or switchboard — Review authentication rules regularly.
Even by taking these steps, stopping toll-fraudsters completely is a tall order. “Toll fraud like all cybersecurity threats will persist and become more sophisticated,” warns Alsumiri.
Chase Cotton, a cybersecurity instructor at the University of Delaware, sees toll-fraud diminishing the value of phones in general.
“I’m a technology guerilla warrior against scammers and telemarketers (well, at least those calling me), and several months ago had an inspiring conversation with an FCC executive about their concern about how junk phone calls have pretty much killed all the value in having a phone, at least for making voice calls,” details Cotton. Add to that, toll-fraud, in the form of fraudulent cross-charging of services that is happening to smartphones and Cotton describes the problems as rampant.
MSPs can play a role in stopping toll fraud. Still, all of these phone threats almost make one wish for the days of the single landline.
Photo: Anucha Cheechang / Shutterstock