Enterprise voice fraud is skyrocketing, with a year on year increase of 113% globally from 2016 to 2017, according to fraud analysis specialist Pindrop Labs. Call centres were identified as the nexus of fraud activity, with one in every 937 calls identified as fraudulent in 2017, versus one in every 2000 last year.
The adoption of IP has given fraudsters an attractive attack vector, with around 45% of fraudulent calls made using VoIP lines. However, as enterprises and technology have collaborated to improve digital defences, fraudsters have moved into the riskier world of social engineering to get access to phone systems.
Losses can add up quite quickly for victim organisations. In 2016, global average fraud losses were $0.58 per call, with some companies making or receiving tens of thousands, even millions, of calls per year. Security is typically down to the enterprise IT team or CISO, which are facing an ever increasing amount of security challenges, with banks and brokerages, insurance and retail among the hardest hit sectors.
Colt has experienced a rise in the number of requests for help addressing voice fraud in recent months, and has identified several warning signs that your system’s security might have been compromised. So look out for:
- Abnormally long calls or an unusually high number of short duration calls
- Calls to unknown destinations
- Repetitive calls to the same number
- Large call volumes at night, weekends or public holidays
- Difficulties (busy or delays) with retrieving voice mail messages
If you think you are experiencing fraud, are concerned about potential fraud or are contacted by Colt about suspected fraud on your infrastructure, it is recommended that you follow these steps to protect your PBX. In most organisations, the need for general security guidelines for IT Infrastructure as well as the physical access to buildings is well documented. These guidelines include restricting access to equipment, including comms room and master terminals, limiting the number of employees with authorization to set up new codes and passwords, cancelling access rights when members of staff leave the company, or ensuring that all security features (such as passwords and PIN) are changed following installation, upgrade and fault/ maintenance (including resetting password defaults).
Key tips for preventing voice fraud
- Remove or de-activate all unnecessary system functionality including remote access ports. If remote access ports are used, consider using strong authentication such as Smartcards/Tokens. Restrict destinations such as Premium Rate, International or Operators including Directory Enquiries.
- Review PBX call logging/ reporting material regularly and analyse these for increases in call volumes or suspicious destinations.
- Ensure that all security features (such as passwords and PIN) are changed following installation, upgrade and fault/ maintenance (including resetting password defaults). Limit the number of employees with authorisation to set up new codes and passwords.
- System security and configuration settings should be reviewed regularly. Any vulnerabilities or irregularities should be followed up.
- Be vigilant against bogus callers such as those posing as a company employee who ask to be connected to switchboard operators to obtain an outgoing line.
John Baldwin is Colt’s Director for Enterprise Voice