TDP Holdings

PABX Fraud - How To Protect Your Business

PABX Fraud, also known as Toll Fraud, causes multi-million dollar losses to organisations each year. This is now beginning to have a substantial impact on business' in Australia.

This is important information on how you can better protect your business against unauthorized PABX access.

Toll fraud is, and should be, a concern for any business with a PBX. There are many scams that hackers may use to attempt to hack your PBX, potentially costing your business thousands of dollars. The purpose of this article is to discuss what Toll Fraud is, how to minimise any risks and what TDP can do to help.  For a quick overview, download the document below.

Who Pays The Bill?

PABX fraud results in substantial unauthorised call charges being incurred on your telecommunications accounts.

As a company, you are responsible for maintaining the security of your phone system. In some instances, your carrier may alert their customers to possible PABX security breaches, but it is not responsible for the security maintenance on your system. Likewise, TDP is limited to advising you of the possible threat and ways in which you can better protect your particular phone system.

No responsibility will be taken by TDP Communications should your PABX system become compromised. At the end of the day you will be required to pay any charges generated as a result.


How Do They Do It?

PBX toll fraud is very big and very organized. The "hackers" have their own communication network on the Internet. These "hackers" have experience with several well known PABX brands. Some of them have even programmed PABXs, voice mail systems, ACDs and other telecommunication equipment. They know how to enter your system, access passwords and manipulate data, long-distance routing tables and even "personal" mail boxes.

Hackers fraudulently use a company's PABX system to make long distance telephone calls, usually to obscure international destinations at no cost to themselves. The costs are bared by the organisation and can be quite considerable.

The more sophisticated PABX systems become, so do the hackers and their software. Hackers exploit weaknesses in the company's PABX system by figuring out voicemail passcodes and gaining access via the 'Direct Inward System Access' (DISA) point of the PABX. Once they penetrate the voicemail they are then able to make international calls.

The fraudsters will often then either on-sell the calls as a phone operator themselves or they may even divert the calls to their own premium rate services. Both methods derive income for the hacker, while the business is left with the bill. Due to the unlimited numbers of lines that most PABX systems have, the cost to the business can escalate rapidly as many calls can occur during any one time. The hacker will often breach the system late at night when the business is not operating so they can attempt to avoid detection.


How To Protect Your Business:

Here are just some of the ways that you, personally, can protect your system:

  • Regularly change your personal and group voicemail box passcodes
  • Do not use default passcodes such as '0000' or '1234'
  • Block all international calls access unless absolutely necessary
  • Block international call access to countries that you don't usually dial
  • Ensure your PABX admin access unit is kept in a secure location
  • Look for heavy call volumes at nights or on weekends and public holidays
  • Review system call records for discrepancies and unusual use

How can TDP minimise the risk?

TDP can confirm that all programming is at the necessary level to minimise Toll Fraud and is up to date. This can include:

  • Changing Passwords for system access
  • Disable any call forwarding or outbound call ability from your voicemail ports
  • Changing Passwords to Voicemail and administration access
  • Cancel any unused voicemail boxes
  • Restricting numbers from being dialled (1831, 12456,1900)
  • Restrict the 'after hours' outgoing call access
  • Checking Voicemail Ports capability
  • Checking DISA is disabled
  • Checking Class of Restriction Policy

What should I do as a customer to be proactive and minimise risk?

Contact the TDP Helpdesk (1300 990 519) and advise that you would like to minimise Toll Fraud on your PBX. With your confirmation to proceed, TDP will then schedule an engineer to complete the above programming. (Standard charges apply)


What should I do as a customer if I suspect Toll Fraud is occurring on my Phone System?

Contact TDP Help Desk (1300 990 519) and advise that you believe your phone system has been breached. With your confirmation to proceed, TDP will schedule the first available engineer to investigate and rectify the breach as a matter of urgency. (Standard charges apply)


Quick links

Optus Telehacking Guide