Police in ‘PBX fraud’ warning to local businesses
The Royal Gibraltar Police is warning small to medium-sized businesses and anyone operating a Private Branch Exchange system of an increased threat of so-called ‘PBX fraud’.
This follows two recent cases locally with costs to organisations varying in accordance with the time period elapsed between the fraud being committed and its detection.
The RGP declined to provide any further details on the identity of the organisations or the size of the fraud.
In this type of crime, fraudsters hack into phone lines and make premium rate calls potentially costing thousands of pounds.
PBX systems improve business communications, and the fraud also known as “Dial-Through” occurs when cyber criminals take advantage of PBX security flaws for the purposes of making numerous calls to premium rate or overseas numbers.
This type of fraud can often occur when organisations are most vulnerable, such as during the early hours of the morning or during weekends/public holidays, when a business may be closed but their PBX system remains “live.”
PROTECTIVE MEASURES
The RGP has outlined a number of ‘protective measures’ to follow to help protect against PBX fraud.
This includes ensuring you have a strong pin/password for your voicemail system that is changed regularly (at least every month).
“If your voicemail is on its default pin/password, ensure this is changed immediately,” the RGP said.
Ensure that access to your voice mail system from outside lines is DISABLED, but if this is essential, ensure this is available to restricted users who must update passwords/pins regularly, the RGP advises.
Further advice includes exploring whether your network provider can block outbound calls whilst your business is closed.
“Implement a system whereby call logging/reporting options are regularly reviewed, and monitor for any increased or suspect call activity on a regular basis.”
Consider asking your provider to place call-barring to international numbers/premium rate numbers if you have no need to make such calls, the RGP said.
“Secure your exchange and communications system with the use of a strong PBX firewall. If you don’t need the function, ensure it is closed down.”
“Speak to your service/maintenance provider to ensure threat understanding, and request that any identified security flaws are rectified immediately.”
