Hackers can often be shut out with a few basic security measures
For more information contact:
DeAnne Boegli, National Public Relations Manager
TDS Telecommunications Corp.
608-664-4428 / deanne.boegli@tdstelecom.com
MADISON, Wis. — TDS Telecommunications Corp. (TDS®) warns business owners of a serious issue facing those who own and operate their own phone systems. Voice mail and toll fraud is on the rise as hackers use corporate phone systems to find an open road to major telecom networks.
A private branch exchange telephone system, or PBX, is a phone system owned and operated by a private company. It is then connected with telephone lines purchased from a local telecom provider. TDS has been marketing PBX systems to its business customers for more than twenty years and is reminding businesses that security measures must be taken to prevent fraud.
Voice mail and long distance toll fraud are the most prevalent threats to businesses using a PBX. Hackers gain access to the phone system in order to place long distance calls directly from the business customer’s lines, those charges are then billed and could be costly.
Although no system is 100 percent protected, TDS suggests that all businesses with a PBX take the following steps to help prevent PBX hacking and encourages you to contact your local provider to discuss other preventive actions:
* Confirm no default or unchanged factory passwords exist in the PBX and/or voicemail system.
* Check that no unauthorized or additional passwords exist in the system.
* If your company does not need international calling, TDS recommends using international call blocking in the PBX and at the local/long distance switch.
* Delete or lock all unused mailboxes.
* Require all employees to change their voice mailbox passwords to 6- or 8-digit non-trivial passwords. This includes administrative, general delivery and system manager mailboxes.
* Educate your employees on the importance of strong passwords and maintenance.
“By following these suggestions, along with other modifications recommended by your PBX supplier, you can make a significant difference in the security of your PBX systems,” said Tom Canfield, vice president of commercial marketing and product development at TDS. “In an era plagued with fraudulent and opportunistic people, basic prevention measures can really pay off.”
Unauthorized access to a system is usually gained through voice mail menus protected with simple passwords (1111, 2222, 1234, etc.) or unchanged factory default passwords. Once in the system, hackers use system commands to gain dial tone and place calls that appear just like any other call originating from the business. Good password management policy and practice is a strong protection step.
Many savvy hackers also know the default passwords used by switch vendors. PBX hacking can occur when the PBX vendor, or the customer, fails to change these default passwords during initial installation. “While we work directly with our customers who purchase a PBX from us to take the necessary precautions, we also have business customers with existing PBX equipment from other vendors that could pose a security threat,” says Canfield.
Only customers can differentiate legitimate calls from fraudulent ones. Carriers, like TDS, do not have access or permission to stop calls from happening. Each carrier must pay a portion of the call that is handled by them, so when a call is placed to an international location the domestic carrier must pay the foreign carrier, regardless of any claim of fraud. Those charges are then passed back to the customer by the local carrier. Unfortunately, a large telephone bill could be your first warning.
“Business customers are responsible for protecting their own PBX equipment from fraudulent use. Thankfully, some basic security measures can help prevent hacking of their equipment,” adds Canfield. “While we normally help set up these security settings with TDS PBX customers, many companies who already own equipment from other vendors need to pay attention to new threats to protect their lines.”
