87 lines
3.4 KiB
Plaintext
87 lines
3.4 KiB
Plaintext
|
|
FRAUD
|
|
|
|
PBX USERS FALLING VICTIM TO DETERMINED RIP-OFF SCHEMES
|
|
|
|
"Dumpster Divers" and disenchanted employees can run up
|
|
costly bills
|
|
|
|
PBX fraud has turned into a thriving business for the
|
|
criminals running up millions of dollars worth of phony
|
|
calls, and a nightmare for the companies that are being
|
|
victimized. Since the user companies - not the switch
|
|
manufacturers who have been sued unsuccessfully - are
|
|
responsible for fighting this increasingly wide-spread
|
|
crime, we offer descriptions of the fraudulent calling
|
|
techniques and some tips for defeating them.
|
|
|
|
PBX REMOTE ACCESS
|
|
|
|
Any customer offering remote PBX access via 800 service
|
|
can be victimized by this kind of fraud, which is
|
|
impossible to prevent totally.
|
|
|
|
|
|
Although many of the 800 numbers used for remote PBX
|
|
access are not published, they, like the access codes they
|
|
work with, may be illegally obtained and sold. If no code
|
|
is needed to gain remote access, the fraud is even more
|
|
easily accomplished. Those numbers frequently ring through
|
|
to a tone instead of an operator. Once the 800 number is
|
|
dialed and an access code is entered, a dial tone is
|
|
provided that allows illegal callers to dial anywhere in
|
|
the world.
|
|
|
|
Access codes may be obtained in a number of ways. That is
|
|
where such industrious types as "Dumpster Divers" enter
|
|
the picture. As their name suggests, Dumpster Divers
|
|
actually comb through reams of trash in order to find
|
|
access codes; the numbers may then be used by them or sold
|
|
to other illicit users for up to $10,000. Terminated or
|
|
disgruntled employees may also have access to the
|
|
numbers.
|
|
|
|
The more technically-minded criminals dial up 800 numbers
|
|
and set computers to work dialing hundreds of random
|
|
number combinations per minute until they hit a legitimate
|
|
access code combination.
|
|
|
|
The first step in combating this form of fraud is to use
|
|
access codes. In large businesses with lots of turnover,
|
|
change the codes at least monthly. Change them, as well,
|
|
if it is determined that a terminated or disgruntled employee
|
|
may have an ax to grind.
|
|
|
|
A few words to the wise: Make sure the access codes are
|
|
comprised of at least six or seven digits; thoughtless
|
|
combinations like R1-2-3S can be easily ferreted out.
|
|
|
|
Monitoring call patterns closely can also help weed out
|
|
fraudulent offenders. Actually, this defense tactic is
|
|
applicable against any PBX fraud technique. Keep on the
|
|
lookout for abnormal calling, such as late-night calling,
|
|
long-duration calls and repeated calls to specific areas.
|
|
|
|
|
|
PBXs should also be programmed to establish a threshold
|
|
for the number of calls allowed within a given time period
|
|
using any one access code and to disable that access code
|
|
when the threshold is reached.
|
|
|
|
INMATE FRAUD
|
|
|
|
If it is true that idle hands are the Devil's workshop,
|
|
it should come as no surprise that prisons have become
|
|
a major center of operations for PBX-based fraud. Inmates
|
|
are representing themselves as New England Telephone
|
|
employees in order to gain access to an outside line
|
|
through business customers' switchboards. They call
|
|
PBX attendants collect, alleging that they are working
|
|
in the area and will need to pass calls through the
|
|
attendant for completion.
|
|
|
|
The fact of the matter is this: New England Telephone
|
|
personnel do not make collect calls to any of our
|
|
subscribers, and they should not accept such calls.
|
|
|