textfiles/phreak/SWITCHES/pbxscams.txt
2021-04-15 13:31:59 -05:00

87 lines
3.4 KiB
Plaintext

FRAUD
PBX USERS FALLING VICTIM TO DETERMINED RIP-OFF SCHEMES
"Dumpster Divers" and disenchanted employees can run up
costly bills
PBX fraud has turned into a thriving business for the
criminals running up millions of dollars worth of phony
calls, and a nightmare for the companies that are being
victimized. Since the user companies - not the switch
manufacturers who have been sued unsuccessfully - are
responsible for fighting this increasingly wide-spread
crime, we offer descriptions of the fraudulent calling
techniques and some tips for defeating them.
PBX REMOTE ACCESS
Any customer offering remote PBX access via 800 service
can be victimized by this kind of fraud, which is
impossible to prevent totally.
Although many of the 800 numbers used for remote PBX
access are not published, they, like the access codes they
work with, may be illegally obtained and sold. If no code
is needed to gain remote access, the fraud is even more
easily accomplished. Those numbers frequently ring through
to a tone instead of an operator. Once the 800 number is
dialed and an access code is entered, a dial tone is
provided that allows illegal callers to dial anywhere in
the world.
Access codes may be obtained in a number of ways. That is
where such industrious types as "Dumpster Divers" enter
the picture. As their name suggests, Dumpster Divers
actually comb through reams of trash in order to find
access codes; the numbers may then be used by them or sold
to other illicit users for up to $10,000. Terminated or
disgruntled employees may also have access to the
numbers.
The more technically-minded criminals dial up 800 numbers
and set computers to work dialing hundreds of random
number combinations per minute until they hit a legitimate
access code combination.
The first step in combating this form of fraud is to use
access codes. In large businesses with lots of turnover,
change the codes at least monthly. Change them, as well,
if it is determined that a terminated or disgruntled employee
may have an ax to grind.
A few words to the wise: Make sure the access codes are
comprised of at least six or seven digits; thoughtless
combinations like R1-2-3S can be easily ferreted out.
Monitoring call patterns closely can also help weed out
fraudulent offenders. Actually, this defense tactic is
applicable against any PBX fraud technique. Keep on the
lookout for abnormal calling, such as late-night calling,
long-duration calls and repeated calls to specific areas.
PBXs should also be programmed to establish a threshold
for the number of calls allowed within a given time period
using any one access code and to disable that access code
when the threshold is reached.
INMATE FRAUD
If it is true that idle hands are the Devil's workshop,
it should come as no surprise that prisons have become
a major center of operations for PBX-based fraud. Inmates
are representing themselves as New England Telephone
employees in order to gain access to an outside line
through business customers' switchboards. They call
PBX attendants collect, alleging that they are working
in the area and will need to pass calls through the
attendant for completion.
The fact of the matter is this: New England Telephone
personnel do not make collect calls to any of our
subscribers, and they should not accept such calls.