Fraud Detection & Prevention

Five steps to prevent enterprise voice fraud

This is a contributed piece by John Baldwin, Director of Voice at Colt Technology Services

Enterprise voice fraud is skyrocketing, with a year on year increase of 113% globally from 2016 to 2017, according to fraud analysis specialist Pindrop Labs. The research identified the call centre as the nexus of fraud activity, with one in every 937 calls identified as fraudulent in 2017 versus one in every 2000 last year.

The adoption of IP has given fraudsters an attractive attack vector, with around 45% of fraudulent calls made using VoIP lines. Furthermore, as enterprises and technology have collaborated to improve their digital defences, fraudsters have begun to move into the riskier world of social engineering to get access to phone systems.

Losses can add up quite quickly for victim organisations. In 2016, global average fraud losses were $0.58 per call, with some companies making or receiving tens of thousands, even millions, of calls per year. Responsibility for security is typically down to the enterprise IT team or CISO, who are facing an ever-increasing amount of security challenges, with banks and brokerages, insurance and retail among the hardest hit sectors.

Colt has experienced a rise in the number of requests for help in addressing voice fraud in recent months, and has identified several warning signs that may mean your system’s security has been compromised. So look out for:

  • Abnormally long calls or an unusually high number of short duration calls
  • Calls to unknown destinations
  • Repetitive calls to the same number
  • Large call volumes at night, weekends or public holidays
  • Difficulties (busy tone or delays) with retrieving voice mail messages

If you think you are experiencing fraud, are concerned about potential fraud or are contacted by your network about suspected fraud on your infrastructure, it is recommended that you follow these steps to protect your PBX. In most organisations, the need for general security guidelines for IT Infrastructure, as well as the physical access to buildings is well documented. These guidelines include restricting access to equipment; including comms room and master terminals; limiting the number of employees with authorisation to set up new codes and passwords; cancelling access rights when members of staff leave the company, or ensuring that all security features (such as passwords and PIN) are changed following installation; and upgrade and fault/maintenance (including resetting password defaults).


Key tips for preventing voice fraud

1. Remove or de-activate all unnecessary system functionality including remote access ports. If remote access ports are used, consider using strong authentication such as Smartcards/Tokens.  Restrict destinations such as Premium Rate, International or Operators including Directory Enquiries.

2. Review PBX call logging/ reporting material regularly and analyse these for increases in call volumes or suspicious destinations.

3. Ensure that all security features (such as passwords and PIN) are changed following installation, upgrade and fault/ maintenance (including resetting password defaults). Limit the number of employees with authorisation to set up new codes and passwords.

4. System security and configuration settings should be reviewed regularly. Any vulnerabilities or irregularities should be followed up.

5. Be vigilant against bogus callers such as those posing as a company employee who ask to be connected to switchboard operators to obtain an outgoing line.


« Why does Microsoft Windows 10 need Linux?


News Roundup: Why was one hacker arrested after Def Con? »
IDG Connect

IDG Connect tackles the tech stories that matter to you

  • Mail