This week’s blogs revolve around the scary truth of Voice Hacking. It’s not just a spooky story folks. We’ll tell you all you need to know about this real nightmare and how to protect yourself.
Stay tuned for Thursdays Voice Hacking Part 2 post where we’ll cover the Must-Do’s if you suspect Voice Hacking is happening to you!
You can’t see them, but they are always there. Lurking in the shadows, hidden behind exposed wiring, programmed dialers, and sophisticated re-routing equipment. They often strike after the lights go out, when your poor unsuspecting business has settled in for the night. They are…the Voice Hackers, and they are the nightmare of every IT/Telecom System Administrator in the industry.
What is Voice Hacking you might ask? How does it happen, what do I do to protect myself, and how do I know if Voice Hacking is currently happening? Don’t be scared – read on for all the spooooooky details…
What Is Voice Hacking?
Voice Hacking is communications services fraud. Much like identity theft, it is the use and abuse of products or services with no intention of payment. Voice Hacking is a long standing, industry-wide problem that has seen a surge in recent years thanks to the access provided through IP PBX connectivity to the public internet via a company router. It can impact any business that owns or operates a PBX, Voice Mail System or Hosted Unified Communications platform. Skilled hackers gain access to these systems initially undetected and make outbound calls both domestically and internationally resulting in sizable, unauthorized charges billed to the business.
How Does Voice Hacking Happen?
A skilled hacker can compromise unprotected telecommunications equipment in a few different ways.
- They can call into a call center and be transferred to an open extension or the business’s voicemail system.
- They dial or remotely login to the system via open and unprotected system/router ports.
- Simply tap into exposed carrier wiring. Once they are in, they can redirect calls to anywhere in the world.
- More often than not, the hacker, or hacking team, will set themselves up as a thrifty service provider, offering international access at below market rates. Basically, they make money using your access and assets, and stick you with the very large, unwanted, and unplanned for toll bill.
How To Prevent Voice Hacking – 20 Must Do’s
The best way to protect your business systems from voice hacking is to plan for it. Proactively addressing this issue with your equipment vendor, or a qualified systems consultant can save time, money and lost productivity due to unplanned system lock downs. Industry experts recommend, at a minimum, the following steps to be taken. Click here to view this as a printable checklist.
- Change default codes and passwords immediately once a service is activated, upgraded, or added.
- Don’t choose or allow obvious passwords like extension number, simple number combinations, versions of the company name, etc.
- Educate employees on the importance of keeping codes and passwords confidential.
- Enforce company policy to regularly change PINs and passwords. Force password changes if necessary.
- Limit the number of employees with administrator privileges.
- Do not allow shared or group passwords.
- When an employee leaves the company, immediately cancel their access rights.
- Disable the “External Call Forwarding” feature unless specifically required by a staff member.
- Disable any feature not in use that may be accessed remotely.
- Delete any unused extensions.
- Disallow any “off-hook” access from within the system.
- Delete any unused voice mailboxes.
- Set password access attempts before lock-out at 3 or less.
- Set up “port monitoring” on your access trunks. Pay close attention to high usage in “off hours”.
- Secure all externally placed wiring that connects to system equipment.
- Keep phone system hardware in a secure place with restricted access.
- Ensure you have proper blocks in place for 9XX and some 8XX dialing sequences.
- Require access codes for International calling.
- Keep close tabs on your phone bill, or hire a telecom expense management company to do so.
- Ask if “high unbilled toll” notifications are offered by your carrier.
Stay tuned for Thursdays Voice Hacking Part 2 post where we’ll cover the Must-Do’s if you suspect Voice Hacking is happening to you!
Renodis is the only firm in America providing professional management of businesses communications infrastructure. As a pioneer in its field, Renodis is committed to providing objective service that empowers clients to reduce the Total Cost of Telecom™, free up valuable IT and Executive resources, future-proof their technology, and gain more time for core business initiatives. Contact us to learn more.
Leave a Reply
Want to join the discussion?Feel free to contribute!