Premium rate service fraud” happens when hackers lease premium rate phone numbers (typically used for psychic and adult chat lines) from a Web-based service. (U.S. premium rate numbers have 1-900 prefixes, but ones from other countries can be different.) The premium rate service charges dialers more than $1 per minute and gives lessees a cut.
After hackers lease the premium rate number, they break into a business phone system and start making calls to it, usually when nobody’s around. Auto-dialing software makes hundreds of calls simultaneously,running up more than 200 minutes of charges each minute to the premium rate line. The service sends a bill to the phone company, who builds the business, and the hackers get their cut.
This hack has become popular as more small businesses switch to Voice Over IP (VOIP) Internet phone companies to save money. But like anything connected to the Web, these Internet phone networks are wide open to attack. VOIP providers tend to be smaller carriers without the sophisticated antifraud systems or the resources to cover fraudulent phone charges, which they are NOT required by law to cover anyway!
Here are six tips from the experts on how to stop phone fraudsters:
- Ask the provider what kind of fraud protection they use. Also ask them to put your PBX behind a firewall. If these capabilities aren’t offered, move on.
- Review your carrier contract. Make sure you don’t have services you don’t need, like international calling. Many premium rate calls go overseas.
- Just to be sure, tell the provider to switch off international phone calls. Use your personal phone for any legitimate overseas calls and have the business reimburse you.
- Place limits with your carrier on the dollar amount you spend each day on long distance calls. With VOIP, these calls cost pennies, so a cap can be as little as $40 to $50 a day.
- Give your provider a white list of IP addresses permitted to make phone calls. If an unknown IP address tries to make calls, the system will shut down.
- Require everyone in your business to use a complex password–up to 16 letters and numbers. Also put tight administrative controls on the network and only allow a few people access to master passwords and controls.
The Communications Fraud Control Association says there was about $5 billion in premium rate service fraud in 2013, with some small businesses on the hook for more than $100,000 in fraudulent charges. Please use these tips to help lock down your phone system. Here’s to your continued success, as you keep putting together your best year ever…. Enjoy a great month!