Bringing up this old topic alive since I got a press release today about this topic...
PABX Fraud increases fourfold
19 August 2010
Fraudsters are targeting unsecured PABXs in New Zealand and getting away with hundreds of thousands of dollars annually. The incidence of fraud has increased fourfold in 2010 with an estimated 30 40 New Zealand companies getting hit by international PABX fraudsters every month.
Leaving your PABX unsecured is like leaving your PIN numbers or bank account details and access codes pinned to your front door. Security of your PABX is easily as important as the security of your PC, its relatively easy to defraud you of thousands of dollars if you havent made your system secure.
Whos at risk? Often this is now the small businessman or woman with a PABX (often their first). In one recent case it was an individual who had downloaded a free software-based VoIP PABX and installed it on their home computer. An unsecured PABX system can be compromised via an insecure voicemail system (or similar), that allows incoming callers to dial extensions directly.
From there, some insecure PABX systems can even allow callers to access outside lines. Hackers have targeted these systems around the world sometimes resulting in a large volume of international calls being charged to the PABX users account. To help ensure your business is protected against this type of fraud, we advise you check your PABX system is secure and it is adequately configured to maximise your security.
Minimising your risk
We strongly recommend you take action now. It is vital that you review and follow the attached security measures as soon as possible. If you have any questions regarding your own particular PABX, contact your vendor in the first instance for advice on securing your system. Visit: www.tig.org.nz/stoppabxfraud for more details, advice and links to other information. The TIG is an industry group aimed at increasing the contribution of telecommunications to New Zealand society and economy.
Guard against PABX hacking what you can do
1. CHOOSE A STRONG PASSWORD: Voicemail and DISA passwords should be changed on a regular basis, avoiding factory defaults and obvious combinations such as 1234 or the extension number.
2. CHANGE IT: Make sure all security features passwords, PINS etc are changed following installation, upgrade and fault/maintenance. Dont forget to reset password defaults.
3. KEEP IT CONFIDENTIAL: Keep all internal information such as directories, call logging reports and audit logs confidential. Destroy them appropriately if no longer required.
4. REVIEW REGULARLY: Review system security and configuration settings regularly. Follow up any vulnerabilities or irregularities.
5. VENDOR TERMS AND CONDITIONS: Make sure you have the right terms and conditions reflected in your contracts with your PABX, VoIP and/or voicemail maintainer in order to keep your system regularly maintained and serviced to stay safe.
For more tips on preventing PABX hacking on your system visit: www.tig.org.nz/stoppabxfraud