PBX Hacking. Are you safe ? | Webtel Telephone Management | Multimatics

PBX Hacking. Are you safe ?

PBX telephony fraud is the theft of telecommunications services. It also involves deliberate abuse of the voice network in an attempt to reduce or avoid the charges that ordinarily would have been incurred by the culprit. PBX telephony fraud may be perpetrated either from within the organisation by employees or contractors, or by third-parties outside the company, and often outside the country. Whatever the source, the result is the same – the call costs are forced onto someone else.​

PBX systems are easy targets because they are often implemented by people who are not internet security experts. Maintenance of PBX systems will often be provided from a remote location via the internet, which can leave you vulnerable to a hacking.

What'ʹs in it for the fraudsters?

Well, it's unlikely that fraudster wants to save a few bucks on personal calls, but instead, the fraudster is likely to onsell any available SIP trunks found for high volume traffic purposes.

What can be done?

Ideally, one should disconnect all system access ports and block all outside access to the PBX but in the modern age of IP telephony, this is not really feasible,

The next best option is to block as many users as possible from making international calls, as some of the biggest thefts have involved overseas calls. If your company makes lots of overseas calls, rather open up calls only to the international countries you need. 

The following measures can also be taken:

Block all access at night as many fraudulent calls seem to be made late at night.

Set passwords that include numbers, digits and special characters.

Delete all passwords programmed into the PBX for testing and service purposes, as well as the original default passwords. This may seem obvious, but double check that this has been done.

In addition, the access of ex-employees should be revoked.

Set up a daily report on your Telephone Management System that highlights any exceptional call volumes. Webtel can be set to generate a data alert if call volumes increase beyond an acceptable limit. 


© Copyright 2016 Multimatics (Pty) Limited