Request Information
1.877.459.4347

Request Information

or Call 1.877.459.4347

THE BEST DEFENSE IS A STRONG OFFENSE: How Evolve IP Defeats Phone Hackers

October 23, 2014 / Peter Eisengrein

In her October 19th NY Times article, Phone Hackers Dial and Redial to Steal Billions, Nicole Perlroth paints a frightening picture for businesses. In it, Ms. Perlroth describes how business phone systems can be hacked and quickly amass thousands of dollars in charges — usually costly International calls – and the hacked business is usually liable for those charges.

Is this just a single case study or hyperbole? Unequivocally, no. While stolen credit cards have been making recent headlines, telephone fraud has been quietly occurring for many, many years. Connecting phone systems to the Internet has only made it easier.

Securing a customer-premise based phone system is the sole responsibility of the customer. But what about Evolve IP’s Hosted PBX and, more specifically, Evolve IP’s Hosted PBX customers? Let’s first consider the preventative measures and then detection and mitigation.

PREVENTATIVE
When it comes to security, the best defense is usually a good offense. Evolve IP goes to great lengths to provide the most secure IP phone system platform possible. By securing things up front you lower your risk to fraud. Simple things such as using complex passwords and making devices unreachable from the Internet, by way of a proxy or firewall , will go a long way. Evolve IP uses multiple devices and methods to help secure phones from the Internet at business locations. However, it’s also important that users that have a phone in a small remote office or home location consider how to secure the phone with a firewall, and ensure it is not accessible from the Internet. Additionally, our default settings are to disallow International dialing unless explicitly required by a customer and then we recommend only allowing it for specific users unless every user in a location needs to make International calls. We also block calls to high-risk (high fraud) countries; special arrangements are made for customers that need to call these countries for legitimate business reasons. Furthermore, we limit the number of concurrent calls or forwarded calls a user can make, and will adjust this setting on an as-needed basis.

Another common type of fraud is to hack a voicemail box and either [1] place calls out from the voicemail system or [2] call forward that line to an International number. To defeat this type of fraud, we have disabled the ability to make calls or change the call forwarding through voicemail and voicemail boxes will get “locked out” if an incorrect password is entered too many times.

DETECTION AND MITIGATION
We believe in a defense in depth approach and therefore have multiple systems monitoring call patterns for fraudulent behavior, and we are always looking for ways to add to and improve the detection of fraud. If our systems detect suspicious activity they will alert our Network and Security Operations Center and, if severe enough, the systems will take automated action to disable the users that are generating those calls.

WHAT YOU CAN DO
Again, prevention is the key. Encourage your users to be security conscious. Encourage the use of complex passwords. Do not store or post passwords where others can see them. Do not share passwords. This advice holds true for any computer system or application, not just phones.

If you have phones at users’ homes ensure that they are behind a firewall and are not exposed to the Internet. While our default configuration is to disable remote access to these devices, it is always best to place them behind a layer of security.

If you have any premise based phone systems, have their security checked immediately and audit them regularly.

SUMMARY
Security threats are always emerging. Evolve IP takes fraud prevention very seriously and we are always working to improve them because no single security measure is infallible forever. Some of our fraud prevention policies and best practices have not always been popular, but they have always been in the best interest of protecting our customers because, as the NY Times article reports, a single attack can cost you tens or even hundreds of thousands of dollars in just a few days.

Categories: Unified Communications
Listening To Needs. Solving Complex Challenges.

Helping enterprise IT focus on business results, not infrastructure

  • One of the nation’s largest and fastest-growing dermatology businesses estimates savings of $6.45 Million over 5 years

    View Case Study

    “Evolve IP’s digital workspaces have allowed us to acquire more practices in a faster and more profitable way. That is resulting in bottom-line cost savings and top-line business benefits.”

    – Jeff Francis, Vice President of IT USDP

  • International Law Firm Drives Communications Reliability Across 60+ Worldwide Locations and Saves Over $300,000 a Year

    View Case Study

    “That’s the type of proposition I like to bring to a Board of Directors. When I can say, ‘we can get everything new, be completely redundant, it can meet all of our needs and oh, by the way, we are going to save over $300,000 a year.’ It makes it easy for me to sell!”

    – Ken Schultz CIO of Ogletree Deakins

  • Financial advisory firm enables employees to Work Anywhere with an integrated platform

    View Case Study

    “The transition has been almost seamless to our folks, working from home full time. My team looks like heroes right now.”

    Ryan Easter, Director of IT and Principal at Johnson Investment Counsel

Simplify and future-proof your technology footprint with Evolve IP

It's nearly impossible to stay on top of every change in technology. Partner with Evolve IP and gain the combined experience of hundreds of technologists, all acting as an extension of your IT team. Helping you do more with less.

close

Contact Us

or Call 1.877.459.4347