In this article
Introduction
At the end of this article, you will have the ability to identify and avoid unsolicited fraudulent activity. Should you need any assistance, feel free to contact our support department.
Scam call education
Scam callers are individuals calling you with the malicious intent of trying to steal your account details or personal information. These scammers do not target specific people, therefore, anyone can be deceived by them. Scammers tend to use promising and convincing tactics to persuade you into sharing your personal and confidential details.
Are you being constantly hassled in the following ways?
• Malicious calls;
• Scam calls;
• Abandoned or silent calls;
• Hoax or abusive calls.
If you are receiving frequent and ongoing Scam Calls, please report the scam to:
NZ: https://www.consumerprotection.govt.nz/general-help/scamwatch/
What is toll fraud?
Toll fraud refers to unauthorised individuals illegally gaining access to a phone system and making unsolicited fraudulent phone calls from your system and account to premium-rate numbers (the caller is charged additional fees). This includes but is not limited to breaching network security and accessing private branch exchange services or using or selling long-distance credit card codes.
To simplify, it is when someone who is not authorised to use the service, makes international or high-cost local calls and the bill is left as the End User's responsibility.
The most common approach for fraudsters is to gain access to your SIP credentials. Using such credentials, they can access the service to call internationally. To collect your credentials, they can access your unprotected internal network, access your accounts, or gain them from an email or the paper if they are written down and not secured.
According to the international body for fraud risk management and prevention, the Communications Fraud Control Association (CFCA), it is estimated that toll fraud cost telecommunications providers and their customers $US 28.3 billion in 2019.
Source: (2019) Communications Fraud Control Association (CFCA) - Global Telecom Fraud Survey
Types of Scam Calls related to fraud risks that may expose you or your company
We recommend educating yourself and your staff members with identifying the types of Scam calls related to fraud risks.
Signs to watch out for include but are not limited to:
• Receiving emails from unknown or unregistered domains. Email domains to be cautious of include pat_13654ty_14541@gmail.com or nick1891au@gmail.com;
• Answering "robocalls" or pre-recorded messages requesting/demanding payment;
• Receive calls or emails from unknown individuals with an unusual sense of urgency;
• Receiving text messages from unverified numbers congratulating you for winning an unknown prize or requesting to update your account details by clicking on an obscure link;
• Ongoing and frequent unsolicited phone calls from the same number;
• Scammers may also disguise their number so it seems they are calling locally.
For further information, please visit:
NZ: New Zealand Government - Scams or Spark - Scams & Safety
Blocking suspicious or unwanted international or domestic calls
We highly recommended being proactive when coming across suspicious or unwanted international or domestic calls. If you are unsure if a number is suspicious, we urge you to search the number on Google to locate information about the owner.
How to block callers on your device:
• If you are using a mobile, you will be able to block specific numbers in your call history;
• If you are using a landline, you may already have a feature that allows you to block unwanted callers or you may purchase a device for your existing phone to block specific calls.
How can the system assist you with handling unsolicited calls?
We offer a PBX blacklist object that can be configured within your call flow to reject calls based on the caller's number. Spam or unwanted callers can be added to this object and their call will be rejected automatically. For further information on how to configure this object, please refer to our Block Inbound Spam Callers knowledge-base article.
Alternatively, you have the ability to block all numbers from a certain country based on their prefix. For example, if you are receiving a large number of calls from China (prefix +86), you can configure our caller ID routing object within the call flow to block or filter out numbers calling from that prefix. For further information on how to configure this object, please refer to our Inbound Caller ID Routing knowledge-base article.
High-risk destinations
Any country that has expensive calling rates is a likely destination for toll fraud scamming. Some of the top destinations for toll fraud currently are listed below:
|
· Burkina Faso |
· Republic of Liberia |
|
· Central African Republic |
· Republic of Lithuania |
|
· Democratic Republic of Ethiopia |
· Republic of Madagascar |
|
· Democratic Republic of São Tomé and Príncipe |
· Republic of Malawi |
|
· Democratic Republic of the Congo |
· Republic of Maldives |
|
· Department of Mayotte |
· Republic of Mali |
|
· Diego Garcia |
· Republic of Mauritius |
|
· Falkland Islands |
· Republic of Mauritius |
|
· Federal Republic of Somalia |
· Republic of Mozambique |
|
· Gabonese Republic |
· Republic of Namibia |
|
· Islamic Republic of Mauritania |
· Republic of Rwanda |
|
· Kingdom of Eswatini |
· Republic of Senegal |
|
· Kingdom of Lesotho |
· Republic of Serbia |
|
· Kingdom of Morocco |
· Republic of Seychelles |
|
· People's Democratic Republic of Algeria |
· Republic of Sierra Leone |
|
· Republic of Angola |
· Republic of South Sudan |
|
· Republic of Benin |
· Republic of the Congo / Congo Brazzaville |
|
· Republic of Botswana |
· Republic of The Gambia |
|
· Republic of Burundi |
· Republic of the Niger |
|
· Republic of Cabo Verde |
· Republic of the Niger |
|
· Republic of Cameroon |
· Republic of the Sudan |
|
· Republic of Chad |
· Republic of Tunisia |
|
· Republic of Côte d'Ivoire (Ivory Coast) |
· Republic of Uganda |
|
· Republic of Cuba |
· Republic of Zambia |
|
· Republic of Djibouti |
· Republic of Zimbabwe |
|
· Republic of Equatorial Guinea |
· Réunion |
|
· Republic of Estonia |
· Satellite Call Networks |
|
· Republic of Ghana |
· St. Helena |
|
· Republic of Guinea |
· State of Eritrea |
|
· Republic of Guinea-Bissau |
· State of Libya |
|
· Republic of Haiti |
· Togolese Republic |
|
· Republic of Honduras |
· Tristan da Cunha |
|
· Republic of Kenya |
· Union of the Comoros |
|
· Republic of Latvia |
· United Republic of Tanzania |
|
· Universal International Freephone Number (UIFN) Service |
|
What you can do to protect yourself
To protect, minimise and avoid being influenced by any scams or fraudulent schemes, we highly recommend following these series of steps:
• Protecting your personal information and not sharing it with unknown or unsolicited callers;
• Carefully choose who you share personal details with online and update your privacy settings on social media;
• Contact your financial institution if you believe you have lost money to a scammer;
• Changing your default PINs and passwords on newly acquired customer equipment;
• Selecting strong PINs and passwords (e.g. Not "1234" or "0000" or "password" etc);
• Keep your passwords safe. Do not store them in plain text in computer files or written down on paper;
• Avoid emailing or storing your Passwords or SIP Credentials in the emails;
• Use 2 Factor Authentication where available;
• Ensure your Local Computer Network and machines are adequately protected;
• Locking mobile handsets with secure PINs;
• Ensuring that voicemail PINs are secure;
• Disabling PBX ports and features that are not used (e.g. remote call-forwarding);
• Changing PINs and passwords regularly;
• Not responding to missed calls or SMS from unknown International Numbers, unknown AU, NZ, or UK numbers, or an unknown source;
• Blocking suspicious or unknown domestic or International Numbers on mobile handsets and use of blocking services or products, where available, on landlines;
• Allowing unknown calls to go to voicemail and then listening to any message left to ascertain if this might be a genuine call;
• If you are not calling international destinations, please request the support team to disable these on your account.
Further measures to ensure the safety of you and your business:
• Work with your telecommunications provider;
A good telecommunications company is part of the solution in mitigating the risk of toll fraud. Speak with your provider and ask about their risk reductions strategies, such as international barring.
• Use a managed firewall;
Telecommunications companies are very adept at configuring firewalls to minimise the chances of toll fraud or another breach. You might have a great all-around IT manager within your business, but since telecommunications providers face this problem daily, they have valuable expertise. Ask their advice in configuring your firewall, or better yet, use a managed firewall for your organisation.
• Minimise visibility;
Most commonly, these scammers will attempt to hack businesses with vulnerable firewalls such as open ports where information is easily extracted. If managing your own firewall, reduce ports exposed to remote access as much as possible. This is generally the way hackers find their way in. Minimising the possible access areas is going to make your PBX more secure.
• Strong passwords;
This point cannot be stressed enough. The most effective measure to take against PBX hacking or other cybercrime is to use complex and varied passwords.
If you have difficulty remembering a complex password, use password keeper software to keep track of them or use a memorable phrase with substituted numerical, capitalisation, and punctuation variations. Change regularly.
• Check with ISDN configuration;
SIP (Session Initiation Protocol) is a great technology for business communications. It cuts down on call costs and when utilised within a well-configured IP network, can deliver better security than Internet telephony options.
• Block international prefixes;
Most PBX’s can block all or some international numbers. As previously mentioned, some of the top countries for toll fraud termination include Latvia (+371), Gambia (+220), Somalia (+252), Sierra Leone (+232), and Guinea (+224). Cuba, Timor-Leste, and Lithuania are also hot spots for toll fraud termination. Unless you are specifically doing business internationally, blocking certain country prefixes can limit your risk.
Please refer to our Inbound Caller ID Routing and Block Inbound Spam Callers knowledge-base article for further information.
• High-Risk Destination Blocking
To add a layer of security, we block international destinations that are commonly used for Toll Fraud. If you require to make calls to a High-Risk Destination, please complete the request and condition form found here: https://signnow.com/s/og3tL0hH
How can our system assist you with handling toll fraud?
You will have the ability to reduce the chance of toll fraud by configuring custom dial plans within your PBX system. By restricting international calls and updating the dial plans, further protects your company from fraudsters. For further information on how to configure this object, please refer to our Restricting Dialing Destinations knowledge-base article.
Should you need any further assistance with minimising fraudulent activity with your business, feel free to contact our support department.
