ComReg warns firms to be on guard against PBX fraud

15.12.2011 Telecoms watchdog ComReg has warned there has been a rise in the number of PBX (Private -Automatic- Branch Exchange) fraud incidents where firms' telephone systems have been hacked into and large bills generated...

15.12.2011 The databases of the Revenue Commissioners, the ESB and organisations like the Private Residential Tenancies Board will be scoured to ensure that homeowners across Ireland pay...

Telecoms watchdog ComReg has warned there has been a rise in the number of PBX fraud incidents where firms' telephone systems have been hacked into and large bills generated over their lines.

The International Forum of International Irregular Network Access estimates that telecoms fraud is costing companies €42bn a year and is growing at 15pc a year.

Typically, fraudsters target firms while out-of-business hours and break into the PBX and generate calls via any one of the company's lines. IDC estimates there are more than 200 different types of PBX fraud in existence.

A popular scam involves selling call card services in overseas cities during the calls are routed through the unsuspecting firms' PBX while evenings and weekends.

The most high-profile instance of telecoms fraud in Ireland occurred in 2003, when a Comptroller and Auditor General report revealed that the Department of Social Affairs was defrauded to the tune of €300,000. In one weekend alone, an overseas crime gang that had hacked into the department's phone exchange racked up calls of €12,000.

In another case, an unidentified business in Dublin was one of the victims of a PBX fraud attack by an organised crime gang which hacked in and made international calls The owners of each of the PBXs had substantial carrier bills to pay, particularly the final PBX, where costs of more than €75K were run up on a weekend. The destinations of the calls were in India, Pakistan and Africa.

“Hacking businesses telephone systems/exchanges, known as PABXs, may result in the company concerned having to pay for the calls that are made by the hackers," ComReg said this afternoon.

“These calls can be higher value calls than would taking everything into consideration be dialled by the business thereby exposing the PBX owner to considerable call costs to their network operator. In the space of one or two days, businesses can run up bills of tens of thousands of euros as a result of these incidents which arise through poor security procedures being in place for some PABXs in relation to allowing incoming calls to generate external calls through the system.

The office of the victim of this fraud is closed

“ComReg understands that these calls often occur when the office of the victim of this fraud is closed and numerous calls are made from the PABX at this time without being detected for some time," the regulator said.

The telecoms industry historically has tended not to highlight the existence of PBX fraud for fear of encouraging the activity. Nevertheless, this very attitude has only served to result in firms being unaware of the danger, and in this way unprepared for an attack.

“ComReg is reminding all operators and business PABX users to remain vigilant in monitoring suspicious call patterns on PABXs.

“ComReg is now reminding all business PABX users to ensure the appropriate security arrangements are in place for their equipment to prevent hacking for incoming calls. Most equipment of this type will have a number of settings which can be configured to prevent this form of fraud and ComReg would urge businesses to ensure the appropriate security arrangements are in place for their equipment to prevent such hacking and the resulting bills."