Recommended Fraud Mitigation Best Practices for PBX Phone Systems

Fraud in telecommunications is a significant threat, involving the illegal acquisition of money, personal data, or security credentials. To help protect your PBX phone system from these risks, we’ve compiled essential best practices to mitigate the impact of fraudulent activities.

Understanding Your Obligations

To safeguard your telecommunications network from fraud, it’s essential to implement a robust fraud mitigation strategy. While we provide these Recommended Fraud Mitigation Best Practices to assist you in protecting your network, it is important to understand that these recommendations do not alter your contractual obligations to manage and secure your network and its users.

These best practices are designed to help you reduce the attack surface of your network and mitigate the risks associated with telecommunications fraud. However, they cannot guarantee absolute protection against all fraud attempts.

Identifying Types of Fraudulent Traffic

Fraud in telecommunications typically involves the illegal acquisition of money, personal data, or security credentials. Fraudulent traffic refers to the various deceptive behaviors used to impersonate identities, steal information, or cause harm. Below are some common types of fraudulent traffic that you should be aware of:

Unlawful Robocalls (North America)

In the United States, the Federal Communications Commission (FCC) has classified certain types of robocalls as unlawful. As of November 2017, the FCC has empowered service providers to block these calls at the network level to prevent them from reaching the general population. Unlawful robocalls typically involve:

  • Invalid ANI/FROM Telephone Numbers: Numbers that do not exist or are incorrectly formatted.
  • Unallocated ANI/FROM Numbers: Valid numbers that are not assigned to any carrier.
  • Blank or Alphanumeric Characters in ANI/FROM Fields: These fields should contain valid numeric telephone numbers.
  • Numbers on the Do Not Originate (DNO) List: Calls from these numbers are automatically blocked.

Best Practices to Mitigate Unlawful Robocalls:

  1. Use Valid Telephone Numbers: Ensure all outbound calls contain valid and correctly formatted telephone numbers in the ANI/FROM fields.
  2. Block Invalid Numbers: Set up your system to block calls originating from unallocated, invalid, or improperly formatted numbers.
  3. Avoid Short-Duration Calls: Discourage calls shorter than 15 seconds, as these can raise flags with service providers and may be blocked.
  4. Educate Your Customers: If you receive voice traffic that falls into these unlawful categories, take steps to detect, block, and educate your customers on the importance of compliance.

Domestic Toll Fraud/Traffic Pumping

Domestic Toll Fraud or Traffic Pumping is a type of fraud that exploits the high cost of delivering calls to certain rural areas. Bad actors generate large volumes of calls to these expensive destinations, often using automated systems that provide little to no value to the caller. These schemes typically involve:

  • High-Volume Calls to Rural Areas: Particularly rural Iowa, South Dakota, and Massachusetts, where call delivery costs are higher.
  • Fraudulent Systems: Set up in unknowing service providers’ colocation or cloud data centers, designed to exploit intercarrier compensation schemes.
  • Social Media Campaigns: Used to entice people to call these high-cost numbers, leading to inflated access charges and fraudulent payments.

Best Practices to Prevent Domestic Toll Fraud/Traffic Pumping:

  1. Set Up Detection Alarms: Monitor for unusual traffic patterns, particularly large volumes of calls to known high-cost areas.
  2. Analyze and Compare Rate Decks: Identify high-cost NPAs (Numbering Plan Areas) and take proactive steps to block or discourage this traffic.
  3. Educate Your Customers: Inform your customers about this type of fraud and encourage them to implement their own detection and mitigation strategies.

Securing Voicemail and Admin Passwords

One of the most overlooked areas of PBX security is the protection of voicemail and administrative passwords. Weak or default passwords can be easily exploited by attackers, leading to unauthorized access and potential fraud.

Best Practices for Securing Voicemail and Admin Passwords:

  1. Enforce Strong Password Policies: Require complex passwords for both voicemail and administrative accounts. Passwords should be at least 8-12 characters long and include a mix of upper and lower case letters, numbers, and special characters.
  2. Change Default Passwords Immediately: Ensure that all default passwords are changed before the system is deployed. Default passwords are well-known and often targeted by attackers.
  3. Regularly Update Passwords: Implement a policy that requires passwords to be changed regularly, such as every 60-90 days. This reduces the risk of long-term exposure if a password is compromised.
  4. Limit Login Attempts: Configure your system to lock accounts after a certain number of failed login attempts. This helps to prevent brute-force attacks on your voicemail and admin accounts.
  5. Monitor for Unauthorized Access: Regularly review access logs for any unusual or unauthorized login attempts. Immediate action should be taken if suspicious activity is detected.
  6. Educate Users: Make sure all users understand the importance of securing their voicemail and admin passwords. Provide training on how to create strong passwords and recognize phishing attempts.

Scope and Intended Audience

Scope:
This document provides a framework for reducing your exposure to telecommunications fraud, with a focus on mitigating the risks associated with various types of fraudulent traffic.

Intended Audience:
These best practices are intended for all end users who manage or oversee telecommunications networks and are looking to protect their infrastructure from fraud.

By implementing these recommended best practices, you can significantly reduce the likelihood of falling victim to telecommunications fraud. Remember, while these steps are effective, continuous monitoring and adaptation to new threats are essential for maintaining a secure network.


Categories:

Tags:

About The Author: