2. Though most people are often unaware of
such hacking, ‘phreaking’ (e.g. phone hacking)
is a real curse. Businesses have no choice but
to protect themselves against this type of
attacks.
Recently, phone scams tend to be decreasing
but they still, on a global scale, generate
financial damages up to several billions US
dollars per year (1).
Every business having phone lines and providing
internal VoIP services to its users can be the
target of cyber attacks. These attacks can cause
financial losses of several tens of thousands of
dollars (2). Most of the time, unsustainable losses.
On top of the financial damage, these attacks can
also cause a break down of the phone system,
making businesses unreachable for a certain
amount of time. This can have huge economic
impacts on business.
2
Secure Solutions for
SMBs
01
02
03
04
(1) http://cfca.org/pdf/survey/2015_CFCA_Global_Fraud_Loss_Survey_Press_Release.pdf
(2) http://www.nytimes.com/2014/10/20/technology/dial-and-redial-phone-hackers-stealing-billions-.html?_r=0
4. 4
Principles of
Telephone Hacking
Hackers fraudulently penetrate
phone systems through
businesses’ network to make
international calls.
01
02
03
04
These calls are rerouted and
resold to (not very scrupulous)
operators who buy them at a very
attractive price.
Most of the time, attacks happen
when businesses are closed;
during the night, week-ends, public
holidays. Few hours are enough to
cause financial damages up to
several tens of thousands of
dollars.
In addition to the financial fraud,
phone hacking can have critical
impacts such as identity theft,
interception of calls (listening to
calls or voice mail), break down of
systems’ settings, etc.
5. 5
3,93 3,53
3,53
3,14
2,55
5 types of frauds in billions of $US en 2015 (1)
PBX
IP PBX
Subscription Fraud (Application)
Dealer Fraud
Subscription Fraud (Identity)
Principles of
Telephone Hacking
6. 6
Typology of Most
Frequent Attacks
Hacking users’ voicemails to set up call
forwarding to an external number or even
take remote control of the device.
The last type of hacking that appeared with
new VoIP technology is simply to penetrate
the business’ IT network, which is often
paired with the VoIP network, through the
Internet.
Hacking the admin interface of
the phone system through
different critical cracks to take
remote control of the whole
system.
Hackers are totally anonymous on the
Internet, it is almost impossible to
retrace them.
Hackers are professionals using only an
Internet connection or one of your phone
numbers to get into your system.
Types of mostfrequentattacksWho are the hackers?
In all cases, cracks are often the same: poor
passwords, and poor (or not) secured reachable IT
network (from the Internet).
7. 7
5 Good Practices to
Start Protecting your
Business
Secure your equipment: limit
the access of your VoIP
system to authorized person
only. Store it in a locked place.
Master your infrastructure: every
business has its own way of
managing its IT network. Be aware
of the persons who get connected
to your network, identify the
connection’s sources (wall plugs,
Wi-Fi, VPN, Firewall, etc.) and make
sure your IT policies are clear and
well known by your employees.
Allow calls only to countries you
deal with. Good practices suggest
blocking every country (set by
default) and authorizing only those
necessary. Once again, prefer a
VoIP provider who allows a
granularity on the countries of
destination.
Keep an eye on your telephone
bills frequently: some frauds may
go through at first sight but can
represent a huge amount the next
months.
Add financial limits: a good VoIP
provider will allow you to fix
monetary limits for individual and
international calls. Search for
these providers.
8. 8
… and Ask Us for our
Expertise in:
Audit
vulnerabilities
of your on-site &
remote phone
installation
through
efficient&
reputed tools.
Auditing Security Firewall Monitoring Assistance
Completely
secure your
businessnetwork
by putting in place
advanced
security policies
& secured
connections
(VPN).
Setup a Session
Border
Controller (SBC)
guaranteeingyour
network’s
security &
integrity.
Monitor your
setup's alerts
to allow better
reactivityin
case of large-
scale attacks
(DDOS).
Help you with
your need to
upgrade your
infrastructure
to keepit
lasting.