Despite best efforts and the availability of advanced methods to prevent fraud, the voice fraudsters seem to be winning. In a recent worldwide report, telecoms fraud losses were up 28% since 2019, and the methods used to hack accounts to commit fraud are becoming more and more ingenious.
Caller ID spoofing and automated systems using robo-calling or call flooding have caused many organisations to feel the pain of lost data and, more importantly, lost revenues.
VOIP fraud can emanate from all over the globe and is not limited to the country in which the VOIP provider or line owner operates. Traditionally, Africa has been a “hot continent” for telecoms fraud, because the termination costs are very high and regulation is not as stringent as in other parts of the world.
What’s key is that because fraudsters often attack during weekends, or after hours, fraud events often go undetected for many hours. A single fraud event can easily cost a company thousands of rands before detection.
Communications-based threats, such as theft of service, harassment calls and account takeover disruptions, can impact a company brand – especially if a line is spoofed and used to mask fraudulent transactions.
Evan Damon, Wholesale Channel Manager at Wanatel, one of South Africa’s leading wholesale VOIP providers, describes some of the attacks that have been prevalent in South Africa and across the globe.
Unauthorised use of a company’s phone system to make phone calls (through hacked credentials – passwords and usernames or SIP account details):
When people contact the caller ID number, purporting to be a particular business, they hear a pre-recorded message instructing them to do anything, such as enter their credit card number to “confirm their account”. The hacker will have access to all of that information.
Toll fraud or international dialling fraud:
These phishing scams gain unauthorised access to VOIP systems by targeting users and administrators, accessing credentials and making costly long-distance calls.
Caller ID spoofing
Caller ID is not always accurate in identifying who is calling. Fake caller IDs in conjunction with social engineering can go a long way to convincing an unsuspecting call recipient to part with money, credentials or similarly valuable information. Employees frequently place high importance on the phone number or identity of a caller. As a result, if they receive a call from someone claiming to be from the company or financial institution, for instance, they may be duped into divulging sensitive information.
Damon explains: “Securing VOIP systems starts with the basics – making sure that passwords and usernames are secured, firewalls are in place and that suspicious activity is well monitored, with a clear action plan in place in the event of an attack.”
Further advice from Damon includes ensuring that VOIP features are carefully controlled by administrators of the network. Ensuring automated forwarding is disabled on handsets and rather configured on the PBX, for instance, or that factory default settings are changed for ports, makes it harder for hackers to gain access.
“Security is like a house,” he says. “There are layers of defence and you have to ensure the basics, like locking doors, keeping the gate shut and not sharing the keys, are in place. Armed response companies, for instance, are of little use if you leave your gate open and your doors unlocked.”
Using VOIP can improve flexibility and simplify a company’s communication systems and network environment. However, like any software, VOIP must be deployed and configured correctly to be secure against cyber threats.
For more information on the Wanatel wholesale VOIP offerings, please visit www.wanatel.co.za.
Share
Wanatel
Wanatel is a leading provider of VOIP and cloud PBX wholesale services across South Africa. The company, with offices in Johannesburg and Cape Town, offers cost-effective, white-labelled solutions to resellers, providing innovative solutions to billing, support and solutions portfolios to meet customer demand. www.wanatel.co.za | 086 WANATEL