One More Type of Cyber Attack to Worry About: Redialing for Dollars—Your Dollars

Linda Musthaler
By | October 23, 2014

Posted in: Network Security Trends

Attention company cyber sleuths: here's one more type of cyber attack that criminals are using to steal billions of dollars a year, mostly from small businesses. Keep your eyes open for this one and read the phone bill closely.  

An article in The New York Times details how hackers are using phone networks to direct businesses' phone systems to call premium-rate telephone numbers that often charge $1 a minute. As the unauthorized premium-rate charges add up, the criminal is "earning" about 25% of those fees. Here's how it works.

A criminal leases premium-rate phone numbers from legitimate providers of this kind of service. The numbers with the 1-900 prefixes are often used for psychic hotlines and sex chat lines. Then the hacker breaks into a business' phone system – not difficult to do for VoIP systems – and programs the system to place calls – lots and lots of calls – to the leased premium-rate numbers. The hacker gets a cut of the outrageous charges that are accrued. His proceeds are typically delivered through wire transfer or an electronic money service like Western Union or MoneyGram.

Some businesses have been hit with phone bills tallying hundreds of thousands of dollars. Although they dispute the bill with their telco provider, there's no obligation on the phone company's part to credit customers for the fraudulent charges. Major carriers are more likely than small local communications companies to provide relief from the bills. What's more, larger phone companies are more likely to have fraud detection systems that can catch and stop the dialing scam early on before significant bills are accumulated.

According to the Communications Fraud Control Association (CFCA), this type of call fraud cost victims (mostly small businesses) $4.73 billion globally last year. One thing that CFCA does to battle the fraud is keep a database of the fake "hot numbers" and share that information with association members.

As with other types of cyber crimes, catching the criminals is usually difficult because the crime spans multiple jurisdictions. For example, the calls might be routed to overseas locations where the U.S. has no mutual agreements to prosecute wrongdoers.

Experts advise people to manage their phone systems to reduce the likelihood of an attack by turning off call forwarding, using strong passwords for their voice mail systems, and to restrict the feature of placing international calls.

For more details read Phone Hackers Dial and Redial to Steal Billions.

You May Also Be Interested In: