Tags |
|
|
Links |
|
|
Other Added - Prevent Your Business From Falling Victim To Dial Through Fraud
Do you know of someone who has recently lost a loved one? If so, you may be interested in sending a sympathy gift. When it comes to sympathy gifts, especially concerning the loss of a loved one, there are many individuals who choose to send flowers. While flowers are nice, you may actually want to think about sending a sympathy gift basket.When it comes to sending a sympathy gift basket instead of traditional flowers, you may be wondering why it is advised. If you have ever lost a loved one, you may know that flowers are how many people send their condolences. While there is nothing wrong with sending flowers, as it is often just the thought that counts, you may want to send a more meaningful sympathy gift. That gift could be a sympathy gift basket.Although it is nice to hear that a sympathy gift basket is a nice alternative to sending flowers to someone who may have lost someone that they loved, you may still be unsure as to whether or not it is the right decision to make. If
How Can It Be Prevented
The most obvious way is not to allow remote access to the administration facilities of the PBX. However this may not be practical and could lead to increased charges from the maintenance company. The second method is to use a very random password on the PBX, up to the maximum number of characters and to lock the modem so that it will only answer calls from a single phone number. This solution is very inflexible and after a whi
China already leads the world in the number of Internet users as well as Internet usage, with over 800,000 new Internet users coming online every week. You'd think that a country with so much Internet usage would have a big effect on the web. Well, they do, but for US users, we don't often notice their presence unless we go searching for it. Here's what's out there on the Chinese information superhighway:PortalsJust like other countries, Chinese users tend to use portals to find what they're looking for. Yahoo's Chinese portal is rated as the 6th most popular Chinese site. The #1 site for Chinese users is a portal called Baidu.com, a Chinese language search engine that also offers multimedia content to its users. Next on the list is QQ.com, a portal similar to Yahoo with a popular free email service attached. Sina.com.cn is next on the list, then we have Sohu.com and 163.com. Each portal has a similar setup to traditional portals like Yahoo and MSN, where updated news is offered,
How Does It Work?
Dial through fraud is not a new problem, it just has limited publicity. It exploits a PBX feature that allows employees to ring in to the switchboard and by keying certain dialling codes, make national and international calls for which the company will pay the bill.
Many businesses will take an "It will never happen to me" approach to dial through fraud, even though most business PBXs are setup to be maintained remotely. This is to allow engineers from a maintenance company to make changes to the configuration without needing to make a site visit but it exposes the PBX. The administration port on the PBX will be connected to a modem that in turn is connected to an extension on the PBX.
Using trial and error, hackers will identify the number that this modem is on. The default passwords like "admin", "0000" or "1234" will be tried first. Even if the password has been changed, there are plenty of free utilities on the Internet that will use brute force to try every number and letter combination until the right password is found. It has been known for 16 character passcodes to be cracked in this way.
Once the hacker has gained administrative access to your PBX, they will identify unused extension numbers and set them up to allow dial through using the company PSTN lines. For the cost of a local phone call, the hacker can be making calls to the Middle East, Far East, Africa, Australasia, etc. Some of these calls could be costing the business up to ?3 a minute.
To compound the problem, the hacker will usually set up a disguised PBX that routes its calls through the company PBX. The hacker will then operate a "Call Sell"; selling international calls to customers at cheap rates. Alternatively they could make calls to their own premium rate revenue share services. It is possible that during the 15 hours when your office is closed, up to 10 simultaneous calls could be occurring. And that is just for one day! The problem is likely to go unnoticed and unresolved until the phone bill arrives at the end of the month.
It Will Never Happen To Me
A recent report in the Guardian highlighted the plight of one UK Company that suffered from a fraud attack. The company had secured its PBX with a 16 character password but it was still compromised. The discovery of the fraud was by pure chance when the MD of the company came into the office early one day to find the lights on the telephone switchboard lit up like a Christmas tree, even though he was the only one in the office.
The report showed that recovering the losses was not easy. Although the company's Telco admitted that the calls were fraudulent, it was not their responsibility to secure the customer's equipment from attack. Therefore the customer was liable for any calls made through the PBX. It was also discovered that the company's insurance policy had a standard clause exempting it from any "electronic losses".
A Matter For The Police
Surely if a fraud has been perpetrated, then the police should investigate the matter? This is true. The Regulation of Investigatory Powers Act 2000 (Ripa) gives police the power to request "intercept data" from the Telco that would identify the origin of the inbound calls into the PBX. Under the act, a Telco is allowed to charge up to ?1,500 to cover their costs of retrieving the data asked for by the police. This means that in every case, the police must decide whether the financial losses involved in the fraud justifies the cost of the "intercept data". For big losses, the answer is likely to be yes every time. However, in small cases involving just a few hundred or few thousand pounds, the answer may not be so clear cut.
How Can It Be Prevented
The most obvious way is not to allow remote access to the administration facilities of the PBX. However this may not be practical and could lead to increased charges from the maintenance company. The second method is to use a very random password on the PBX, up to the maximum number of characters and to lock the modem so that it will only answer calls from a single phone number. This solution is very inflexible and after a whil
Shopping is an experience for the senses: the colors, the textures, the lighting, but ultimately it is the act of shopping that people enjoy. The enjoyment a person gets from shopping comes from the emotions and release in endorphins that race thought a person’s bloodstream as they purchase that new sweater or flat screen television. It is not the purchase of a box of cereal or dish washing detergent that excites us; it is the purchase of those extra things, things that are by most standards luxuries, that causes us to experience a rush.On top of that desire for that shopping rush, marketers have been successful in creating need. They have succeeded in convincing us that we need everything: we need this shampoo to make our hair thicker and softer, that car to make us more appealing to the opposite sex, and they have even convinced the population that they need to purchase bottled water even though the United States has one of the purest public water supplies in the world.At the
Using trial and error, hackers will identify the number that this modem is on. The default passwords like "admin", "0000" or "1234" will be tried first. Even if the password has been changed, there are plenty of free utilities on the Internet that will use brute force to try every number and letter combination until the right password is found. It has been known for 16 character passcodes to be cracked in this way.
Once the hacker has gained administrative access to your PBX, they will identify unused extension numbers and set them up to allow dial through using the company PSTN lines. For the cost of a local phone call, the hacker can be making calls to the Middle East, Far East, Africa, Australasia, etc. Some of these calls could be costing the business up to ?3 a minute.
To compound the problem, the hacker will usually set up a disguised PBX that routes its calls through the company PBX. The hacker will then operate a "Call Sell"; selling international calls to customers at cheap rates. Alternatively they could make calls to their own premium rate revenue share services. It is possible that during the 15 hours when your office is closed, up to 10 simultaneous calls could be occurring. And that is just for one day! The problem is likely to go unnoticed and unresolved until the phone bill arrives at the end of the month.
It Will Never Happen To Me
A recent report in the Guardian highlighted the plight of one UK Company that suffered from a fraud attack. The company had secured its PBX with a 16 character password but it was still compromised. The discovery of the fraud was by pure chance when the MD of the company came into the office early one day to find the lights on the telephone switchboard lit up like a Christmas tree, even though he was the only one in the office.
The report showed that recovering the losses was not easy. Although the company's Telco admitted that the calls were fraudulent, it was not their responsibility to secure the customer's equipment from attack. Therefore the customer was liable for any calls made through the PBX. It was also discovered that the company's insurance policy had a standard clause exempting it from any "electronic losses".
A Matter For The Police
Surely if a fraud has been perpetrated, then the police should investigate the matter? This is true. The Regulation of Investigatory Powers Act 2000 (Ripa) gives police the power to request "intercept data" from the Telco that would identify the origin of the inbound calls into the PBX. Under the act, a Telco is allowed to charge up to ?1,500 to cover their costs of retrieving the data asked for by the police. This means that in every case, the police must decide whether the financial losses involved in the fraud justifies the cost of the "intercept data". For big losses, the answer is likely to be yes every time. However, in small cases involving just a few hundred or few thousand pounds, the answer may not be so clear cut.
How Can It Be Prevented
The most obvious way is not to allow remote access to the administration facilities of the PBX. However this may not be practical and could lead to increased charges from the maintenance company. The second method is to use a very random password on the PBX, up to the maximum number of characters and to lock the modem so that it will only answer calls from a single phone number. This solution is very inflexible and after a whi
Procurement consulting can be done on the Internet and many other companies provide consultation services for a fee. These consultants are usually experts in economics or related fields that can study, understand, and even predict the market trends. This makes them useful in the long term because they are capable of cutting costs for the company by providing legal and financial advice.Buyers can wait for prices to go down or they can predict the prices, thus reducing the investment. This prediction needs to be accurate in order to have any effect on the cost of the commodity. Sometimes big companies and amateur entrepreneurs find it hard to predict prices, and consultants are hired in order to cut down the costs incurred due to procurement.These consultants are usually experienced in all phases of purchasing and procurement consulting and focus on understanding the cost of the commodities that mostly drive the price of their supplies. This knowledge helps the buyer to negotiate pr
To compound the problem, the hacker will usually set up a disguised PBX that routes its calls through the company PBX. The hacker will then operate a "Call Sell"; selling international calls to customers at cheap rates. Alternatively they could make calls to their own premium rate revenue share services. It is possible that during the 15 hours when your office is closed, up to 10 simultaneous calls could be occurring. And that is just for one day! The problem is likely to go unnoticed and unresolved until the phone bill arrives at the end of the month.
It Will Never Happen To Me
A recent report in the Guardian highlighted the plight of one UK Company that suffered from a fraud attack. The company had secured its PBX with a 16 character password but it was still compromised. The discovery of the fraud was by pure chance when the MD of the company came into the office early one day to find the lights on the telephone switchboard lit up like a Christmas tree, even though he was the only one in the office.
The report showed that recovering the losses was not easy. Although the company's Telco admitted that the calls were fraudulent, it was not their responsibility to secure the customer's equipment from attack. Therefore the customer was liable for any calls made through the PBX. It was also discovered that the company's insurance policy had a standard clause exempting it from any "electronic losses".
A Matter For The Police
Surely if a fraud has been perpetrated, then the police should investigate the matter? This is true. The Regulation of Investigatory Powers Act 2000 (Ripa) gives police the power to request "intercept data" from the Telco that would identify the origin of the inbound calls into the PBX. Under the act, a Telco is allowed to charge up to ?1,500 to cover their costs of retrieving the data asked for by the police. This means that in every case, the police must decide whether the financial losses involved in the fraud justifies the cost of the "intercept data". For big losses, the answer is likely to be yes every time. However, in small cases involving just a few hundred or few thousand pounds, the answer may not be so clear cut.
How Can It Be Prevented
The most obvious way is not to allow remote access to the administration facilities of the PBX. However this may not be practical and could lead to increased charges from the maintenance company. The second method is to use a very random password on the PBX, up to the maximum number of characters and to lock the modem so that it will only answer calls from a single phone number. This solution is very inflexible and after a whi
Modular office buildings are a practical, modern way to maximize space and delineate limits and boundaries in any work environment. In fact, this has become a prevalent design in millions of office buildings around the world. It is a popular choice for interior offices, clean rooms, manufacturing rooms and is widely used for industrial wall systems. A modular office is sleek with clean lines and works best especially for companies with numerous employees.If you want the modular office look for your building, here are a few tips that could help you:What they areModular office furniture are also known as cubicles and may be purchased piece by piece. They have interlocking devices and may be expanded depending on need. Modulars are a great choice if you have a young company with the possibility of expanding. Modulars expand as your business grows.There are two types of modular designs: the freestanding and the panel-mounted. Freesta
The report showed that recovering the losses was not easy. Although the company's Telco admitted that the calls were fraudulent, it was not their responsibility to secure the customer's equipment from attack. Therefore the customer was liable for any calls made through the PBX. It was also discovered that the company's insurance policy had a standard clause exempting it from any "electronic losses".
A Matter For The Police
Surely if a fraud has been perpetrated, then the police should investigate the matter? This is true. The Regulation of Investigatory Powers Act 2000 (Ripa) gives police the power to request "intercept data" from the Telco that would identify the origin of the inbound calls into the PBX. Under the act, a Telco is allowed to charge up to ?1,500 to cover their costs of retrieving the data asked for by the police. This means that in every case, the police must decide whether the financial losses involved in the fraud justifies the cost of the "intercept data". For big losses, the answer is likely to be yes every time. However, in small cases involving just a few hundred or few thousand pounds, the answer may not be so clear cut.
How Can It Be Prevented
The most obvious way is not to allow remote access to the administration facilities of the PBX. However this may not be practical and could lead to increased charges from the maintenance company. The second method is to use a very random password on the PBX, up to the maximum number of characters and to lock the modem so that it will only answer calls from a single phone number. This solution is very inflexible and after a whi
From sea to shining sea, America is a place where transportation has become one of the most essential parts of functioning for businesses and individuals. If you are looking into freight shipping, you want to make sure that you know exactly what you are looking for. Finding the best quality in freight shipping carriers in America will give you the best opportunities for transportation in the land of the free.When looking at freight shipping carrier options in America, you want to make sure that you are able to find the ones that have the best quality. This doesn’t just include getting your freights to their destination in one piece. This should also include the best pricing, fastest shipping time and the ability to ship direct across borders, such as Canada. When looking at all of these possibilities and comparisons, you will easily be able to find the best freight shipping carriers available to you.The first set of qualities that you will want to look into with freight shipp
How Can It Be Prevented
The most obvious way is not to allow remote access to the administration facilities of the PBX. However this may not be practical and could lead to increased charges from the maintenance company. The second method is to use a very random password on the PBX, up to the maximum number of characters and to lock the modem so that it will only answer calls from a single phone number. This solution is very inflexible and after a while could be turned off if it becomes impractical.
Ideally, you would want a solution that could offer the following benefits:
- Use a modem that employs authenticated encryption to prevent hackers with standard modems from being able to connect.
- Some hardware to act as an intermediary between the connection and the PBX. The hardware could then determine through a username/password what level of access to give to the PBX.
- The hardware should proactively monitor the PBX looking for the first signs of fraudulent activity.
Secure Access Modems
Secure access modems tend to be hardware based. One modem is connected to the PBX, while one or more modems are deployed in the field. The modems use an encrypted secret key and a unique ID to provide a challenge/response to incoming calls. Consequently only a modem with a matching encrypted secret key, using an ID that is allowed by the PBX modem will be able to connect.This provides a more flexible alternative to calling from a single phone number. The modem is self contained and does not require any special software. It is unlikely that a random hacker using a standard modem will be able to breach this initial barrier.
Hardware Acting As An Intermediary
If you use a hardware appliance, it can act as a gateway between the PBX and the user. It could log all login attempts. It could be configured to send out an alert (as an email for example) when it detects multiple login failures. This type of behaviour would occur if a hacker was using a brute force attack to try and discover the password.Different combinations of usernames and passwords could be given different levels of access to the PBX. Users can therefore be restricted to performing only certain actions from a limited menu choice. This prevents the hacker from gaining full unrestricted access to all of the administration functionality.
Proactively Monitoring For Dial Through Fraud
A dial through fraud solution can proactively monitor the call output from the PBX. It can be set to look for suspicious call activity. In the case of the company featured in the Guardian article, this would use a "ruleset" to look for any call that occurred outside of office hours. When suspicious activity is detected, an alert would be sent out containing the details. This allows an appropriate response to be taken, reducing the potential losses caused by the fraud.
Dial through fraud can very quickly and silently cause thousands of pounds worth of losses to a business. The standard security precautions in place to prevent it are weak, especially compared to those used on IT networks. Trying to recover any loss is as difficult as detecting the fraud in the first instance. Data Track can offer a range of Tracker Solutions that will not only add extra security to your PBX but also provide a means of detecting losses before they progress too far.
HTTP = HTML link (for blogs, profiles,phorums):
<a href="http://www.otheradded.com/article/2689/otheradded-Prevent-Your-Business-From-Falling-Victim-To-Dial-Through-Fraud.html">Prevent Your Business From Falling Victim To Dial Through Fraud</a>
BB link (for phorums):
[url=http://www.otheradded.com/article/2689/otheradded-Prevent-Your-Business-From-Falling-Victim-To-Dial-Through-Fraud.html]Prevent Your Business From Falling Victim To Dial Through Fraud[/url]
Related Articles:
A Normal Product Life Cycle - Some Examples
The Effectiveness of Corporate Communication
Bookmark it:
|