A substantial increase in your telephone bill is an indication your company could be the victim of Private Automatic Branch Exchange (PABX) fraud. Detailed billing will assist in identifying any potential unauthorised calls, usually International calls but they can also be National telephone calls. Another indicator is where customers trying to dial, in or employees trying to dial out, find that the lines are always busy. Private Automatic Branch Exchange (PABX) fraud is defined as the unauthorized use of a company’s phone system. It is a theft of long-distance services by a) un unrelated third party, b) a staff member of a long-distance carrier, local telecom or vendor, or c) the user’s staff member.

Who commits Private Automatic Branch Exchange (PABX) fraud?

As is the case with any other unlawful act, fraudsters in this industry, who are referred to as “hackers,” do it mainly for the money. Other fraudsters do it for fun, professional challenge and/or out of boredom. Still other fraudsters know how easy it is, know the codes, have the proper equipment and cannot resist the temptation. In most cases, fraudsters can recognize the manufacturer/brand by the prompts and determine which password ranges on which to concentrate. With some luck and persistence, fraudsters will “hack” into their first system within the hour. Most of the activity is through call/sell operators who operate in urban communities, mainly by immigrants for immigrants who call to countries like the Dominican Republic, China, Pakistan and Egypt at a rate of €10 for a 30- to 45-minute call. These telephone calls usually take place after regular business hours or on weekends where the excessive Private Automatic Branch Exchange (PABX) traffic will go on unnoticed and uninterrupted.

How do hackers get the numbers?

There are different methods of obtaining telephone codes: (a) “Dumpster divers” (fraudsters who go through your trash and look for phone bills, computer printouts or product manuals); (b) “Shoulder surfers” (fraudsters who stand particularly close to you at a pay phone (in airports, bus terminals, etc.) while you dial your Direct Inwards System Access (DISA) password, voice mail code or calling card number so fraudsters can capture your dialling sequence; or (c) Hackers publish their findings in magazines, BBS and even on the Internet.

What do they do with these codes once fraudsters have obtained them?

Since the primary motive is money, fraudsters look for buyers. On the streets of New York City, for example, where 60 percent of Private Automatic Branch Exchange (PABX) fraud attempts originate, a good number will go for $3,000 to $5,000 depending on the supply/ demand at that time.

Why are Private Automatic Branch Exchanges a perfect target

Today’s Private Automatic Branch Exchanges are feature-rich, and more and more features are developed each day as the various Private Automatic Branch Exchange (PABX) manufacturers attempt to gain a competitive edge. These features are all software, and therefore programmable, which in most cases means fraudsters can be accessed remotely. In addition, maintenance and service is provided by interconnects from remote service centers via modem lines. All of this creates a very familiar environment for the hacker to operate in with very little risk of being identified.

What are hackers looking for in your Private Branch Exchange (PBX)?

The easiest vehicle for fraudsters is to gain control of your direct inward service access (Direct Inwards System Access (DISA)) where a remote user can gain access to an outside line from your Private Branch Exchange (PBX) by punching some “long” authorization codes. Most companies use it for the travelling employee. Second, fraudsters would love to “take over” your maintenance port. By controlling that port, which is the heart of your Private Branch Exchange (PBX), fraudsters can do whatever they want, including changing your routings and passwords and deleting/adding extensions. And, if their intent is vicious, fraudsters can actually shut down your Private Branch Exchange (PBX) and take you out of business. Voice mail is probably the most popular vehicle of Private Automatic Branch Exchange (PABX) fraud these days. Like Private Branch Exchanges, voice mail systems are also very sophisticated and full of features. A fraud perpetrator can, among other things, sit on the beach in Trinidad and Tabaco and program your voice mail box in Frankfurt to place any inbound call on temporary hold, grab another line, call his cellular phone then conference the two lines–all within seconds. Meanwhile, the caller has no idea that you are actually enjoying the sun and sipping Jamaican rum. Hackers want to use exactly that feature to forward calls to a “phantom” mail box that will give just a dial tone. Then, fraudsters dial the rest from any public phone in Washington D.C., Dubai or Amsterdam.

Previous Story

Computer Software Service Fraud (CSSF)

Next Story

Forensic Technology and Discovery Services

Latest from Corporate Fraud | Related Expertises

Phone Fraud

Telephone fraud involves criminals contacting you by phone (vishing) or by text (Smishing) pretending to be

Email Fraud

Email fraud (“Phishing”) involves fraud perpetrators making contact by email and can take a number of

Procurement Fraud

Employees may be trusted with certain procurement responsibilities which can provide opportunities to commit fraud-related offenders.