Remember pre-Voice-over-IP, back when long-distance calls were expensive, and you had to hunt down employees and beat them up to keep calls short?
There are still ways to rack up breathtakingly expensive phone bills, even with most corporate phone lines now running over the internet.
One example is when modern-day phreakers – phone hackers – break in to companies’ phone networks and stick businesses with horrific bills for calls they never made.
According to the industry group Communications Fraud Control Association, online shysters have managed to rip off small businesses by using their phone lines to route premium-rate calls – typically used for sex chat or psychics’ lines – to the tune of $4.73 billion worth of fraud globally last year.
One of those businesses is a US architecture firm in San Francisco which was looking at a bill of $166,000 for calls made over only one weekend in March, the New York Times reports.
That’s a lot of dialing for an office that was completely empty of employees over the weekend.
It turned out that crooks had broken into the phone network at the company, Foreman Seeley Fountain Architecture, and routed the calls from the firm and on to premium-rate telephone numbers in Gambia, Somalia and the Maldives.
The firm reportedly claimed in a complaint to the Federal Communications Commission that, given its typical phone usage, it would have taken far more than a weekend – more like 35 years – to tally up $166,000 worth of calls.
Telecommunications fraud experts told the New York Times that this is how the premium-service scheme works:
- Criminals sign up to lease premium-rate phone numbers from one of dozens of web-based services that charge dialers over $1 a minute (£.62) and give the lessee a cut – as high as 24 cents (£.15) for every minute spent on the phone.
- Next, the crooks break into a business’s phone system and make calls through it to their premium number. They typically do it over a weekend, when nobody’s around to notice. High-speed computers enable hundreds of simultaneous calls, forwarding as many as 220 minutes’ worth of phone calls a minute to the pay line.
- The intruder gets their share of the charges, typically sent via a Western Union, MoneyGram or wire transfer.
Phone fraud is as old as dirt. Nineteen years ago, The Independent was writing about the advertising agency J Walter Thompson, which was then considering suing British Telecom, after phone crooks exploited flaws in a switchboard sold by BT to fleece the company out of £60,000 ($96,777 USD) worth of free calls over the course of four days.
So shouldn’t carriers be on top of stopping this well-known fraud by now?
According to the New York Times, they are – at least, the major carriers are. Not only do they have sophisticated fraud systems set up to stop the phone leeches before they bleed a company out of six figures; they can also afford to credit customers who get bilked for millions of bogus charges every year.
However, smaller local carriers, which are often used by small businesses, lack such deluxe anti-fraud systems.
It’s also harder for them to cover the cost of fraud. Hence, they often leave their customers stuck with crippling bills.
In the US, the law isn’t helping much, given that carriers aren’t required to cover fraud as credit card companies do.
After a rash of swindles hit businesses in Albany, New York last year, Senator Charles E. Schumer urged the FCC to adopt new regulations. Nothing’s happened yet, though a staffer in the senator’s office said that he’s “still in favor” of new regulations.
Like many internet-enabled crimes, it’s tough to catch the culprits, given that premium-rate service fraud can cross multiple jurisdictions.
Bob Foreman, who owns the architecture firm, told the newspaper that his firm hadn’t even realized such a scam was a risk – as telecom expert Jim Dalton put it, a “six-figure liability waiting to happen.”
His advice for businesses to avoid getting scammed:
- Turn off call forwarding.
- Set up strong passwords for voice mail systems and for placing international calls.
- Treat your phones as internet-connected machines. Criminals have already begun to do so.
We know that small businesses face big impediments to get security right: they’re heavily dependent on computers but might not be big enough to have dedicated IT staff.
With that in mind, we came up with these ways to avoid the 4 password mistakes that small companies tend to make.
A couple more resources that might prove useful are our 4 free tools to boost your security, and our 3 essential security tasks (the tasks are aimed at families, but they’re great advice for micro-businesses, too).