Call Forwarding Fraud
What is it?
- Sending a call to another phone number without active interaction
- This type of attack can be higher during holidays to reduce attention to the attacks
How?
- Leveraging controls on system IVR
- Accessing an internet-connected VoIP phone
Impact:
- Redirects calls to high-cost destinations
- Customer is responsible for charges to the high-cost destinations
How to Start Prevention?
- Adding a call-forwarding block-list
- Use good passwords on the front-facing PBX access portal
PBX phone systems allow users to enable call forwarding to phone numbers. Oftentimes, a malicious party can hack into this process remotely by leveraging the system’s IVR and issuing commands via DTMF (dual-tone multi-frequency) signaling. Another way they can break into the system is by gaining access to an Internet-connected VoIP phone. In either case, the agent redirects the expensive international traffic to the fraudulent numbers, resulting in hefty phone bills to the company. This type of fraud reveals itself through a spike in traffic to high-cost destinations. To make matter worse, this type of fraud often spikes over holidays or weekends when individuals are out of the office and their phone numbers are not securely forwarded to other devices. To mitigate damages, service providers must have a monitoring and alarm system in place that will stop fraud immediately.