Phreaking: 111,195% Larger Phone Bill

If that title got your attention then it’s done its job. Phreaking is a very real occurrence in the UK, the worlds 3rd most targeted country, and yet most organisations are unaware that this form of fraud even exists.

The email in the image is genuine. The original receiver of this email had a typical call spend of £7.80 per day; this email advises their daily call spend increasing up to £8,681. In this case the end user was lucky; it was picked up within two days. Some phreaking occurrences are not alerted until the client opens their phone bill at the end of the month, up to 31 days later.

Trained risk assessors will tell you that to quantify risk you multiply the likelihood of the event occuring by the severity of the event if it occurs. If either likelihood or severity are high, the risk needs to be reviewed and considered. If both are high, the risk needs immediatew review. This form is a well established practice that many of you will already have adopted within your business to protect staff in their work activites, but have you condsidered protecting your business from risks in the same way?

Lets apply this risk management principle to Phreaking.

Likelihood

This varies depending on a number of factors, such as how old your system software level is. Because hackers continually create new ways to use your telephone system for fraudulent purposes, system manufacturers continually enhance security features which are rolled out within software updates. If your system is unmaintained, more than 5 years old, or not kept up to date, consider yourself in a higher risk group. If your staff use default passwords on their voicemail, again, consider yourself in a higher risk group.

Some organisations think that they are too small to be a target, however size of business is irrelevant; if you have telephone lines, they are valuable to hackers and need protecting. Furthermore, smaller businesses are recognised as less aware of the risks and less likely to have detection and prevention measures in place.

The UK is the worlds third most targeted country, and the fraud is increasing 15% year on year. Of new clients we take on board, 8 out of every 10 clients have been left exposed somewhere in their existing telephone system.

Severity

The average cost of Phreaking in the UK costs the business £10,000. The annual cost of Phreaking costs the UK £1.2bn; globally that extends to £25.5bn. The email image above shows just how far costs can extend in one day. The severity of Phreaking can, and does, make many financially stable businesses insolvent by presenting a phone bill that is too large to be paid.

Whilst no solution can be considered 100% effective at preventing fraud, there are measures you can take to reduce the risk. Our security checklist will run through the key items that should be considered. Top of the list should be a voice firewall, updated system software, and a sensible password policy to include voicemail passwords.

If you need advice on any points within this artilce, our team are always on hand to help.