Preventing Cyber-Crime and Fraud

BACK 15-11-2016

Companies of all sized based in Nottinghamshire are currently experiencing an increased level of fraud following compromise of their Private Branch Exchange (PBX) systems.

A company’s PBX is the telephone system that allows a company to switches calls between phones on local lines while allowing all users to share a certain number of external phone lines. PBX or dial- through fraud occurs when hackers target these systems from the outside and use them to make a lot of calls to premium rate or overseas numbers to generate a financial return leaving the company in question with a substantial phone bill.

Once access is gained, the criminals can exploit in-built services such as message forwarding and call diversion and can make calls on the organisation’s account to premium rate numbers or international numbers

Businesses of all sizes can be targeted, but nationally there has also been an increase in schools, charities and medical/dental practices being targeted. Victims can lose tens of thousands of pounds and are likely to be targeted again once a vulnerability in their system has been found. This type of fraud is most likely to occur when a business is closed but their telephone systems are NOT, for example in the early hours of the morning or over a weekend or public holiday.

The good news is that some simple steps will significantly reduce your risk of victimisation:

  • Use strong pin codes or passwords for your voicemail system, ensuring they are changed regularly.
  • If you still have your voicemail on a default pin/password change it immediately.
  • Disable access to your voice mail system from outside lines. If this is business critical ensure the access is restricted to essential users and they regularly update their pin/passwords
  • Ensure that only users that need administrator privileges have them to stop criminals disabling protection you have put in place if they gain access to your system.
  • If you do not need to call international numbers/premium rate numbers, ask your telecoms provider to place a restriction on your telephone line.
  • Consider asking your network provider to not permit outbound calls at certain times e.g. when your business is closed
  • Ensure you regularly review available call logging and call reporting options.
  • Regularly monitor for increased or suspect call traffic.
  • Secure your exchange and communications system, use a strong PBX firewall and if you don’t need the function, close it down!

Speak to your maintenance provider to understand the threats and ask them to correct any identified security defects

If you would like any further help or advice on preventing cyber-crime and fraud please call Nottinghamshire Police on 101 or get regularly updated advice by visiting and of following @NottsFraudCops on Twitter