Back to Blog
Editorial

Expensive Fraud Calls

Published on:

October 20, 2014

We have talked about it before, but reading the article I think it is important to point out some points that were not so clear before. The first one is that some carriers really seem to go after the money, even if they have to go to court. In contrast to the credit card industry, fraud is the responsibility of the customer, not the provider.

Christian Stredicke

It happened again, and it would not be the last time: http://finance.yahoo.com/news/phone-hackers-dial-redial-steal-012343295.html another victim about phone call fraud, caused by a hacked PBX that was somehow accessible for the bad guys.

We have talked about it before, but reading the article I think it is important to point out some points that were not so clear before. The first one is that some carriers really seem to go after the money, even if they have to go to court. In contrast to the credit card industry, fraud is the responsibility of the customer, not the provider.

Then the next point is that it is obviously not necessary that the PBX actually received voice traffic from the public internet. Typically fraud uses the victims PBX as a kind of “least cost router” for terminating traffic into expensive countries. But when calling expensive 900 numbers like mentioned in the article, there is no need to have any traffic with the outside world. All it takes is that the PBX is using its route into the PSTN world.

In theory, a bot on a computer in the LAN can use the click to dial feature of the PBX to keep on dialing expensive numbers. The voice would end up somewhere either on the local PC or smart phone, or just on the phone on the office table. On the weekend when nobody is in the office it would take some time to figure out what is going on.

This is new. If a bot can access the local TAPI on the computer and initiate a call, you are in trouble. There is no extra password check between the TAPI client and the TAPI server. All it takes is a program running on the local PC that is starting to dial numbers.

So what are we learning from all of this?

Apart from the usual recommendations to check for viruses on your computer and make sure that users are choosing good passwords and PIN codes, you should check if your service provider has a fraud detection feature. This will limit the damage in case you should get hacked for whatever reason, despite all the precautions that you did on the system. If you are using prepaid accounts, the damage will be limited to the money that you have put into the meter.

By default, version 5 does not come with a CSTA license which is required for TAPI calls. If you have the license and are using TAPI, you can do a few measures that reduce the exposure to the risk. You can double check what numbers can be called from your PBX in the dial plan. In many cases it is not necessary that PBX users are dialing expensive hotlines, and if they do, you can set the flag in the dial plan that they have to enter their PIN code. And you can make sure that PCs are turned off when users are not in the office. This does not only make sure that you don’t have any surprises on your phone bill on Monday morning. It also saves power.

Latest Articles

View All
Editorial

Resilience in Communication: Why Vodia’s Distributed Approach Leads the Way

Vodia Networks utilizes a distributed architecture for its communication platform, reducing the risks associated with centralized systems. Unlike single-server solutions that create a single point of failure, Vodia’s approach spreads the load across multiple servers, ensuring continuous operation even in the event of hardware or software issues. Each server operates independently with its own data, enabling quick failover and minimizing disruption. On-premise deployment options provide additional control over security and performance, while the decentralized structure enhances resilience against large-scale outages and cyber threats.

February 5, 2025
Editorial

The Vodia PBX for Communication in Nursing Homes

Nursing homes require seamless, secure communication to ensure quality care, and Vodia’s cloud-based PBX is the ideal solution. With features like ACD, call recording, emergency notifications and MS Teams integration, Vodia streamlines staff coordination, enhances resident safety, and simplifies admin workflows. Our system supports DECT, SIP phones, smartphones, and web browsers, providing flexible connectivity. Vodia’s Smart Fax ensures secure document transmission, while our API enables custom integrations with EHRs and telemedicine software. Designed for scalability, privacy, and reliability, Vodia empowers nursing homes to maintain smooth operations.

January 29, 2025
Announcement

Vodia Looks Forward to IT Expo 2025

Vodia is excited to participate in IT Expo 2025, taking place from February 11 to February 13 in Ft. Lauderdale, FL. Sales Engineer Eric Altman will be attending to meet with partners, discuss Vodia's latest milestones, including our Microsoft Teams certification and integration with Realtime AI via APIs, and explore the future of AI in business communication. "2025 is shaping up to be an exciting year for Vodia, and we’re eager to engage with our partners and industry peers to discuss how we can continue to innovate and grow," said Eric. We encourage both current and prospective partners to reach out to Eric at ea@vodia.com or +1 (617) 861-3490 to arrange a meeting. We look forward to seeing you in Ft. Lauderdale for an exciting and productive event.

January 29, 2025