💾 Archived View for gemini.spam.works › mirrors › textfiles › phreak › SWITCHES › pbxscams.txt captured on 2022-06-12 at 17:50:55.
-=-=-=-=-=-=-
FRAUD PBX USERS FALLING VICTIM TO DETERMINED RIP-OFF SCHEMES "Dumpster Divers" and disenchanted employees can run up costly bills PBX fraud has turned into a thriving business for the criminals running up millions of dollars worth of phony calls, and a nightmare for the companies that are being victimized. Since the user companies - not the switch manufacturers who have been sued unsuccessfully - are responsible for fighting this increasingly wide-spread crime, we offer descriptions of the fraudulent calling techniques and some tips for defeating them. PBX REMOTE ACCESS Any customer offering remote PBX access via 800 service can be victimized by this kind of fraud, which is impossible to prevent totally. Although many of the 800 numbers used for remote PBX access are not published, they, like the access codes they work with, may be illegally obtained and sold. If no code is needed to gain remote access, the fraud is even more easily accomplished. Those numbers frequently ring through to a tone instead of an operator. Once the 800 number is dialed and an access code is entered, a dial tone is provided that allows illegal callers to dial anywhere in the world. Access codes may be obtained in a number of ways. That is where such industrious types as "Dumpster Divers" enter the picture. As their name suggests, Dumpster Divers actually comb through reams of trash in order to find access codes; the numbers may then be used by them or sold to other illicit users for up to $10,000. Terminated or disgruntled employees may also have access to the numbers. The more technically-minded criminals dial up 800 numbers and set computers to work dialing hundreds of random number combinations per minute until they hit a legitimate access code combination. The first step in combating this form of fraud is to use access codes. In large businesses with lots of turnover, change the codes at least monthly. Change them, as well, if it is determined that a terminated or disgruntled employee may have an ax to grind. A few words to the wise: Make sure the access codes are comprised of at least six or seven digits; thoughtless combinations like R1-2-3S can be easily ferreted out. Monitoring call patterns closely can also help weed out fraudulent offenders. Actually, this defense tactic is applicable against any PBX fraud technique. Keep on the lookout for abnormal calling, such as late-night calling, long-duration calls and repeated calls to specific areas. PBXs should also be programmed to establish a threshold for the number of calls allowed within a given time period using any one access code and to disable that access code when the threshold is reached. INMATE FRAUD If it is true that idle hands are the Devil's workshop, it should come as no surprise that prisons have become a major center of operations for PBX-based fraud. Inmates are representing themselves as New England Telephone employees in order to gain access to an outside line through business customers' switchboards. They call PBX attendants collect, alleging that they are working in the area and will need to pass calls through the attendant for completion. The fact of the matter is this: New England Telephone personnel do not make collect calls to any of our subscribers, and they should not accept such calls.