« Lots of Press on Telephony Denial of Service (TDoS) | Main | Massive Scan of the Internet for SIP Servers »

May 20, 2013

Small Business Hit with $600,000 of Dial Through Fraud

A small business, a Remax realtor, was hit with $600,000 of Dial Through Fraud (DTF). I included an article below:

http://www.missourinet.com/2013/05/16/remax-office-owner-hit-by-phone-fraud-600000-bill/

The article does not give any details about the attack, but I bet the attacker exploited the victim's PBX and then generated a ton of inbound calls, which hair pinned out to premium numbers. I discussed this attack method in an April 12th post. Again, DTF/Toll Fraud is still a big issue - attackers set up premium numbers and then generate traffic to the numbers, through this hairpin attack. All enterprises are targets, but again, small businesses are especially attractive, because they don't have the expertise to secure their systems. They are also the least likely to notice the attack, until they get their phone bill...

I wish the victim well. The article says they are fighting the service provider, but that will be difficult. The calls do cost the service provider money - it is the enterprises job to secure their system.

Also, Ofcom, similar to the FCC in the United States, issued a warning that these types of attacks are on the rise:

http://www.mobilenewscwp.co.uk/2013/05/13/ofcom-warns-firms-about-rising-levels-of-dial-through-fraud/

Posted at 03:50 PM in Toll Fraud, UC security, Voice Security, VoIP Security |

Tags: Collaboration Security, Dial Through Fraud, Mark Collier, SecureLogix, Toll Fraud, UC Security, Unified Communications Security, Voice Over IP Security, Voice Security, VoIP Security

|

Comments

MOCET

Hi, Mark:

I have seen this kind of thing firsthand myself, though not to the tune of $600000.

However, it is important to let readers know that this kind of thing happens all the time with analog and digital PBX systems as well as VoIP systems. In fact, in my experience, the typical VoIP provider has much better fraud detection for expensive routes than the telephone companies like AT&T and Verizon.

Please don't let your headline and post here be used to scare off potential consumer, SMB or enterprise VoIP customers. My point is that it actually may be easier to hack legacy systems for profit than a VoIP system.

Thanks.

marc.

Posted by: MOCET | May 20, 2013 at 07:51 PM

Mark Collier

Thanks for the post - I agree. This issue has nothing to do with VoIP, as you say it can occur on any type of PBX/IP PBX system. Pretty much all of the issues I talk about can occur for TDM/legacy or VoIP/UC system.

Posted by: Mark Collier | May 23, 2013 at 03:19 PM

The comments to this entry are closed.

My Photo

Search Blog

  • Search Blog
    Google

    WWW
    voipsecurityblog.typepad.com

Become a Fan

Subscribe to this blog's feed

About

Recent Posts

Archives

Telephony Denial of Service (TDoS)