There are several ways that your telecommunication services may be fraudulently accessed and utilized, which is unfortunately a broad industry problem, out of the control of your provider.

However it is possible to take steps to minimize fraud exposure on your network.  The following is some useful information to help you with this problem.

Voicemail Fraud

• Hackers usually break into voice mail after business hours including weekends and holiday weekends, when callers will not be calling; thus, the changing of the outgoing message goes unnoticed.

• Hackers are typically based internationally, with calls frequently originating in and/or routed through the Philippines or Saudi Arabia.

• Businesses that are victimized usually find out about the hacking when their phone company calls to report unusual activity or exceptionally high phone bills. (The fraud usually occurs on business voice mailbox systems, but consumers with residential voice mail could also become targets.)

• Consumers who are victimized may find out about the hacking when they receive unusually high phone bills.

What You Should Do to Prevent This Risk

To avoid falling prey to this scam, the FCC recommends voice mail users do the following:

• Always change the default password from the one provided by the voice mail vendor.

• Choose a complex voice mail password of at least six digits, making it more difficult for a hacker to detect.

• Change your voice mail password frequently.

• Don’t use obvious passwords such as an address, birth date, phone number, or repeating or successive numbers, i.e. 000000, 123456.

• Check your recorded announcement regularly to ensure the greeting is indeed yours. Hackers tend to attack voice mailboxes at the start of weekends or holidays.

Consider blocking international calls, if possible; and

• Consider disabling the remote notification, auto-attendant, call-forwarding, and out-paging capabilities of voice mail if these features are not used.

The FCC advises consumers to consult with their voice mail service provider for additional precautions they can take to assure the security of their voice mail systems.

If you believe your system has been hacked, call the phone company and report the incident to the police.

Filing a Complaint with the FCC

Consumers who become victims of this scam are encouraged to file a written informal complaint with the FCC. There is no charge for this.

Your complaint letter should include your name, address, telephone number or numbers involved with your complaint, a telephone number where you can be reached during the business day, and the name of your long distance carrier. Your complaint letter should provide as much specific information as possible, such as:

• an explanation of the circumstances that led to your complaint;

• the names of all telephone or other companies involved with your complaint;

• the names and telephone numbers of the telephone company employees that you talked with in an effort to resolve your complaint;

• the dates that you talked with these employees; and

• any other information that would help the FCC to process your complaint.

You should mail your complaint to:

Federal Communications Commission
Consumer & Governmental Affairs Bureau
Consumer Inquiries and Complaints Division
445 12th Street, SW
Washington, DC 20554

To file a complaint electronically, go to www.fcc.gov/cgb/complaints.html.  You can file by e-mail at fccinfo@fcc.gov or fax your complaint to (866) 418-0232.

Toll Fraud

Toll fraud is a specific criminal act that occurs when a hacker dials into a PBX, key system or other managed telephone equipment and then probes the system for a weakness that will provide an outside telephone line. Once the outside line is obtained, calls may be made anywhere in the world and toll fees will be charged to the owner/operator of the PBX, key system or voice mail.

As stated in your service agreement, your company is responsible for securing its network and phone system from hackers. If the root cause of the fraud is in your phone equipment, your company will be held responsible for the fraud calls.

GUIDELINES: (Please consult with your PBX and/or voicemail vendor regarding the following guidelines.)

• Check administration security codes for both the PBX and voicemail systems.

• Newer PBX’s can be Internet enabled. Please verify this with your PBX vendor. Hacking can occur through the Internet into your PBX.  Ask your vendor to check for inbound data spikes that may appear to be inbound hacking activities. If there is no need to have an Internet enabled PBX, ask your vendor to disable it.

• The PBX vendor should be able to identify which phone line(s) placed the fraud calls.

• All voicemail boxes must be checked to identify if there are any existing boxes set up with the default code, soft pin or extension.

• All voicemail boxes must have hard security codes.

• Hackers, who have compromised a voicemail box(s), will preprogram the fraud destination number(s). After they have preprogrammed the destination number (s), they use the transfer feature, pager feature, and or zero out feature to place their calls out. The vendor should be able to identify which feature was used.

• The hackers can also pre record a message stating “yes” yes”. This will allow the hackers to place collect calls.

• Disallowing remote access in the PBX and voicemail minimizes fraud exposures.

• Block all international countries in your PBX or phone systems that are not called.

• Block third party and collect calls in the PBX or phone system.

• Block Casual Calling (1010) in the PBX or phone system.

• Hackers will also place fraud calls going through different long distance carriers. There are many long distance carriers such as AT&T and MCI that allow calls to complete through their network without being a subscriber. If billed by these carriers, the international rates are very high.

• If you receive a bill from another carrier on the fraud calls, TelePacific Communication’s Fraud / Loss Prevention Department will provide your company a letter of confirmation, that fraud had occurred on your telephone line (s).

• TelePacific Communications is not financially responsible for any billing that you may receive from another carrier, relating to your fraud incident.

• Keep phone rooms locked.
• Always validate credentials of all technicians that visit your sites.

• Fraud perpetrators can gain access to unsecured phone rooms. If this occurs, a device is directly clipped on to your telephone line (s) to place fraud calls.

• If your phone room is not locked. You must check for an unusual device clipped on.

• Social Engineering is a fraud perpetrator who calls into a business establishment pretending to be a technician for a phone company. The perpetrator will manipulate the party into pressing certain digits on the telephone keypad, allowing the perpetrator to place free long distance calls. The party will be charged for the long distance calls. When these types of calls come in, please report the call to the Fraud Department.

• Do not transfer callers to 900. This is a fraud scam. Dialing 9 for an outside line and 00 will give the fraudster a long distance operator.

If you receive a telephone call from a third party carrier reporting long distance international calls going through its network. Contact the Fraud/Loss Prevention Department immediately at (866) 839-8545.

Modem Hijacking

Possible Steps to Prevent Modem Hijacking (Sometimes used to make fraudulent long distance calls from your computer and billed to your telephone number.)

• Turn off your computer and modem when they are not in use.
• Unplug phone connections from the modem when a modem is not in use.
• Raise the volume level of your modem, so that you are aware of a redial.
• Be aware when visiting sites of questionable content, or avoid such sites entirely.  A number of sites download surreptitiously onto consumers’ hard drives.
• Monitor your child’s use of the Internet.  Consider using blocking software to keep children from questionable sites – adult, gambling, etc
• Do not download from an un-trusted web site.
• Close pop-up windows by selecting the, “X” button in the upper right hand corner, rather than any other embedded icons.
• Keep your operating system current with patches and updates.
• Ensure that Internet dial-up access numbers are on your local telephone plan and delete unknown access numbers.
• Consider installing anti-virus software and update regularly.
• Disable ActiveX
• Software exists to prevent such fraudulent activity.  Web sites where anti-virus or trial version of anti-virus software has been made available include:
• www.symantec.com
• www.mcafee.com

Disclaimer of Liability.  Regarding the foregoing possible steps to prevent voicemail fraud, toll fraud or modem hijacking, neither TelePacific Communications nor any of its affiliated companies shall be liable for any errors, inaccuracies or for any actions taken in reliance thereon. TelePacific Communications only provides the telecommunications path for voice and data two-way communications.  TELEPACIFIC COMMUNICATIONS EXPRESSLY DISCLAIMS ALL WARRANTIES, EXPRESSED OR IMPLIED, AS TO THE EFFECTIVENESS OF THE SUGGESTIONS ABOVE OR THE ACCURACY OF ANY OF THE CONTENT PROVIDED, OR AS TO THE FITNESS OF THE INFORMATION FOR ANY PURPOSE.  Contact your voice, data, computer or broadband expert for information on the security of your connection to the Internet.