Recently, a travel agency in Redlands, California was shocked when it received a $117,000 phone bill. According to the report, hackers used the firm’s call forwarding and international long-distance services to commit the fraud, making over 5,000 minutes worth of overseas calls which cost about $7 a minute using the travel agency’s telecom network.
While telecom carriers have sophisticated systems in place to prevent fraudulent charges on customer’s lines, these systems are not perfect. Enterprises need to do their part to proactively establish their own systems. And when these measures fail, telecom managers need to have their own programs that will detect erroneous charges.
In this case, the early warnings were ignored. A few days before the $117,000 hack, there were two smaller breaches in which the network was overrun and calls to the travel agency were re-routed to an adult hotline. These breaches were quickly detected and corrected. However, over the July 4th holiday, a new breach where the network was used for long distance calls to Africa was not detected until those massive charges were rung up.
There are steps enterprises should take to prevent fraud:
1) Access to passwords for sensitive areas related to telecom services needs to be limited.
2) Passwords need to be changed on a regular basis and if there is a security breach, passwords need to be changed immediately.
3) Enterprises need call accounting systems to monitor call activity. Thresholds should be set to alert telecom managers based on call activity, volume, and geographic locations. If an organization doesn’t typically call certain regions, this activity should be detected early so telecom managers can investigate the calls.
In this case, Verizon did not require that the travel agency pay the bill and submit a claim afterwards, but many enterprises are not that fortunate and many hacks are never detected. Telecom Expense Management (TEM) programs can help by establishing thresholds on telecom expenses to proactively alert stakeholders when something is amiss in the network. Without the proper tools in place, enterprises open themselves up to a wide range of vulnerabilities that could potentially cost thousands of dollars in a very short period of time.