PBX/Dial-Through Fraud Threat to Schools
20 December 2016
The purpose of this alert is to provide knowledge and prevention advice to help schools protect themselves from PBX and dial through fraud.
We have been made aware of a new type of fraud targeting Kent schools known as PBX Fraud. This entails external hackers taking over control of the school telephone network, routing international or premium calls through it and building up huge telephone bills. This can amount to tens of thousands of pounds lost and you are only likely to realise once the telephone bill is received some weeks later.
Schools are strongly advised to read the alert (PDF, 424.3 KB), passed to us by Kent Police and to follow the advice to protect your telephone network from being accessed.
Within the alert is the following protection and prevention advice which we would like to draw your attention to:
- If you still have your voicemail on a default PIN/password change it immediately.
- Use strong PIN/passwords for your voicemail system, ensuring they are changed regularly.
- Disable access to your voicemail system from outside lines. This is usually used for remote workers to access. If this is not business critical then disable it or ensure the access is restricted to essential users and they regularly update their PIN/passwords.
- If you do not need to call international numbers/premium rate numbers, ask your telecoms provider to place a restriction on your telephone line.
- Consider asking your network provider to not permit outbound calls at certain times e.g. when your business is closed.
- Ask your telecoms provider to alert you immediately if there is any unusual call activity taking place on your telephone lines.
- Ensure you regularly review available call logging and call reporting options, regularly monitor for increased or suspect call traffic.
- Secure your exchange and communications system, use a strong PBX firewall and if you don’t need the function, close it down.
- If you use a maintenance provider speak to them or ensure that the person responsible for the PBX understands the threats and ask them to correct any identified security defects.
- Consider consulting an IT telecoms professional to ensure your settings for your PBX systems are secure and the settings have been properly set up.
If you would like to discuss any of this further, please contact your Area Education Officer:
East Kent | South Kent |
North Kent | West Kent |