Talk about protecting companies from hacking and the focus will immediately shine onto cyber security. However, there’s another threat which can cost companies tens of thousands of pounds and, thanks to Internet technology, is now much more of an issue than when it first appeared in the 1960s. One of Gloucestershire’s leading telecommunication companies is warning companies that they’re at particular risk this coming Easter holiday, and is urging them to take protective measures.
‘Phreaking’ is essentially a telephone fraud scam where an external party hacks into a private telecommunication systems in order to make free calls, typically international ones or high-cost phone numbers. Characteristically, the hacker picks a weekend or bank holiday when the company’s premises are unlikely to be occupied and, therefore, the activity will go undetected.
“Companies don’t realise that phreaking can have serious consequences” said Claire Maddox, Company Director of Eurolink Connect, the Stonehouse-based telecommunications specialist. “Unlike credit card fraud, no compensation is available because the calls originate from their own, registered phone numbers. The current cost of a phreaking attack averages between £10,000 - £16,000. Even Scotland Yard has been subjected to phreaking.” She continued.
Phreaking began in the 1960s and hacked into the old landline systems but was a low-level risk. Some of the figures who are now reputable members of the corporate world, such as Steve Jobs (his hacker name was Oaf Tobar), Steve Wozniak (aka Berkeley Blue), and John Draper, were involved in those early days of phreaking. John was known as Cap’n Crunch and used nothing more technical than a toy whistle given away in cereal packets in America during the mid-1960s to meddle with AT&T’s long-distance trunk lines.
Since then, the introduction of broadband, VoIP and new technology means the hacker can gain access in a matter of minutes to a phone system. Companies are particularly vulnerable if they use multiple phone lines, have part-time staff, or are closed for long periods of time. The latter instance makes schools and colleges especially at risk from phreaking, not good news given the recently announced re-organisation of school funding from Government.
Eurolink Connect is offering advice to help companies protect themselves. There are straight-forward ways to greatly reduce the risk of a phreaking attack:
• Choose strong passwords with numbers and letters and remember to apply this to voicemails
• Bar specific numbers in order to block premium rate calls, calls to overseas numbers etc
• Set up a call recording system which produces daily records or alerts that enable tracking of calls and highlight unusual call patterns
• Avoid trunk-to-trunk calls (used for conference calls and direct dial to voicemails) if these facilities aren’t needed
Claire highlights that there are also technical processes that can be added to telecommunications’ systems to provide improved protection:
“Woodford Medical Centre in Loughborough was subject to a phreaking attack on a bank holiday Saturday but special threshold controls that we’d introduced on the phone lines detected the threat. We were able to prevent the criminals from running up a bill of thousands of pounds. This was obviously much appreciated by an organisation juggling their NHS funding.”