Protecting schools from PBX fraud
Protecting Schools from PBX Fraud
Schools across the UK are being targeted by phone hackers, leaving unprotected schools with extortionate telephone bills. Why do phone fraudsters target educational establishments in particular? Because the long schools holidays, especially the Christmas break, provides the ideal opportunity for hackers to dial into a school’s phone system undetected and make calls to premium rate overseas numbers. Often the increased call usage will not be noticed until the first day of term, by when the hackers will have run up thousands of pounds worth of calls.
What is dial through fraud?
PBX or dial through fraud occurs when hackers gain access to a school’s telephone system and use it to make a high volume of calls to premium rate or overseas numbers to generate a financial return. The hackers will most likely receive a share of the revenue generated by the calls.
PBX or dial through fraud is most likely to occur when organisations like schools and colleges are most vulnerable ie during times when educational establishments are closed but their telephone systems are not, for example in the early hours of the morning, over a weekend or bank holiday or during the holiday periods.
Dial through fraud in schools
The National Fraud Intelligence Bureau (NFIB) reports that it has seen a significant rise in the number of reports made in relation to this type of fraud. Around 6% of the total of these reports relate to a school or college, although this is only based on what is reported and the figure could be much higher.*
As to how much PBX fraud has cost schools, since 2012 Action Fraud has recorded the total losses to schools of this type of fraud to be £186,923 which is an average loss of £1,683 per school.**
According to Schools Week, Essex police logs show officers investigated three reports of school phone scams involving calls diverted to a premium rate number. One school was left with a bill of £1,000 another totalled £900 and a North Yorkshire school lost £4,020 after its phone lines were hacked.
Steps to help schools protect themselves against phone fraud
Schools can protect themselves from being a victim of PBX or dial through fraud and reduce the risk of their school or college becoming a victim. Here are some of the actions that schools can take to guard against dial through fraud.
- Change voicemail administration password and PINS from the default
- Ensure staff use strong PIN numbers or passwords for voicemail and ensure they change them regularly
- Disable access to your voicemail system from outside lines (usually used for remote workers)
- Ask your telecoms provider to place a restriction on calling international numbers/premium rate numbers
- Ask your network provider to not permit outbound calls at certain times e.g. when your school is closed
- Ensure you regularly review available call logging and call reporting options, monitoring for increased or suspect call traffic
Limiting a schools liability to fraud
Telecoms provider STL can help to restrict a school’s exposure to fraud costs. STL’s SafetyNet immediately cuts off all lines if the call cost rises to over £150 in a 24-hour period. STL then alerts the customer to report that unusual call activity has taken place on the telephone lines. This limits your liability to a maximum of just £100 regardless of the cost of the fraudulent calls.