Plugged.In: Kris Richards

Kris Richards, president of Insight Technology Solutions Inc., co-authors this weekly column with Steve Cerocke, founder/president of IQ Systems Inc. of Reno.

There are many telecom hacking scams that can cost a company thousands of dollars. Most can be prevented by providing training for staff and implementing policies to assist staff in discerning between "hackers" and legitimate phone requests. If you own or manage a business, these are two that have been on the rise, and you should be aware of them to mitigate your exposure to toll fraud.

This first situation occurs when Hackers are able to crack a Voice Mail box password or the administrators Voice Mail box. Once a Hacker has taken control of a Voice Mail Box or the administrator's box, they can setup offsite forwarding of calling to any location by simply calling the extension in the system they have taken over and forwarding calls offsite. Most of these scams are set-up to call out of the country. I have seen this scam cost a business thousands of dollars in a very short period of time.

Solution: Do not use simple passwords in Voice Mail. A common mistake occurs when users setup their Voice Mail box password to be the same number as their extension number. Passwords should be a minimum of four digits, somewhat complex, i.e. never use repeating numbers or sequential numbers, like 2222 or 1234. Passwords should also be changed at least twice per year.

The other common scam occurs when receptionists receive calls from hackers attempting to use "them" as the conduit for illegal calls. Unfortunately, staff can be unwilling participants by following deceptive instructions from callers. This occurs frequently in mid to larger size businesses:

A call comes in and the caller is claiming to work for the telecom service provider. The caller claims to be a service technician responding to a problem related to your phone lines or system. The employee is asked to enter a series of digits into the phone for testing purposes. If the employee complies, the cooperative employee has potentially given access to your company's phone lines. The caller now has a gateway to make calls through your long distance service. Calls can be made all over the world using this method and your employee is unaware that he or she facilitated the individual. Your company is also liable for the bill!

Solution: First, train your staff to discern between suspicious phone requests and regular customer calls. Second, setup a procedure for telecom service providers to go through a specific department or person when working on your system. Additionally, consider a password for vendors to use when they are legitimately testing on your system remotely. Employees should be comfortable asking for names, nature of the service and a supervisor's name and number. Confirming the nature of the work with the telecom company is not unreasonable.

Training is the most effective tool to combat most telecom scams and reduce the threat of becoming an unwilling conduit for scammers.

Kris Richards is president of Insight Technology Solutions Inc. at 6880 So. McCarran Blvd Ste 2, Reno Nv 89509

۩

Kris Richards, president/founder of Insight Technology Solutions Inc. of Reno, can be reached at 419 West Plumb Lane, Reno; 331-6555; krichards@insight-ts.com; http://www.insight-ts.com/.

This article does not have any comments associated with it