TDS Telecommunications Corp.: Warns businesses: Shut out hackers with a few basic security measures

For more information contact:
Cindy Tomlinson, Associate Manager of PR
TDS Telecommunications Corp.
608-664-4471 / cindy.tomlinson@tdstelecom.com

MADISON, Wis. (May 11, 2012)—TDS Telecommunications Corp. (TDS®) warns business owners of a serious issue facing those who own and operate their own phone systems. Voice mail and toll fraud is on the rise as hackers use corporate phone systems to find an open road to major telecom networks.

A private branch exchange telephone system, or PBX, is a phone system owned and operated by a private company. It is then connected with telephone lines purchased from a local telecom provider. TDS has been marketing PBX systems to its business customers for more than twenty years and is reminding businesses that security measures must be taken to prevent fraud.

Voice mail and long distance toll fraud are the most prevalent threats to businesses using a PBX. Hackers gain access to the phone system in order to place long distance calls directly from the business customer’s lines, those charges are then billed—and could be costly.

Although no system is 100 percent protected, TDS suggests all businesses with a PBX take the following steps to help prevent PBX hacking:

Confirm no default or unchanged factory passwords exist in the PBX and/or voicemail system.

Check that no unauthorized or additional passwords exist in the system.

Use international call blocking in the PBX and at the local/long distance switch (unless your company actually needs/places international calls).

Delete or lock all unused mailboxes.

Require all employees to change their voice mailbox passwords to 6- or 8-digit non-trivial passwords. This includes administrative, general delivery, and system manager mailboxes.

Educate employees on the importance of strong passwords and maintenance.

Businesses are encouraged to contact their local telecom provider to discuss other preventive actions, too.

“By following these suggestions, along with other modifications recommended by your PBX supplier, you can make a significant difference in the security of your PBX systems,” said Tom Canfield, vice president of commercial marketing and product development at TDS. “In an era plagued with fraudulent and opportunistic people, basic prevention measures can really pay off.”

Unauthorized access to a system is usually gained through voice mail menus protected with simple passwords (1111, 2222, 1234, etc.) or unchanged factory default passwords. Once in the system, hackers use system commands to gain dial tone and place calls that appear just like any other call originating from the business.

Many savvy hackers also know the default passwords used by switch vendors. PBX hacking can occur when the PBX vendor, or the customer, fails to change these default passwords during initial installation. Good password management policy and practice is a strong protection step.

“While we work directly with our customers who purchase a PBX from us to take the necessary precautions, we also have business customers with existing PBX equipment from other vendors that could pose a security threat,” says Canfield.

Only customers can differentiate legitimate calls from fraudulent ones. Carriers, like TDS, do not have access or permission to stop calls from happening. Each carrier must pay a portion of the call that is handled by them, so when a call is placed to an international location the domestic carrier must pay the foreign carrier, regardless of any claim of fraud. Those charges are then passed back to the customer by the local carrier. Unfortunately, a large telephone bill could be the first warning a business receives.

“Business customers are responsible for protecting their own PBX equipment from fraudulent use,” adds Canfield. “Thankfully, some basic security measures can help prevent hacking of their equipment. While we normally help set up these security settings with TDS PBX customers, many companies who already own equipment from other vendors need to pay attention to new threats to protect their lines.”

For more tips and information to prevent PBX fraud, visit http://www.tdsbusiness.com/BusinessResourceCenter.aspx.

# # #