Long Distance Theft - Your Best Line of Defence Back
Telus, 8/98

As your business grows, it could be attacked by Long Distance thieves. Theft of long distance service is big business in North America. In the United States alone, losses to toll fraud amount to billions of dollars annually.

Know the enemy

Two types of phone criminals generate the majority of toll fraud. The first are organized groups who sell stolen long distance for profit. Call-sell operations are a growing phenomenon and can result in massive losses in a very short time. Many of these operations involve seasoned cons who not only sell stolen long distance and voice-mail services, but use the services for their own illegal activities. The second type are the "Phone Phreaks" - hackers who do it for entertainment and, sometimes, for profit.

Take defensive action

Both types of these fraud criminals can, in a very short time, steal huge volumes of long distance, causing a serious financial blows to your business or organization. Knowledge is your most effective weapon in combating toll fraud. If you know your enemies and their tactics, then you can take a defensive line of action to protect your organization.

Know the enemy's tactics

Understand the danger

One of the most serious threats of toll fraud for a business is remote access fraud. Any company with a PBX or voice-mail system is vulnerable. The most commonly used PBX entry point is the Direct Inward System Access (DISA). DISA privileges are generally intended for traveling employees who call into their company's PBX, enter an authorization code, and then make long distance calls using the corporate network.

Thieves gain access to a PBX by obtaining valid DISA numbers and corresponding authorization codes. They acquire these by hacking through the system themselves, shoulder surfing, buying them from other hackers, or by digging through your trash looking for call-detail reports that list access or authorization codes and any other information that will help them break into a PBX. They may also call employees and ask for authorization codes, claiming to work for the telephone company or to be the telecom manager. Once inside the system, they can place a host of long distance calls that will be billed to the company.

Remote system administration is another area that can be vulnerable to unauthorized access. Remote system administration, or maintenance ports, allow PBX technicians to access, adjust and troubleshoot both system software and hardware components. Without proper safeguards thieves can dial into the remote access port and, once they crack the password, can reprogram the system memory to allow international calls, enable the DISA feature, turn off Call Detail Recording, and create authorization codes.

The same applies for voice-mail systems. Without proper safeguards, thieves can access these systems, and from there the public telephone network. There are also cases of thieves taking over voice-mail systems using mailboxes to exchange lists of long distance codes, coordinate drug shipments, sell stolen bank cards and Calling Card numbers, and solicit customers for prostitution rings.

Once a system has been breached, the theft of long distance can occur at an alarming rate. Some Canadian businesses have been hit for $25,000 to $30,000 in a single weekend. In the United States, one company incurred a loss of $250,000 before discovering the fraud.

Understanding the liability

Our tariffs state that if a call has passed through, or originates with the customer's equipment, the customer is liable for the charges associated with the call.

If you do become a casualty

Unfortunately, even employing the measures outlined here cannot offer a 100 percent guarantee that your company will not be attacked by long distance thieves and hackers. While a good security program will vastly reduce your risk, these criminals are persistent and resourceful.

Therefore it is important that your battle plan includes a set of policies and procedures to be followed in the event that you suspect you are a victim of toll fraud. The key is to establish your company policy ahead of time, because the meter of your long distance bill will still be running while you decide what to do.

Some actions to consider Reporting TELUS Calling Card fraud

If you suspect that any of your company TELUS Calling Card numbers have been compromised, or if an employee has actually lost a card, report it immediately by calling 1-800-561-8888, 24 hours-a-day. We will flag the card as stolen, and take measures to stop calls from being billed to it. We will also make arrangements to issue you a new TELUS Calling Card.

For more information

If you have any questions or require advice on setting up your own telephone security measures, TELUS can help. Our experts are here to assist you and answer any questions you may have about toll fraud. If you require more information, Residential Customers call 310-2255 and Business Customers call 310-3100 or contact your TELUS account representative.