Nationwide Fraud autumn 2014 update
City of London Police highlight a selection of prevalent fraud crimes. Be alert to these types of fraud and share this information with your colleagues and friends.
Protect your PBX from external attack
Private Branch Exchanges (PBX) are systems which enable organisations to allow improved communication both internally and externally. PBX/dial-through fraud occurs when hackers target these systems from the outside and use them to make a high volume of calls to premium rate or overseas numbers to generate a financial return.
This type of crime can take one of two forms:
Criminals use auto-diallers to identify systems which are easy to hack into, especially voicemail.
The system is subject to a sustained cyber attack to establish the pass code that will give them access to the PBX system itself. This can be relatively straightforward as often victims leave the password/code on default settings.
Once access is gained, the criminals can exploit in-built services, such as message forwarding and call diversion, and can make calls on the organisation’s account.
The criminals can make their money in two ways:
Dialling premium rate numbers to which they are affiliated.
Dialling international numbers through the compromised telephone system, especially to Eastern Europe, Cuba and Africa.
The victims are often small to medium-sized businesses, but the NFIB has also noticed that a number of schools, charities and medical/dental practices are being targeted, with losses sometimes up to tens of thousands of pounds. It is anticipated that these types of organisations will be subjected to increased victimisation as criminals identify common flaws in security procedures.
This type of fraud is most likely to occur when organisations are most vulnerable, i.e. during times when businesses are closed but their telephone systems are NOT, for example in the early hours of the morning or over a weekend or public holiday.
Maintain vigilance against telephone divert fraud
As highlighted in a previous City Security article, the NFIB has seen an upsurge in the reporting of telephone divert fraud across the UK, and is concerned that doctors’ surgeries and other healthcare facilities are becoming increasingly targeted.
Fraudsters are identifying weaknesses in these sectors and exploiting them quickly – putting surgeries and healthcare centres in the firing line for the next few months.
Organisations commonly lose tens of thousands of pounds to this crime type and they, rather than their telecoms providers, are liable for that loss. The good news is that protection from this crime type is relatively easy, so I would urge people with responsibility for telecoms systems to speak to their providers to restrict international and premium rate calls and to ensure that all users change their PIN codes for voicemail services regularly.
Check the caller is a legitimate computer software tech support company
Individuals are continuing to fall victim to ‘Computer Software Tech Support’ phone calls. Fraudsters are using the names of well-known companies to provide legitimacy, informing the victims that there is a problem with their device and they require remote access to resolve the issue. Once access is gained, the fraudsters will request payment for work that has not been completed or even access online banking accounts.
Fraudsters contact victims via telephone, claiming they are aware of errors on their computer and that the problem can be resolved if remote access control is granted. Fraudsters claim to be from a variety of computer service companies, making use of well-known company names.
If remote access is not granted, fraudsters may become aggressive. The fraudsters appear to carry out work on the computer, deleting files and installing new programs, for which they will then demand the victims must pay a fee. Fraudsters may even access the victims’ online banking accounts and remove funds through the remote access that was granted.
Be careful of buying vehicles on internet (when price seems too good to be true)
Vehicle Escrow Fraud is still a big problem and volumes have peaked this summer. The victims will see an advertisement for a vehicle on the internet below market value. The victims are tempted to make payment for the vehicle without it being seen in person, usually because the seller is out of the country on work. Payment is enticed by a spoof email guaranteeing ‘buyer protection’, however no protection exists and the funds are remitted directly to the fraudster/money mule’s bank account and no vehicle materialises.
To make a report of fraud or cybercrime, please visit www.actionfraud.police.uk