What to do if you’ve experienced PBX dial-through fraud

What is PBX dial through fraud?

PBX fraud, also known as dial-through fraud, is when your phone system has been compromised and a multitude of premium calls are being put through your system. PBX stands for ‘private branch exchanges’.

The first time you may know this has happened is from an unusually high phone bill.

First steps

  1. Disconnect the phone system immediately
  2. Contact your telephone provider to log the date and time of the suspected attack so that they can monitor outbound call destinations

Who to contact

  • Action Fraud
  • Call your telephone provider and set up call logging on any system that is suspected to be part of fraud

Follow up action

  1. Restrict calls to destinations that should not normally be called, premium rate calls, overseas or any directory enquiry services.
  2. Set voicemail up securely on your system and disable voicemail access from outside lines.
  3. Set up secure pins for access to remote voicemail.
  4. Put restrictions on any extension that must have access to the outside line using voicemail.

Next steps

  1. Disallow access to the administration facility of the PBX. Configure any networked telephone exchanges to restrict support companies from calling in from outside the PBX to dial calls as if from one of the extensions.
  2. Regularly change passwords for the administration interface and make sure they are random.
  3. Configure the administration modem to only answer from a single telephone number.
  4. Avoid auto features and ensure interactive voice response and auto attendant options for accessing outside lines are removed.
  5. Ask your telephone provider to set up monitoring and to cut off services if they exceed pre-agreed thresholds.

For further advice, visit Get Safe Online