Page contents

What to do if you’ve experienced PBX dial-through fraud

PBX fraud, also known as dial-through fraud, is when your phone system has been compromised and a multitude of premium calls are being put through your system. PBX stands for ‘private branch exchanges’.

The first time you may know this has happened is from an unusually high phone bill.

Disclaimer

The advice and information provided on this website are for general informational purposes only. While we strive to offer accurate and helpful content, we do not take responsibility for any actions taken based on the advice provided. Users are encouraged to exercise their own judgment and discretion when implementing any recommendations. We make no guarantees regarding the outcomes or results of following any advice, and assume no liability for any consequences resulting from its use.

First steps

In the event of PBX fraud you should start by:

  1. Disconnect the phone system immediately.
  2. Contact your telephone provider to log the date and time of the suspected attack so that they can monitor outbound call destinations.

Who to contact

You should flag the PBX fraud to the following people:

  1. Action Fraud.
  2. Call your telephone provider and set up call logging on any system that is suspected to be part of fraud.

Recovery

You can try the following actions to recover from PBX fraud:

  1. Restrict calls to destinations that should not normally be called, premium rate calls, overseas or any directory enquiry services.
  2. Set voicemail up securely on your system and disable voicemail access from outside lines.
  3. Set up secure pins for access to remote voicemail.
  4. Put restrictions on any extension that must have access to the outside line using voicemail.

Further action

You should consider the following actions following PBX fraud:

  • Disallow access to the administration facility of the PBX. Configure any networked telephone exchanges to restrict support companies from calling in from outside the PBX to dial calls as if from one of the extensions.
  • Regularly change passwords for the administration interface and make sure they are random.
  • Configure the administration modem to only answer from a single telephone number.
  • Avoid auto features and ensure interactive voice response and auto attendant options for accessing outside lines are removed.
  • Ask your telephone provider to set up monitoring and to cut off services if they exceed pre-agreed thresholds.

For further advice, visit Get Safe Online