Attackers hacking into companies’ phone network, using it to place mass phone calls to premium-rate telephone numbers is not a new occurrence – they have been doing it for a while now, targeting mostly small companies in first-world countries like the US.
The hackers in question, or the people who hire them to do it, are difficult to identify and arrest. The 2011 arrest of four individuals based in the Philippines who executed this type of scheme and saddled targeted companies with over $2 million in phone bills is one of the rare instances where law enforcement from two countries worked together and managed to apprehend the criminals.
A recent example of this type of fraud has been reported on by Nicole Perlroth. Earlier this year, an architecture firm from Norcross, Georgia, had its phone network hijacked by hackers who, in a single weekend (when there is no one in the offices to notice), made $166,000 worth of calls from the company’s phones to premium-rate telephone numbers in Gambia, Somalia and the Maldives.
The company’s carrier, TW Telecom, is asking the company to pay the bill. The company is disputing the charges, and has asked local law enforcement, the FBI and the DOJ for help in tracking down the attackers.
But, as noted before, chances of an arrest are slim, and the firm could end up paying some if not all of the amount on the bill, because unlike credit card companies, carriers are not forced by law to reimburse victims of this type of scam.
“Major carriers have sophisticated fraud systems in place to catch hackers before they run up false six-figure charges, and they can afford to credit customers for millions of fraudulent charges every year,” Perlroth pointed out. “But small businesses often use local carriers, which lack such antifraud systems. And some of those carriers are leaving customers to foot the bill.”
Until there is a law protecting the companies in these situations – and there should be, as this type of communications fraud is on the rise and, according to the Communications Fraud Control Association, cost victims around the world $4.73 billion last year – the only thing they can do is to secure their phone networks as best as possible by using strong passwords for voice mail systems and for placing international calls, and by turning off call forwarding.