Who You Gonna Call? Premium-Rate Hotlines, Apparently
Someone’s Calling out in the Night
In the spirit of Halloween, let’s start off with a spooky scene.
Imagine an office. Everyone has already left for the weekend, leaving the office completely empty. The doors are locked, and no one can get in. It’s pitch black, and not a soul is in sight. But someone, somewhere… is calling from inside the house.
That was the scene at Bob Foreman’s architecture firm on a certain weekend last March (give or take a little spookiness). Foreman and his six other employees had clocked out for the weekend, but somehow over two days, their company racked up $166,000 worth of phone calls—giving them quite a frightful shock when they finally got their phone bill that month.
So was it a ghost that had snuck into Foreman Seeley Fountain Architecture on Friday night, dialing up all its ghost friends for a bit of a ghost talk?
Turns out, it was a much less supernatural, but much more sinister force at work. Hackers had broken into the architecture firm’s phone network and routed hundreds of calls from the company to premium-rate telephone hotlines, specifically located in Gambia, Somalia, and the Maldives.
A classic fraud scheme finds new life
This type of scheme has been around for ages, but now that most corporate phone lines run over the internet, it’s become easier and more profitable than ever for fraudsters. Though major phone carriers are prepared to fend against this type of attack (and have the money to pay up should their clients fall victim), local carriers often do not have the resources for antifraud protection. As small businesses are more likely to use local carriers, they are especially at risk for fraud – and results in $4.73 billion of fraudulent charges each year.
What makes this type of phone fraud particularly dangerous is that, unlike credit card fraud, where the credit card companies have regulations that require them to reimburse their customers, there are no such regulations in place that require phone companies to pay up in the same way.
So how does this fraud scheme actually work?
First, hackers sign up to lease a premium-rate phone number, using web-based services that will charge callers about $1/minute and give their lessees a cut of the profit. Usually, hotlines based in the United States are better regulated and will inform their callers that they will be charged high rates. But when the hotlines are based in Latvia and Estonia, callers may not be as aware of what they’re getting into.
Then, the hackers will break into the phone system of an unsuspecting business and make calls from their phone lines to their hotline, racking up the charges. With high-speed computers, they can rack up substantial charges simultaneously by forwarding as many as 220 minutes worth of calls per minute to their premium-rate hotline. Finally, the hacker gets his cut of all the charges – for hundreds of calls that no one actually made.
Now that’s scary.
Use hotlines for good
While there are people out there smearing the good name of telephone hotlines, you’ll want to protect your phone bill by doing a couple simple things: turn off call forwarding and set up tough passwords for your voicemail as well as for placing international calls.
There are a few things you can do to protect your company from fraud too, and it involves a whistleblower hotline that is only there to help you and your employees. If you implement an independent ethics reporting system, such as the one that Whistleblower Security provides, they will provide a 24/7/365 whistleblower hotline that is always ready to listen to any concerns you may have about internal wrongdoing.
Now that’s a beneficial call to make.