PBX Hacking: How it Works Thursday 15 September 2016 @ 11:22


Cyber fraud is a crime usually associated with stolen credit cards and Nigerian princes. However, as more of our day-to-day activities shift online, cyber fraudsters are finding new and unusual ways to make a quick buck at your expense.

Toll fraud is a relatively new type of fraud that’s risen with the popularity of IP telephony and PBX Hacking is one of the most common types of toll fraud. It comes with a one-two punch:

Step 1. PBX Hacking

Hackers will trawl the internet using specially designed scripts, looking for vulnerabilities in a VoIP users firewall - like an open port. Once a weakness is detected, the hackers will try and authenticate their access and gain control of a PBX system. This is particularly easy if the system operator is still using the default password, or using a generic password that’s easy to crack. Once the password has been cracked, they will have control over the traffic that passes through the PBX system.

Step 2. Premium-rate phone calls

Once your PBX is in control of an overseas computer hacker, they need to turn that control into revenue before the network operator realises something is awry. The usual method is to direct your traffic to a premium-rate phone number, where you’re charged per-minute above the cost of the call connection - like an adult chat number or a psychic hotline.

It’s common for hackers to attack in the early hours of the morning to reduce the chance of detection and maximise their takings. As long as the connection is open, the fraudster’s bounty will increase by the minute.

How they get away with it 

Fraudulent phone calls will often terminate in overseas destinations with low prosecution rates for toll fraud (and low prosecution rates for most crimes). This makes pursuing hackers over international borders almost impossible. The best way to deal with toll fraud is to prevent it, before the damage is done.

Networks without adequate toll fraud protection usually won’t notice there has been a breach in security until they’re alerted by a customer who has received an exorbitant phone bill – which can be in the hundreds of thousands. Ultimately the customer or their provider have to bear this cost - a lose/lose situation.

The answer

The increasing threat of toll fraud to Symbio’s network was the inspiration behind the multi-award winning TollShield platform. TollShield has the ability to detect and block toll fraud in real-time, before the damage is done. In 12 months of monitoring Symbio's network, TollShield blocked 600,000 fraud attempts amongst an estimated 1.5 billion legitimate calls.

Learn how TollShield can protect your network.

PBX Hacking