NEW YORK-Businesses, not individuals, are becoming the victims of choice
in the thriving crime of telephone fraud, industry experts think.
Phone fraud accounts from $500 Million in losses, or about 1 percent of
the $50 billion in revenues earned by long-distance carriers annually, says
the Communications Fraud Control Association, a group based in McLean, Va.
Traditionally, long-distance schemes consisted mainly of calling-card
fraud - mostly unauthorized use of individual's or bussinesses'
carrier-issued calling-card billing numbers. Other phone service thieves
used so-called "black boxes" that emit a tone to allow access to
long-distance lines.
But individual calling-card fraud is being taken over rapidly by another
scheme - one that victimizes bussiness telephone systmes called private
branch exchanges or PBXs.
"Abusers are now going after the more vulnerable PBXs and are having
a field day." said Rami Abuhamdeh, whose fraud-control association is
financed by telephone companies and law enforcement agencies.
PBXs schemes focus on a feature on the phone system that allows
company employees to dial into the home office - usally on 1-800 or
WATS line - from outside. Then, after punching in a personal
identification number, they get a second dial tone and can make calls
as if they were sitting at their desk.
Calls made using this feature, called reorigination, allow the company
to save the additional charges that long-distance carriers assess for
calling-card use.
To get the three- to four didit security codes, computer hackers use
programs on thier own personal computers. Equipped with a telephone
modem the hackers can automatically dial numbers sequentially until they
hit upon the right combination to access an outgoing line.
A hacker can even start the program before he goes to bed and by the
time he wakes up in the morning, he'll have the cde number, said Bob Fox
of United Telecom.
Abuhamdeh said that thieves are focusing on PBXs in part because larger
long-distance companies have increased their security against calling-card
fraud.
Access codes also have been sold by disgruntled employees at some
companies. Fox said calling-card fraud at United Telecom's US Sprint
is down to insignificant numbers. But for businesses victimized by
PBX fraud, losses can be staggering.
Fox said $30,000 to $40,000 in extra charges is not unusual. Among
the most innovative attempts at eliminating remote-access fraud is a
device deleloped by US Sprint that can recognize the precise voice
pattern of a legitimate customer.
The customer, after registering his voice pattern with the long-distance
carrier, simply says his identification number into his phone and the voice
recognition device verifies the user's identity.
"It applies to both long-distance companies and PBX users. The
technology is at point right now where it's changing every day and becoming
better," Abuhamdeh said.
Companies can take immediate steps to fight against PBX fraud by
increasing remote-access code numbers to as many digits as the system allows
and not using numbers in sequential order, Fox said.
Fox also recommends that companies turn off the reorigination feature
of a PBX during hours when the system is not normally used and review
remote-access records as frequently as possible.
CRIME CALLS
The different kinds of telephone fraud and estimated ammual losses in
millions of dollars:
Institutional Fraud: Fraud originating at colleges, military bases and
prisions.
Subscription Fraud: Phone users who don't pay accounts, use fictitous names,
etc.
Electronic Long-Distance Fraud: Hackers with personal computers use modems
to connect to other computers by illegally using long-distance lines.
Flat-Rate Multilevel Marketing Schemes: One person sells flat-rate
long-distance service to some of his friends; they in turn sell it to thier
friends, etc. (Not all such operations are illegal.)
Call sell Schemes: Someone operating out of a pay phone or residence sells
long-distance usage, using unauthorized billing numbers to pay for the
calls.
-SOURCE OF INFORMATION: Communucations Fraud Control Association, The
Associated Press.
������������������������������������������������������������������������������
-Check Out iXP's Infoletter #1, And Infoletter #2 (When Available)
