PABX Fraud - How to protect your Business

PABX Fraud - How To Protect Your Business


Important information on how you can better protect your business against unauthorized PABX access.


PABX Fraud, also known as Toll Fraud, causes multi-million dollar losses to organisations each year. This is now beginning to have a substantial impact on business’ in Australia.

Who Pays The Bill?

PABX fraud results in substantial unauthorised call charges being incurred on your telecommunications accounts.

As a company, you are responsible for maintaining the security of your phone system. In some instances, your carrier may alert their customers to possible PABX security breaches, but it is not responsible for the security maintenance on your system. Likewise, Samsung Communications Centre is limited to advising you of the possible threat and ways in which you can better protect your particular Samsung system.

No responsibility will be taken by Samsung Communications Centre should your PABX system become compromised. At the end of the day you will be required to pay any charges generated as a result.

How Do They Do It?

Hackers fraudulently use a company’s PABX system to make long distance telephone calls, usually to obscure international destinations at no cost to themselves. The costs are bared by the organisation and can be quite considerable.

The more sophisticated PABX systems become, so do the hackers and their software. Hackers exploit weaknesses in the company’s PABX system by figuring out voicemail passcodes and gaining access via the ‘Direct Inward System Access’ (DISA) point of the PABX. Once they penetrate the voicemail they are then able to make international calls.

The fraudsters will often then either on-sell the calls as a phone operator themselves or they may even divert the calls to their own premium rate services. Both methods derive income for the hacker, while the business is left with the bill. Due to the unlimited numbers of lines that most PABX systems have, the cost to the business can escalate rapidly as many calls can occur during any one time. The hacker will often breach the system late at night when the business is not operating so they can attempt to avoid detection.

How To Protect Your Business:

Here are just some of the ways that you, personally, can protect your system:

• Regularly change your personal and group voicemail box passcodes
• Do not use default passcodes such as ‘0000’ or ‘1234’
• Block all international calls access unless absolutely necessary
• Block international call access to countries that you don’t usually dial
• Ensure your PABX admin access unit is kept in a secure location
• Look for heavy call volumes at nights or on weekends and public holidays
• Review system call records for discrepancies and unusual use

Ways in which a technician can assist to increase the security of your telephone system:

• Disable any call forwarding or outbound call ability from your voicemail ports
• Cancel any unused voicemail boxes
• Update the passcode for voicemail administration access
• Restrict the ‘after hours’ outgoing call access
• Disable DISA access unless absolutely necessary

What To Do Next

We suggest you begin by following the steps to protect your business as outlined above. If you would like to enlist the assistance of a technician to consult with you on further securing your Samsung PABX please contact us or call our help desk on 1800 333 033.