Your business isn’t too small or too local for hackers

NOTE: This first appeared in the March 18 issue of the Daily Herald Business Ledger

As a small or medium-sized company doing business regionally, you probably think you’re too small to have your conference system hacked by international criminals.
Or, while you’re running your weekly sales strategy conference call with your sales team, you’re probably not thinking someone outside the company could be listening to your group discuss sensitive or confidential material.
But Robert Bellmar says it’s that approach that makes small and medium-sized businesses vulnerable to hackers and corporate spies. Bellmar, senior vice president of Chicago-based conferencing services provider InterCall, notes telecom fraud is a global problem that is feeding international organized crime.
“It’s an everyday occurrence,” Bellmar said. “The conference call is the perfect place for (criminals) to continue to fraud and make money.”
Telecom fraud has become a huge problem. Losses to global businesses are around $40 billion, according to the Roseland, N.J.-based Communications Fraud Control Association, while Houston, TX, tax consultancy UNY Advisors estimates annual fraud costs in the neighborhood of $1 trillion.
As a result, telecom security has grown into a is big business, according to industry analyst Gartner Inc. Corporate spending worldwide on security in 2012 was up 8.4 percent to $60 billion, and Gartner estimates spending could reach $86 billion by 2016.
Bellmar notes there are typically two types of fraud that result from hacking conference lines. The first is called a calling card scheme, where the hacker will call a business’ conference bridge and continually enter passcodes until he finds one that works. The hacker will then sell the passcode, which is used as a calling card, only the hacked business is charged for calls.
“They make money on the transaction of the passcode,” he said.
The second type is what Bellmar calls a “classic call pumping scheme.” The criminal uses international premium rate number — similar to a 900-number in the U.S. — but that number would not be recognizable to an average business. Hackers use the business’ conference bridge to access that premium number, so charges are occurred by the business.
“It looks like a normal number, just that it gets charged at a premium rate,” he said. “So what happens is they’re making money on the number they own, but they’re generating revenue through the hacking of someone’s system.
“You can be liable for those calls, and that can rack up very fast,” Bellmar added. “It’s not that uncommon for an hour or two of usage to bring you up to $10,000 on your phone service. It can happen quite quickly.”
Bellmar said companies across the U.S. are constantly being hit by hackers, primarily from countries like Belarus and San Marino, using call centers and “war dealers” — phone systems with hundreds of dealers constantly entering sequential phone numbers.
“The scale of organized crime in this is huge. On a weekend we’ll see hundreds of simultaneous connections from fraudulent organizations trying to compromise us,” Bellmar said. “That’s call centers and war dealers shooting at our environments trying to compromise them in order to build up their base of codes they can sell.“That’s not a small organization.”
Another area of concern is corporate espionage, when a hacker breaches a conference call. Bellmar notes this issue gained notoriety in 2012 when an international conference call on corporate espionage hosted by Scotland Yard in London was hacked by the group Anonymous, who recorded the meeting and posted it on YouTube. An investigation found an officer attending the event had forwarded information to his private email, which was hacked.
“It’s a case in point that even the most security conscientious people, if they’re not making the right tool choices, are at risk,” Bellmar said.
Bellmar said business owners can take some simple steps to make their conferencing safer:
1. Use a 10-digit code that is randomly generated.
2. Don’t use a PIN number that has the last four digits of your phone number.
3. Never post conferencing details on the Internet.
4. Lock your conference once you start so no one else can join, and use your roll call function so unknown people can’t join.
5. Use visual tools to manage a call. “There are a number of apps out there that can take control of call,” Bellmar said. “You can take the call and see (on your smartphone) who is on bridge. They’re out there and they are the best way to manage your call.
Bellmar stresses that small or regional businesses are just as vulnerable as global corporations, and even more so if business owners take an approach that they could never be targets.
“For the average organization, it’s a very small problem until you’re compromised,” he said.
For more information, go to www.intercall.com.