BLOG@CACM
Security and Privacy

Why Data Security Is An Issue For Business Phone Systems In 2023

Posted

In the digital age, it is more important than ever that businesses take extra steps to protect their data. Digital information systems offer criminals new avenues to commit fraud. In 2022, phone scams affected more than 70 million Americans to the tune of almost $40 billion in damages. A recent report by the Federal Trade Commission shows that older adults suffered the largest median losses.

Along with targeting individuals, criminals also exploit vulnerabilities in business phone systems. They then can steal customer credentials, financial data, and sensitive company information. If your phone systems are not secured, unauthorized individuals could gain unauthorized access. Data breaches such as this can lead to financial loss, as well as serious damage to a company's reputation.

Additionally, many businesses must follow industry regulations and standards regarding data security and be able to perform swift disaster recovery after a system failure or a cyberattack. Failure to comply with these regulations can result in fines and penalties. In this article, we will discuss the most common phone scams, how they work, and how to protect yourself from them.

What is a business phone system?

Companies use business phone systems to manage and route telephone calls. These systems use hardware and software to make, receive, and transfer calls. Phone systems also offer features such as call forwarding, call recording, and conferencing.

The two main types of business phone systems are on-premise and cloud-based systems. Traditional phone systems use physical equipment which is set up and maintained on-site. Cloud-based systems are hosted by third-party providers and accessed over the internet.

Cloud-based phone systems are popular because they are flexible, cost-effective, and easy to scale. They also provide remote access that makes it possible for employees to work off-site.

SIP (Session Initiation Protocol) trunking bridges the gap between cloud-based and on-premise phone systems. While handy for VoIP business phone systems, SIP trunking creates opportunities for fraud. Criminals can exploit vulnerabilities in SIP trunking systems to access Internet-connected phone networks.

There are several ways for cybercriminals to do so, and we'll go into more detail about SIP trunking fraud later.

Fake caller ID scams

Scammers use caller ID spoofing to disguise their phone numbers. They do this to make it appear as though they are calling from a legitimate organization. The aim of fake caller ID scams is usually to trick the victim into handing over information or money.

Tech support scams are a common type of caller ID fraud. In this scenario, a scammer will call a person and claim to be from a well-known company, such as Microsoft or Apple. The scammer will say that there is a problem with the victim's computer. They'll then ask for remote device access or for payment to fix the issue.

Caller ID spoofing is a common tool criminals use to carry out credit card scams. Fraudsters often use social engineering to get victims to provide credit card details. For example, they'll say they're from a bank or credit card company, then offer to reduce the victim's interest rate. Scammers use similar tactics to get people to hand over login credentials to online financial accounts.

Criminals also use caller ID spoofing to make it appear as if they're calling from a government agency. For example, a scammer will call a person and tell them that they owe money to the IRS. They may then threaten legal action if the person does not pay immediately. Fraudsters may also attempt to extract personal data such as social security numbers.

It is vital to be aware of these scams and to never give sensitive information or money over the phone. Legitimate organizations will not ask for personal information or money in this manner. If you suspect that you have received such a call, report it to the Federal Trade Commission. You can also monitor your credit and personal information by setting up alerts with credit bureaus such as Experian.

Eavesdropping

Eavesdropping, also known as wiretapping, is the unauthorized interception of phone conversations. Criminals may tap into a phone line, intercept a network signal, or gain system access via malware.

Many businesses today use VoIP phone systems, so eavesdropping is a serious concern. It can give scammers unauthorized access to sensitive business and customer information. This can include confidential business strategies, financial information, personal customer data, and more. It can also lead to a loss of trust from customers, and damage to a company's reputation.

Cybercriminals can eavesdrop through a variety of methods, such as:

  • Physical tapping: Criminals tap a line by accessing the wiring in a building or telephone pole.
  • Signal interception: Criminals intercept phone signals using specialized equipment or software. They then use this access to listen in on calls.
  • Malware: Cybercriminals install malware on a business's phone system. This then allows them to access and listen in on conversations.
  • Social engineering: Criminals use tactics such as phishing to trick employees into providing access to a phone system.
  • VoIP vulnerabilities: Cybercriminals can exploit vulnerabilities in VoIP phone systems to gain access. The risk of eavesdropping is high for VoIP phone systems that are set up on unencrypted networks.
  • Cloud phone systems: Fraudsters can hack into a cloud account to gain access to cloud-based phone systems.

It is vital for businesses to be aware of these tactics and take steps to protect their phone systems. You can do this by implementing encryption protocols, system-wide monitoring, and regular auditing. It is also important to modernize your data backup methods. Legacy software and outdated data handling methods will leave openings for intruders.

SIP Trunking Fraud

Businesses use SIP trunking to connect their phone systems to the public network. Scammers exploit SIP trunking system vulnerabilities to steal data and make unauthorized calls. SIP trunking fraud is often a component of other scams, such as caller ID spoofing and toll fraud.

SIP trunking fraud can happen in a few ways:

  • Account hijacking: Scammers gain unauthorized access to an SIP trunking account. They do this by using stolen credentials or exploiting system vulnerabilities. Once they have access, they can use the account to make unauthorized calls. Scammers also use phishing to trick businesses into providing SIP trunking login credentials.
  • Caller ID fraud: Once they gain access to an SIP trunking system, scammers use caller ID spoofing. They can then use this to commit various caller ID spoofing scams, such as those mentioned above.
  • Toll fraud: Scammers use a compromised SIP trunking system to make calls to premium-rate numbers. The criminals then collect their share of the tolls, which can generate a tidy profit.

To combat SIP trunking fraud, use strong passwords and keep all your software updated. Companies should also stay up to date with the latest scams and fraud tactics. Businesses can further protect their systems with firewalls, intrusion detection, and call blocking.

Final Word

Phone system security is a pressing issue for businesses navigating today's digital landscape. A security breach can lead to the compromise of sensitive company and customer data. This results in a loss of customer trust, damage to the company's reputation, and significant financial harm. Businesses may also be subject to harsh fines if they fail to protect customer data. Sound phone system security is critical to a company's well-being and customer relations.

 

Alex Tray is a system administrator and cybersecurity consultant. He is currently self-employed as a cybersecurity consultant and as a freelance writer at NAKIVO Backup and Replication company.

Join the Discussion (0)

Become a Member or Sign In to Post a Comment

The Latest from CACM

Shape the Future of Computing

ACM encourages its members to take a direct hand in shaping the future of the association. There are more ways than ever to get involved.

Get Involved

Communications of the ACM (CACM) is now a fully Open Access publication.

By opening CACM to the world, we hope to increase engagement among the broader computer science community and encourage non-members to discover the rich resources ACM has to offer.

Learn More