Small to midsize businesses (SMBs) in the U.S. have one more thing to worry about these days. Recent reports show that hackers are using a sophisticated fraud plan to route calls from small businesses to “premium-rate telephone numbers” to run up charges and gain from the profits.
These schemes are made easier and lucrative for hackers by use of the Internet to lease the premium-rate phone numbers. According to the New York Times, national carriers usually have anti-fraud systems in place to prevent such issues, but local carriers may not be able to spot the calls. Also, there are no regulations that force carriers to pay customers back for charges.
To rack up the charges, cybercriminals hack into the SMB’s phone systems, where they route calls (usually over a weekend) to their own computers, which can make virtually hundreds of calls at once to the leased premium numbers. Charges are made and the hackers often get as much as 24 cents per minute of each call, which could last more than 220 minutes.
One architecture firm in San Francisco was hit to the tune of $166,000 in one weekend in March despite the fact that the office was empty the entire time. The company filed a complaint with the Federal Communications Commission and claimed that it would take the company more than 34 years of typical service to run up charges that high.
A dry cleaning chain with stores in three states was attacked and faced charges for $147,000 for 75,000 minutes in premium-rate calls, while a consulting firm in Albany, New York received a bill for more than $200,000.
Since attacks like this mostly affect SMBs, they are somewhat easier to pull off. And in a typical year, hackers can cost small businesses $4.73 billion globally.
Many of these cyberattacks are run overseas and have caught the attention of the Federal Bureau of Investigations (FBI). The bureau arrested four in the Philippines who managed to rake in about $2 million from premium-rate phone fraud. The FBI later found that the money raised had been sent to the middle east and likely paid for the Mumbai terrorist bombing of 2008.
Experts advise SMBs to combat these attacks by ensuring that their phone systems are guarded by strong passwords and to turn off any call forwarding features. In the New York Times, Jim Dalton, founder of TransNexus, reminds businesses that phones are merely “Internet-connected machines,” and should be protected as such.