Communications Fraud is the use of telecommunications products or services with no intention of payment. Fraud negatively impacts everyone.
The CFCA Global Fraud Survey in 2009 revealed that an estimated $72 - 80 billion USD were attributed to Communications Fraud of which $23 Billion were due to identity/subscription theft, $15 Billion to PABX/Voicemail Hacking and $4.5 billion to Premium Rate Service Fraud.
AAPT is dedicated to minimising the risk of fraud from impacting our customers. The information below is provided as a "value add service" to educate YOU and help reduce the risk of your business or personal account being exploited by fraudsters.
Fraudsters and criminals are becoming increasingly cunning and sophisticated and are using technology or your good nature to separate you from your hard earned cash.
Fraud/Scams that may affect your assets:
- SCAMS - Phishing, Smishing & Vishing
- Email Spoofing
- PABX, VoIP or Voicemail Hacking
- International Revenue Share Fraud
- General Housekeeping
- Our Liability to Affected Customers
- More Information
Always Protect Your Identity!
Scams involving stealing people's identity and using these to commit crime are sweeping the world and unfortunately have also arrived in Australia. These fraudsters can potentially steal money from your bank on-line by remotely stealing your login and password from your computer.
Please be wary of any unexpected phone calls (or texts) especially if the caller is asking you for personal information such as usernames and passwords.
AAPT takes your online security seriously. It is our aim to raise awareness and to try to help you, our customer, keep up to date with the latest scams that could be potentially harmful to you.
AAPT takes your online security seriously. It is our aim to raise awareness and to try to help you, our customer, keep up to date with the latest scams that could be potentially harmful to you and your business.
Phishing (pronounced: fishing) scams are exactly as the word describes. Fraudsters are fishing for your personal information in order to use your legitimate credentials to commit fraud. Typically, phishing involves sending an email to a user falsely claiming to be a genuine company or venture. The bogus company will then attempt to scam the user into surrendering private information that will be used for identity theft. The email may direct the user to visit a website where they are asked to update personal information, such as passwords, credit card, and bank account details that the legitimate organisation already holds. Where the web site is part of a scam, the web site is only set up only to steal the user’s information.
There are currently various forms of hoax emails in circulation that claim to be sent out by AAPT asking customers to disclose their personal or account information. Although these requests may seem genuine, AAPT would never send out an email asking you to disclose any personal information, such as your password or bank account details.
Below is one example of a phishing hoax email recently sent to some of our customers. Please be aware that there are a number of forms of hoax emails in circulation and some hoax emails may look differently to this.
Dear AAPT Subscriber,
To complete your Aapt account, you must reply to this email immediately and enter your password here (*********)
Failure to do this will immediately render your email address deactivated from our database.
You can also confirm your email address by logging into your Aapt account at webmail.aapt.net.au Thank you for using aapt.net.au
THE AAPT TEAM
Smishing uses mobile phone text (SMS) messages to deliver the "bait" to get you to divulge your personal information. The "hook" (the method used to actually "capture" your information) in the text message may be a web site URL, however it has become increasingly more common to see a phone number that connects to an automated voice response system.
Vishing/Social engineering is the criminal practice of using social engineering over the telephone, most often using features facilitated by Voice over IP (VoIP) to steal sensitive information such as credit card numbers for financial benefit. Vishing, is a combination of "voice" and "phishing" and exploits the public trust in landline telephones. Vishing is typically used to steal credit card numbers or other information used in identity theft schemes from individuals.
E-mail spoofing is forgery of an e-mail identity. In effect the message is made to appear to have originated from someone or somewhere other than the actual source. In much the same way as the phishing example email to our customers (above), the fraudsters change (spoof) the email identity to try to create the appearance of authenticity and to make you believe that the email has actually been sent from a company that you interacted with. Not so! In the same way, some distributors of spam (electronic junk mail) use spoofing in an attempt to get recipients to open, and possibly even respond to, their solicitations.
Malware (malicious-software) is mainly associated with the emerging problem of ‘zombie’ or ‘bot’ computers – computers that have become compromised through the secret installation of programs that enables them to be controlled remotely for illegal and harmful activities, such as identity theft, DDOS (Direct Denial of Service) attacks, dissemination of spam and hosting of illegal content, such as pornography. AAPT are part of the AISI (Australian Internet Security Initiative) for ACMA. For more information on this initiative, please refer to http://www.acma.gov.au/WEB/STANDARD/pc=PC_310317.
There is an emerging trend of hackers using Wi-Fi connections to steal sensitive information. Wi-Fi is wireless networking - the ability to connect to a network or computer using radio signals (as opposed to network cabling). It's faster and ideal for office connectivity. AAPT encourages all customers using Wi-Fi modems of the importance of securing your wireless modem using a WEP key to stop hackers accessing your network.
A WEP key is a security code used on some Wi-Fi networks. A WEP key allows a group of devices on a local network (such as a home network) to exchange encoded messages with each other while hiding the contents of the messages from easy viewing by outsiders.
This industry-wide problem has increased in recent years, impacting businesses that own or operate Customer Premises Equipment (CPE), typically PABX, VoIP and voicemail systems which fraudsters can access undetected and make outbound calls both domestically and/or internationally.
Just as the prudent person secures their home to prevent becoming a victim of burglary, some simple prevention strategies below may result in an attempted attack on your company phone systems being prevented.
We have designed some helpful tips and case studies which will raise awareness on the importance of system security to shut out PABX hackers. Download PABX Hack Informer (PDF, 54 KB)
The costs associated escalate very quickly. AAPT have investigated cases that led to tens of thousands of dollars in just 24 hours. AAPT’s investigations have detected a list of international number ranges which have been suppressed at network level due to confirmed cases of compromised PABX's that were compromised externally where the numbers have used to dial out. This list is updated periodically: Supressed No. Ranges (.xls, 50 KB)
"IRSF" is a form of traffic inflation or flooding whereby an international revenue share provider obtains a number, or range of numbers designated as a premium rate service (PRS) which allow callers to access some form of entertainment service/feature, such as mobile ringtones, screensavers, horoscope readings etc, usually 190X numbers in Australia and more notoriously 900 numbers in the US. Each call to a PRS generates profit for both the revenue share provider and the content provider, ranging anywhere between 30% and 80% of the net tariff. Fraudsters have been known to enter into arrangements with the PRS content providers, with the purpose of flooding traffic to them using various methods, most commonly via hacking PABX, VoIP or Voicemail and programming the extension to automatically dial the PRS number.
1. Dispose of confidential in-house documents with sensitive material such as employee names, phone numbers, access codes, etc., which cannot be retrieved by "dumpster-diving" thieves looking for access into your phone systems.
2. Make sure you, or someone from your company review your AAPT monthly account closely and on a regular basis to immediately identify unusual activity early. It is your duty of care to do this.
3. Do not allow casual visitors to your business unsupervised access to your telephone(s).
In accordance with our contractual agreement with you, you are liable to AAPT for all charges incurred on your account. It is your responsibility to ensure that your PABX is secure. AAPT will not take responsibility for any misuse, fraudulent or otherwise, of your privately maintained PABX that results in financial or other detriment to you.
If you think you've been defrauded, contact your AAPT Account Manager immediately, the appropriate service centre or the Police or one of the relevant agencies listed below.
Further information is available on these and other scams (detailing how you can protect yourself) at the following URLs: