Managing Private Automatic Branch Exchange (PABX) Fraud during COVID-19 Pandemic

december 20, 2020 News Releases 0 Comments

§1     Introduction

With a major part of the global workforce turning to home networks and cloud-based services to get their work done, fraud perpetrators have been looking for opportunities to launch cyberattacks on the vulnerable. During the COVID-induced lockdowns and isolations, the incidences of common Private Automatic Branch Exchange (PABX) Fraud shot up significantly. Fraud perpetrators have largely shifted their focus to COVID-themed attacks. PABX Fraud that involves hacking of a P(A)BX system or phone equipment with the intent to make unauthorized calls, is observed to have increased during the ongoing pandemic mainly due to remote working.

Praetor Forensic Auditing provides the services required to help private and public organizations identity the nature and extent of financial crime and deliver appropriate remedies: Fraud Risk AssessmentFraud Risk ManagementFraud InvestigationsCompliance AssistanceIntegrity Due DiligenceForensic Business IntelligenceLitigationNegotiationReputation ManagementForensic Technology and Discovery Services and Legal Department Operations.

§2     Private Automatic Branch Exchange (PABX) Fraud

§2.1. The Nature of Private Automatic Branch Exchange (PABX) Fraud

A substantial increase in your telephone bill is an indication your company could be the victim of Private Automatic Branch Exchange (PABX) fraud. Detailed billing will assist in identifying any potential unauthorised calls, usually International calls but they can also be National telephone calls. Another indicator is where customers trying to dial, in or employees trying to dial out, find that the lines are always busy.

Private Automatic Branch Exchange (PABX) fraud is defined as the unauthorized use of a company’s phone system. It is a theft of long-distance services by a) un unrelated third party, b) a staff member of a long-distance carrier, local telecom or vendor, or c) the user’s staff member. 

§2.2. Who commits Private Automatic Branch Exchange (PABX) fraud?

As is the case with any other unlawful act, fraudsters in this industry, who are referred to as “hackers,” do it mainly for the money. Other fraudsters do it for fun, professional challenge and/or out of boredom. Still other fraudsters know how easy it is, know the codes, have the proper equipment and cannot resist the temptation. In most cases, fraudsters can recognize the manufacturer/brand by the prompts and determine which password ranges on which to concentrate. With some luck and persistence, fraudsters will “hack” into their first system within the hour. Most of the activity is through call/sell operators who operate in urban communities, mainly by immigrants for immigrants who call to countries like the Dominican Republic, China, Pakistan and Egypt at a rate of €10 for a 30- to 45-minute call. These telephone calls usually take place after regular business hours or on weekends where the excessive Private Automatic Branch Exchange (PABX) traffic will go on unnoticed and uninterrupted.

§2.3. How do hackers get the numbers?

There are different methods of obtaining telephone codes: (a) “Dumpster divers” (fraudsters who go through your trash and look for phone bills, computer printouts or product manuals); (b) “Shoulder surfers” (fraudsters who stand particularly close to you at a pay phone (in airports, bus terminals, etc.) while you dial your Direct Inwards System Access (DISA) password, voice mail code or calling card number so fraudsters can capture your dialling sequence; or (c) Hackers publish their findings in magazines, BBS and even on the Internet.

§2.4. What do they do with these codes once fraudsters have obtained them?

Since the primary motive is money, fraudsters look for buyers. On the streets of New York City, for example, where 60 percent of Private Automatic Branch Exchange (PABX) fraud attempts originate, a good number will go for $3,000 to $5,000 depending on the supply/ demand at that time.

§2.5. Why are Private Automatic Branch Exchanges a perfect target

Today’s Private Automatic Branch Exchanges are feature-rich, and more and more features are developed each day as the various Private Automatic Branch Exchange (PABX) manufacturers attempt to gain a competitive edge. These features are all software, and therefore programmable, which in most cases means fraudsters can be accessed remotely. In addition, maintenance and service is provided by interconnects from remote service centers via modem lines. All of this creates a very familiar environment for the hacker to operate in with very little risk of being identified.

§2.6. What are hackers looking for in your Private Branch Exchange (PBX)?

The easiest vehicle for fraudsters is to gain control of your direct inward service access (Direct Inwards System Access (DISA)) where a remote user can gain access to an outside line from your Private Branch Exchange (PBX) by punching some “long” authorization codes. Most companies use it for the travelling employee.

Second, fraudsters would love to “take over” your maintenance port. By controlling that port, which is the heart of your Private Branch Exchange (PBX), fraudsters can do whatever they want, including changing your routings and passwords and deleting/adding extensions. And, if their intent is vicious, fraudsters can actually shut down your Private Branch Exchange (PBX) and take you out of business. Voice mail is probably the most popular vehicle of Private Automatic Branch Exchange (PABX) fraud these days. Like Private Branch Exchanges, voice mail systems are also very sophisticated and full of features.

A fraud perpetrator can, among other things, sit on the beach in Trinidad and Tabaco and program your voice mail box in Frankfurt to place any inbound call on temporary hold, grab another line, call his cellular phone then conference the two lines–all within seconds. Meanwhile, the caller has no idea that you are actually enjoying the sun and sipping Jamaican rum. Hackers want to use exactly that feature to forward calls to a “phantom” mail box that will give just a dial tone. Then, fraudsters dial the rest from any public phone in Washington D.C., Dubai or Amsterdam.

§3.    Praetor Forensic Auditing’s Strategic Analysis, Advisory Services and Operational Support

§3.1. Fraud Risk Assessment

Anti-Fraud provides an independent and objective assessment of the organizations existing anti-fraud program, gaps in the existing controls and suggest measures to mitigate the gaps.

Praetor Forensic Auditing assists its clients in setting up a monitoring framework, developing relevant checking procedures and identifying key risk indicators of Private Automatic Branch Exchange (PABX) fraud. It also develops training programs for employees, and help to create a continuously evolving control environment reflective of the risk landscape.


§3.2. Fraud Risk Management

To deter the occurrence of Private Automatic Branch Exchange (PABX) fraud, we provide clients with expertise to set-up and implement a visible and transparent fraud risk management program that allows to create an anti-fraud environment.

Praetor Forensic Auditing assists private and public organizations with turning critical and complex issues into opportunities for resilience and long-term advantage. This involves identification of modus operandi as to how did the Private Automatic Branch Exchange (PABX) fraud occur, who was involved, what were the extent of losses, and how can it be prevented from recurring.


§3.2.1.       Praetor Forensic Auditing’s Anti-Fraud Strategy

Praetor Forensic Auditing’s anti-fraud strategy has four (4) main components: a) Prevention, b) Detection, c) Response, and d) Deterrence. The various elements of an effective anti-fraud strategy are closely interlinked and each plays a significant role in combating fraud. The combination of effective fraud prevention, detection and response measures will create an effective fraud deterrent.


§3.2.2.       Fraud Prevention

The attitudes within your organization lay the foundation for a high or low fraud risk environment. Where minor unethical practices may be overlooked, larger frauds may also be treated in a similar lenient fashion. In such an environment there may be a risk of total collapse of your organization either through a single catastrophic fraud or through the combined weight of many smaller frauds.

A sound ethical culture and sound internal control systems are essential key components of a fraud prevention strategy.


§3.2.3.       Fraud Detection

There are a range of Private Automatic Branch Exchange (PABX) fraud indicators – both warning signs and fraud alerts – which can provide early warning that something is not quite right and increase the likelihood that the fraudster will be discovered.


§3.2.4.       Fraud Response

Any organization should set out its approach to dealing with Private Automatic Branch Exchange (PABX) fraud in its fraud policy and fraud response plan. Organizations should ensure that this includes provision for learning lessons from fraud incidents and appropriate, prompt follow-up action.


§3.3. Fraud Investigation

Fraud Investigation helps organizations manage the risk an vulnerabilities that come from global corruption, from high profile and complex financial matters to employee, cash, cybercrime and Private Automatic Branch Exchange (PABX) Fraud. 

Praetor Forensic Auditing assists its clients with investigation of alleged fraud or corruption perpetrated against corporate and government entities, including, but not limited to, vendor fraud, payables fraud and embezzlement. It also assists with factual, often privileged, investigation of alleged corporate wrongdoing, including, but not limited to, investigation of alleged financial statement misrepresentations and violations of anti-corruption regulations. Praetor Forensic Auditing’s investigation work includes forensic imaging of computers, data analysis, collection and analysis of data, interviews of individuals and review of documents.


§4.    Taking action to manage Private Automatic Branch Exchange Fraud during COVID-19 Pandemic

The following are some basic steps you might want to consider adopting in the fight against Private Automatic Branch Exchange (PABX) fraud:


Firstly, get yourself and your immediate staff acquainted with Private Automatic Branch Exchange (PABX) fraud. Periodically remind all employees who have been issued authorization codes (Direct Inwards System Access (DISA), voice mail, etc.) of the importance of keeping these codes secret and the need to change them frequently. Also, warn all employees about “shoulder surfers” and advise them not to write their codes in public or yell them out in a crowded area.

Secondly, educate yourself with the many features of your Private Automatic Branch Exchange (PABX), voice mail and/or Automatic Call Distribution (ACD). Shut down all of those not in use or not in service, and change your PBX passwords as frequently as possible.


Install a “dial back” modem on your maintenance port, and always have your service provider call you before accessing your Private Automatic Branch Exchange (PABX).


Block access to destinations where your company does not do business. If circumstances do not permit this, at least block calls to some or all of the 10 most popular fraud destinations.

Voice Mail:

Make sure your voice mail system is a “closed loop” and cannot be manipulated to get an outgoing dial tone. Check your valid mailbox list and delete any box that is no longer in service. Disconnect callers after three unsuccessful attempts at dialling their mailbox code. Instruct employees to change their voice mail passwords and delete “old” messages.


Choose random. lengthy passwords (10 digits or more) and change them frequently to make it harder for hackers to discover them. Keep these codes in a safe place and never write them on the wall next to the Private Branch Exchange (PABX).

Direct Inwards System Access (DISA):

Consider disconnecting Direct Inwards System Access (DISA). If this feature is necessary, ensure that only those employees who have a real need for international calls will be allowed to use it.

Telecom Filtering:

More and more companies are demanding, and being provided with, extra value services form their Telecom providers. Filtering and Early warning permits the owner of the Private Automatic Branch Exchange (PABX) to limit their cost exposure for this type of crime.

This publication contains general information. The Serious Fraud Investigation Office (Van Leeuwen Law Firm | Praetor Forensic Auditing) is not, by means of this publication, rendering accounting, business, financial, investment, legal, tax, or other professional advice or services. This publication is not a substitute for such professional advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified professional advisor. The Serious Fraud Investigation Office (Van Leeuwen Law Firm | Praetor Forensic Auditing) shall not be responsible for any loss sustained by any person who relies on this publication.
Copyright © 2020 The Serious Fraud Investigation Office (Van Leeuwen Law Firm | Praetor Forensic Auditing), All rights reserved.