MADISON, Wis. (May 11, 2012)—TDS Telecommunications Corp. (TDS®) warns business owners of a serious issue facing those who own and operate their own phone systems. Voice mail and toll fraud is on the rise as hackers use corporate phone systems to find an open road to major telecom networks. A private branch exchange telephone system, or PBX, is a phone system owned and operated by a private company. It is then connected with telephone lines purchased from a local telecom provider. TDS has been marketing PBX systems to its business customers for more than twenty years and is reminding businesses that security measures must be taken to prevent fraud. Voice mail and long distance toll fraud are the most prevalent threats to businesses using a PBX. Hackers gain access to the phone system in order to place long distance calls directly from the business customer’s lines, those charges are then billed—and could be costly. Although no system is 100 percent protected, TDS suggests all businesses with a PBX take the following steps to help prevent PBX hacking:
- Confirm no default or unchanged factory passwords exist in the PBX and/or voicemail system.
- Check that no unauthorized or additional passwords exist in the system.
- Use international call blocking in the PBX and at the local/long distance switch (unless your company actually needs/places international calls).
- Delete or lock all unused mailboxes.
- Require all employees to change their voice mailbox passwords to 6- or 8-digit non-trivial passwords. This includes administrative, general delivery, and system manager mailboxes.
- Educate employees on the importance of strong passwords and maintenance.
Businesses are encouraged to contact their local telecom provider to discuss other preventive actions, too. “By following these suggestions, along with other modifications recommended by your PBX supplier, you can make a significant difference in the security of your PBX systems,” said Tom Canfield, vice president of commercial marketing and product development at TDS. “In an era plagued with fraudulent and opportunistic people, basic prevention measures can really pay off.” Unauthorized access to a system is usually gained through voice mail menus protected with simple passwords (1111, 2222, 1234, etc.) or unchanged factory default passwords. Once in the system, hackers use system commands to gain dial tone and place calls that appear just like any other call originating from the business. Many savvy hackers also know the default passwords used by switch vendors. PBX hacking can occur when the PBX vendor, or the customer, fails to change these default passwords during initial installation. Good password management policy and practice is a strong protection step. “While we work directly with our customers who purchase a PBX from us to take the necessary precautions, we also have business customers with existing PBX equipment from other vendors that could pose a security threat,” says Canfield. Only customers can differentiate legitimate calls from fraudulent ones. Carriers, like TDS, do not have access or permission to stop calls from happening. Each carrier must pay a portion of the call that is handled by them, so when a call is placed to an international location the domestic carrier must pay the foreign carrier, regardless of any claim of fraud. Those charges are then passed back to the customer by the local carrier. Unfortunately, a large telephone bill could be the first warning a business receives. “Business customers are responsible for protecting their own PBX equipment from fraudulent use,” adds Canfield. “Thankfully, some basic security measures can help prevent hacking of their equipment. While we normally help set up these security settings with TDS PBX customers, many companies who already own equipment from other vendors need to pay attention to new threats to protect their lines.” For more tips and information to prevent PBX fraud, visit http://www.tdsbusiness.com/BusinessResourceCenter.aspx. TDS Telecommunications Corp. (TDS®) is the seventh largest telecom provider in the U.S. For more than 40 years, the company has been connecting people with high-speed Internet, phone, and TV entertainment services in hundreds of rural, suburban, and metropolitan communities across 31 states. Today, TDS has more than 1.1 million equivalent access lines in service and 2,700 employees. Business customers select from the latest technologies, including: VoIP (managedIP) phone service, dedicated Internet, data networking, and hosted-managed services. Visit www.tdstelecom.com or www.tdsbusiness.com for more information. TDS Telecommunications Corp. also manages the operations of VISI Incorporated, TEAM Technologies, and OneNeck IT Services Corp. through TDS Hosted & Managed Services, LLC. These companies employ more than 350 people who specialize in providing hosted application management, managed hosting, cloud services, and next generation data centers. Visit www.visi.com, www.team-companies.com, and www.oneneck.com for details. TDS Telecommunications Corp. headquartered in Madison, Wis. is a wholly owned subsidiary of Telephone and Data Systems, Inc. [NYSE: TDS]. A Fortune 500® company, Telephone and Data Systems provides wireless, local and long-distance telephone and broadband services to approximately 7 million customers in 36 states through TDS Telecommunications Corp. and U.S. Cellular [NYSE: USM], its majority owned wireless subsidiary. Founded in 1969 and headquartered in Chicago, Telephone and Data Systems employed 12,300 people as of March 31, 2012. Visit www.teldta.com for investor information