Giant Avnet was charged $750,000 for phone calls no one in the company had placed; Mitsubishi International had its bell rung for $430,000. Such tolls are being exacted by computer-savvy crooks who break into a company's private branch exchange (PBX) by telephone, establishing connections that allow them to place long-distance calls from afar. In 1992 the collective bill chargeable to (but uncollectible from) phone hackers in the United States was estimated at $4 billion.
Nor are small businesses immune to phone fraud. Hackers in New York City recently hung a $7,500 tab on unsuspecting Love's Country Stores, a retailer in Enid, Okla. In a similar incident, Dodger Industries, a modest-size clothing manufacturer in Eldora, Iowa, was hit for $35,000. Dodger CEO Lew Throssel would have faced even more damage if puzzled customers and sales personnel hadn't started complaining about the sudden frequency of busy signals over the company's 800 number. Nonetheless, by the time Throssel determined that hackers had breached Dodger's PBX and voice mail and posted the codes that gained free access to its trunk lines on a computer bulletin board, five-figure damage had been done.
Still, Throssel got off lightly. Dialing round the clock to countries like India (at about $12 for a five-minute call) and Colombia (about $9 for five minutes), hackers can easily drop $200,000 -- of your money -- in a weekend. Worse, long-distance carriers, such as AT&T, that get stuck holding such tabs insist that the victim pay for the stolen "goods" on the grounds that the PBX's bamboozled owner should have guarded it more carefully.
If hackers break into Dodger's PBX again, however, they won't be able to stay long. Dodger's calls are now monitored by new PC-based software called FraudFighter, which "learns" a company's normal calling patterns and alerts it to anomalies. Along the same, but more expensive, lines, a real-time alternative is Fraud-Finder, a mailbox-size unit that, connected to the phone lines in front of the PBX and monitoring an unlimited number of channels simultaneously, quickly detects -- then dauntlessly disconnects -- would-be thieves.
FraudFighter software from Complementary Solutions, in Atlanta (404-936-3700), is $2,000 (and requires Telemate call-accounting software, which starts at $995). It runs on PCs that are 286-based or higher.
FraudFinder hardware and software from Securicom, in Valencia, Calif. (805-294-9121), costs from $2,000 (for software only) to $25,000 (for a complete system). -- Robert A. Mamis* * *
Three basic precautions against phone fraud:
1. Change line-access codes frequently.
2. Don't punch in external access codes in open view -- thieves with video cameras can get the numbers.
3. Don't use access codes at all; instead, get a calling card whose holder is liable for only $50 worth of abuse.* * *