Updated January 1, 1 . AmFam Team
Every day, companies across the globe are targeted by fraudulent groups that seek to deceive unwitting people. And every day, a small percentage of these calls succeed in stealing either sensitive information, money or both from businesses that aren’t informed on the ways of the modern phone criminal. The caller will tell a persuasive story, pair it with aggressive sales tactics, and eventually a vulnerability on the receiving end is exposed. To reduce your business' exposure to tactics like these, take a close look at how telephone fraud and phone scams have been carried out in this informative article.
Telephone fraud and scams cost the American economy billions of dollars annually. The fraud is committed by illegally using a telephone system, cellular phone, or calling card to make long-distance calls, or through dishonest business practices. This report discusses what businesses can do to limit their losses from telephone fraud and scams.
Prior to the 1984 deregulation of the telecommunication industry, telecommunications equipment was owned by the telephone company. Telephone toll fraud consisted of bypassing the billing system of the telephone company to make illegal calls. As the owner of the equipment, the telephone company was liable for these unauthorized toll calls made through their equipment.
As a result of deregulation, most telecommunication equipment is user-owned and resides on the users' premises. Toll fraud involves stealing the codes/passwords of cellular phones or calling cards, or gaining access to a business' telecommunications system, usually a private branch exchange (PBX), to steal authorization codes and passwords. This information can then be used to make illegal long-distance calls or it can be sold to others.
Businesses that own their telecommunications equipment are responsible for all charges related to long-distance calls going through the equipment, whether authorized or not. The tariffs of the long-distance carriers provide that users are liable for such charges, and the courts and the Federal Communications Commission (FCC) have uniformly upheld this provision.
While long-distance carriers usually will absorb illegal toll charges for residential customers, businesses are generally charged for the calls. With losses estimated in the billions of dollars, businesses must take preventive measures to limit the opportunity for telephone toll fraud. This report discusses what businesses can do to limit their losses from telephone toll fraud.
Businesses and individuals lose billions of dollars each year from telephone fraud and scams. In general, these losses involve the use of PBX systems, cellular phones, and other scams but can be caused by dishonest business practices. Organized crime, computer hackers, and drug dealers are responsible for the many of these losses.
In 2009, the Federal Bureau of Investigation (FBI) announced the results of an international investigation ongoing since 2006 that relates to conduct ranging from October 2005 through December 2008. In the indictment, the FBI identified three individuals who allegedly hacked into the telephone systems of large corporations and entities in the United States and abroad and sold information about the compromised telephone systems to Pakistani nationals residing in Italy. In conjunction with the unsealing of the Indictment, Italian law enforcement conducted searches of approximately ten locations in four regions of Italy and arrested the financiers of the hacking activity. Those financiers allegedly used the information to transmit over 12 million minutes of telephone calls valued at more than $55 million over the hacked networks of victim corporations in the United States alone.
Through the use of computers, modems, and high-speed dialers, telecommunication thieves (hackers) are able to obtain a business' access codes and employee personal identification numbers (PINs). User-friendly features of modern telecommunications systems, such as voice mail, remote access, and automated attendants, allow the accessing and obtaining of a dial tone from off-premises. With the codes, the thieves can then make unauthorized long-distance telephone calls through the PBX.
Maintenance features of PBX systems can also provide access to telecommunication thieves. For example, remote maintenance ports allow technicians to perform repairs, upgrade software, and run tests from a remote location. While providing a useful function, these ports can also be used by thieves to illegally enter the system.
Cell phone fraud (cellular fraud) is defined as the unauthorized use, tampering, or manipulation of a cellular phone or service. At one time, cloning of cellular phones accounted for a large portion of cell fraud. As a result, the Wireless Telephone Protection Act of 1998 expanded prior law to criminalize the use, possession, manufacture, or sale of cloning hardware or software. Currently, the primary type of cell fraud is subscriber fraud. The cellular industry estimates that carriers lose more than $150 million per year due to subscriber fraud.
Subscriber fraud occurs when someone signs up for service with fraudulently-obtained customer information or false identification. Lawbreakers obtain the personal information and use it to set up a cell phone account in the person’s name. Resolving subscriber fraud can develop into a long and difficult process for victims. It may take time to discover that subscriber fraud has occurred and an even longer time to prove that the victim did not incur the debts.
Every cell phone is supposed to have a unique factory-set electronic serial number (ESN) and telephone number (MIN). A cloned cell phone is one that has been reprogrammed to transmit the ESN and MIN belonging to another (legitimate) cell phone. Unscrupulous people can obtain valid ESN/MIN combinations by illegally monitoring the radio wave transmissions from the cell phones of legitimate subscribers. After cloning, both the legitimate and the fraudulent cell phones have the same ESN/MIN combination and cellular systems cannot distinguish the cloned cell phone from the legitimate one. The legitimate phone user then gets billed for the cloned phone’s calls.
Cramming is the illegal act of placing unauthorized charges on wireline, wireless, or bundled services telephone bills. The FCC estimates that cramming has harmed tens of millions of American households. Entities that engage in cramming appear to rely heavily on confusion over telephone bills to mislead businesses into paying for services that were not authorized or received.
Smartphones are sophisticated handheld devices that enable consumers to shop online from wherever they are or charge app purchases to their phone bills. The more a mobile phone bill begins to resemble a credit card bill, the more difficult it may become to spot unauthorized charges.
Since January 2014, the FCC took seven enforcement actions against carriers for alleged cramming and slamming violations. Slamming is the illegal practice of changing your local or long distance telephone service without your permission. Here is how cramming charges can occur: Local telephone companies generally bill their customers for services provided by other companies. Cramming charges can be included with the bill when a service provider sends inaccurate billing data, whether through oversight or intentionally, to the local provider. A local provider may also engage in cramming if it bills a customer for a service provided by the local company that was not authorized by the customer.
Cramming also occurs when a vendor imposes a charge for services authorized by a consumer, but does not clearly or accurately describe all of the applicable charges to the consumer when marketing the service.
Pay-per-call scams involve charges on a phone bill for information or entertainment services provided through calls to 900 numbers, 800 or other toll-free numbers, or international phone numbers, for which there was no agreement to buy the services or there was no authorization for the charges. Pay-per-call service, offered using a 900 number, is any service:
Other information services that may be offered through numbers other than 900 numbers (for example, through an 800 or other toll-free number) include certain directory services, or services for which users are assessed charges only after entering a prior payment or subscription arrangement. It is important to note that, given these definitions, not all “toll-free” numbers are actually toll-free calls.
No written agreement is required for calls to 800 numbers that charge for using devices to provide telecommunications services to persons with hearing or speech disabilities. Similarly, no written agreement is required for directory services provided by a telephone company or for the purchase of goods or services that do not qualify as information services.
In another twist to phone fraud, consumers who downloaded a program from a website on the Internet to view pictures later received huge phone bills for international calls they never made. They did not know that the viewer program was designed to disconnect their computers from their regular Internet service providers and reconnect them to the Internet through a phone number in Moldova, formerly part of the Soviet Union.
Robocalls are unsolicited prerecorded telemarketing calls to landline home telephones, and all autodialed or prerecorded calls or text messages to wireless numbers, emergency numbers, and patient rooms at health care facilities. Under the Telephone Consumer Protection Act (TCPA), FCC rules limit many types of robocalls, though some calls are permissible if prior consent is given. Rules differ between landline and wireless phones.
FCC rules require a business to obtain a consumer’s written consent – on paper or through electronic means, including website forms, a telephone key press – or a recording of oral consent, before it may make a prerecorded telemarketing call to a residential phone number or make an autodialed or prerecorded telemarketing call or text to a wireless number. Informational messages, such as school closings or flight information, are permissible without prior written consent.
The liability for long-distance toll charges is determined by the published rates, or tariffs, filed by long-distance carriers. These tariffs typically provide that customers are responsible for all calls that originate from the customer's number. Even in those cases where the call is made from a remote location through a PBX's remote access feature, the courts and the FCC have held that the call originated from the customer's number under the tariff.
Although the tariffs can discharge a customer's liability in the event of willful misconduct by the carrier, the courts and the FCC generally have agreed that the carriers do not have a duty to warn customers of the possibility of toll fraud. This reason is the tariffs do not expressly provide for such duty.
The FCC has concluded that "tariff liability provisions that fail to recognize an obligation by the carrier to warn customers of the risks of using carrier services are unreasonable." The FCC has established guidelines designed to equitably apportion liability among carriers, equipment vendors, and customers based primarily on whom among them took the most reasonable steps to prevent, detect, and minimize the fraud.
For cellular phones, the liability for illegal calls is borne by the carriers. However, this liability is passed on to customers in the form of higher rates for calls.
Losses from telephone toll fraud, however, cannot be measured in just dollars alone. Companies may suffer losses when prospective customers get busy signals, due to illegal usage, and instead call a competitor to place an order. Frustration in trying to get outside lines that are being used by unauthorized callers also may affect employee productivity.
Telecommunication equipment manufacturers, the long-distance carriers, and the cellular industry address the problem of fraud. Their efforts have included developing protection systems, warning users of the potential for toll fraud, and educating them on how to detect illegal activity.
Carriers are also working together through trade groups to fight toll fraud. On October 25, 1994, HR 4922, Communications Assistance for Law Enforcement Act was signed into law. Amendments to Section 1029 now include the fraudulent alteration of telecommunications instruments and equipment. Punishment includes fines and imprisonment.
Additionally, the Wireless Telephone Protection Act (Public Law 105-172) was signed into law on April 24, 1998, expanding the prior law to criminalize the use, possession, manufacture, or sale of cloning hardware or software. Under the law, the creation and use of a cloned phone is a felony carrying fines and imprisonment.
The following are measures that can be used to prevent telephone toll fraud:
Long-distance carriers have developed various hardware and software devices to assist users in reducing the risk of loss from toll fraud. These include PC-based call-accounting systems to monitor incoming and outgoing traffic, artificial intelligence techniques to differentiate authorized and unauthorized attempts at usage, and hardware and software devices to protect remote ports and voice mail systems.
In the final analysis, however, it is customers who are ultimately responsible for protecting their systems. Businesses must train employees on what toll fraud is and what they can do to prevent it. Employees are the first line of defense against toll fraud.
Cell phone toll fraud is a problem inherent in the way cell phones operate. Some cellular companies have imposed security PIN codes that are transmitted on a separate frequency from the ESN/MIN pair. Users are required to punch in the PIN code before dialing a call; however, some customers consider having to punch in these extra digits burdensome. Additionally, PIN codes work only within a carrier's network, allowing thieves to use cloned phones on other networks.
Carriers use software to monitor customer-calling patterns. If phone use deviates from normal use, an alert is sounded and the carrier can immediately investigate by contacting the customer. Other software forces callers to wait for their ESM/MIN codes to be validated before the calls go through rather than the carrier making the assumption that the customer has moved out of their normal cellular area.
The battle against fraud is also being helped by digital technology. Analog phones use transmission technology that is expensive to encrypt, while digital encryption is easier and cheaper. Digital systems allow for digital "fingerprinting" of phones, encrypted call-and-respond authentication systems, profiling, and voice recognition, all of which are effective in fighting fraud.
The following are some tips to consider in preventing cell phone toll fraud:
Take these steps to protect against cramming charges:
Carefully review the telephone bill every month. Treat telephone service just like any other major purchase. Monthly telephone bills should be reviewed as closely as monthly credit card and bank statements.
The following questions should be asked as telephone bills are reviewed:
Take the following action if your telephone bill lists unknown or suspicious charges:
If neither the telephone company sending you the bill nor the company that provided the service in question will remove charges you consider to be incorrect, you can file a complaint with:
In most areas, you can ask your local telephone company to block 900 number dialing from the phone and the company must do so at no charge. You must ask within 60 days of beginning new telephone service. The company can charge a reasonable one-time fee if you ask for blocking outside the 60-day period. If you decide to remove the 900 number dialing block, your request to your local telephone company must be in writing. To protect against pay-per-call scams:
To protect against computer-generated phone charges, do not download programs from websites unless you know that you are dealing with a reputable site. Placing your home or personal wireless number on the national Do-Not-Call list prohibits telemarketers from calling - even when they do not use autodialers or prerecorded messages - unless you have given them your prior express written permission to call, or they are exempt from the rule. To register a number, go to https://www.donotcall.gov/ (Opens in a new tab).
Telephone fraud and scams continue to be a serious problem affecting American businesses. With losses now measured in the billions, and increasing, businesses must take proactive measures to reduce the risk.
Fraud.org provides tips about telemarketing and internet scams to help determine whether something might be fraudulent. It is probably a scam if someone:
If your company is the victim of any of the scams described above or if it is experiencing charges that require additional explanation, contact the provider to obtain additional information. If you believe your system has been hacked, call your phone company and report the incident to the police.
Consumers who become victims of a scam can file a complaint with the FCC. There is no charge for filing a complaint. Have employees talk with their children. Make sure the children understand they should not call 900 numbers without permission and should not use business phones.
You can file your complaint using an online complaint form at http://www.fcc.gov/complaints (Opens in a new tab).
Training yourself and your employees on how to best navigate phone-related scams and fraud can be a lot to manage. So, keep on the lookout for new, unsolicited inbound offers and business opportunities that seem too good to be true. Now is also a good time to pay a little more attention to your commercial umbrella insurance policy, and make adjustments that cover all you’ve worked so hard to create. Your business will be better protected — and you’re going to feel great — with the knowledge that you’re prepared for whatever may come your way.
JSS component is missing React implementation. See the developer console for more information.