 |
Always Protect Your Identity
Please be wary of any unexpected phone calls (or texts) especially if the caller
is asking you for personal information such as usernames and passwords. If you are unsure of the
nature of the caller then hang up and report this matter to AAPT by emailing to:
internetsupport@aapt.com.au
INTERNET SCAMS AND YOUR SECURITY ONLINE
AAPT takes your online security seriously. It is our aim to raise awareness and to try to help you, our customer, keep up to date with the latest scams that could be potentially harmful to you.
Below is a list of some of the types of scams that fraudsters have designed to potentially trick and defraud you.
It has come to our attention that there are currently in circulation various forms of hoax emails that claim to be sent out by AAPT asking customers to provide personal or account information. Although they may seem genuine, AAPT would never send out an email asking you to share any personal information, such as your password or bank account details.
The main purpose of these emails is to try and trick you into sharing personal information in order to commit a crime using your name and credentials.
Remember, if something sounds too good to be true then it probably is!
PHISHING SCAMS (pronounced fishing)
Phishing scams are exactly as the word describes. Fraudsters are fishing for your personal information in order to use your legitimate credentials to commit fraud. Typically, phishing involves sending an email to a user falsely claiming to be a genuine company or venture. The bogus company will then attempt to scam the user into surrendering private information that will be used for identity theft. The email may direct the user to visit a website where they are asked to update personal information, such as passwords, credit card, and bank account details that the legitimate organisation already holds. Where the web site is part of a scam, the web site is set up only to steal the user’s information.
Below is one example of a (phishing) hoax email recently sent to some of our AAPT customers. Please be aware that there are a number of forms of hoax emails in circulation and some hoax emails may look quite different to this.
Dear AAPT Subscriber,
To complete your Aapt account, you must reply to this email
immediately and enter your password here (*********)
Failure to do this will immediately render your email address
deactivated from our database.
You can also confirm your email address by logging into your
Aapt account at webmail.aapt.net.au
Thank you for using AAPT.NET.AU!
THE AAPT TEAM
EMAIL SPOOFING
E-mail spoofing is forgery of an e-mail identity. In effect the message is made to appear to have originated from someone or somewhere other than the actual source. In much the same way as the phishing example email to our customers (above), the fraudsters change (spoof) the email identity to try to create the appearance of authenticity and to make you believe that the email has actually been sent from the company that you interact with. Not so! In the same way, some distributors of spam (electronic junk mail) use spoofing in an attempt to get recipients to open, and possibly even respond to, their solicitations.
COMPUTER SOFTWARE PROTECTION
Ask yourself, is your computer and personal information protected from viruses and spyware?
If so, is your computer security up to date? It is recommended that you download the latest security updates on a daily basis. A computer virus is a program that is designed to cause destruction and chaos. In some cases a computer virus may totally disable a computer.
Antivirus software can better safeguard your computer against malicious threats.
Email is a good example of how viruses are spread throughout the internet community.
Often viruses are spread via an email attachment. When the attachment is opened the virus is released onto the recipient’s computer. If you receive an email and an attachment from an unknown source, we suggest that you do not open it, but delete it immediately. If you are ever in doubt about the legitimacy of an email or file, again we suggest that you delete it.
AAPT does not endorse the use of any particular security products, however, to assist you, we have listed below links to some sites that may assist you with your internet security requirements:
http://www.microsoft.com/protect/default.mspx
http://security.symantec.com/sscv6/default.asp?langid=ie&venid=sym
http://housecall.trendmicro.com/
FRAUD
Background information
Fraud in the communications industry is a huge problem. It's believed to cost somewhere between [$54.4 – 60 Billion (USD) globally (CFCA release, 28.06.06), up by 52% from the last CFCA survey 2003]. It's also here to stay.
There are a number of different categories of fraudsters,
1. Hackers - unauthorised access to your PABX, voicemail or communications systems. Fraudsters who may be motivated by the thrill, notoriety gained, the challenge, havoc they can cause or simply for monetary reasons (aka. ‘Call Sellers’).
2. Phreakers - could be a hacker, but generally motivated by attaining free calls, service or access (billed to you).
3. Call sellers - those that make a living from stealing your communication services and selling them off to their own customers at your cost.
4. Organised crime - could fall into any of the above categories, but motivated by the anonymity factor to distance their identity & activities from law enforcement.
At AAPT, we've invested many resources to reduce the risk of your account being subjected to fraud. We have a dedicated fraud team to identify events on the networks that may indicate fraud occuring on your service/s.
Below are a few simple prevention strategies that you can take to minimse your risk. Just as the prudent person secures their home to prevent becoming a victim of burglary, some simple prevention strategies below may result in an attempted attack on your company phone systems being prevented.
This information is a value add service provided to you in the hope of reducing the risk of your business being hit by fraudsters.
• PABX, CPE, VoIP and voicemail fraud
• Calling Card fraud
• Social Engineering
• General Houskeeping
• Liability of your Service Provider
PABX, CPE, VoIP and Voicemail fraud
This industry-wide problem has increased in recent years, impacting businesses that own or operate Customer Premises Equipment (CPE), typically PABX or voicemail systems which fraudsters can access and make outbound calls [from] domestically or internationally.
Many "feature rich" PABX systems offer functionality such as DISA (direct inward system access) intended for employees to make calls billed to your company account while they are away from the business. Fraudsters know how to access these and bill their calls to you. Likewise, fraudsters know how to access your employee's voicemail services and use these to make domestic or international tolls billed to your account.
The costs associated with CPE fraud escalate very quickly. AAPT are aware of cases that have led to tens of thousands of dollars in just 24 hours. Also, with the increasing number of businesses using Voice-over-Internet Protocol (VoIP), you (the customer) must ensure that the same vulnerability checks are performed by your PABX maintainer to cater for this new technology.
Prevention strategies
1. Never give out technical information about your system to any caller that you are unable to authorise or confirm the identity of.
2. Do not allow your system administrator to maintain factory set passwords for maintenance of your phone system.
3. Introduce a PIN and password management policy where employees are not permitted to use predictable PIN numbers such as the last digits of their DDI, sequential numbers like 1111, 0000, or incremental numbers like 1234.
4. Ensure that PIN numbers are changed on a regular basis.
5. Do not allow unlimited unsuccessful attempts to enter voicemail - configure the system so that 3 [or less] unsuccessful attempts results in a lockdown.
6. Disable an administrator, contractor or employee's mailbox account the moment their employment ceases with your company.
7. If you have staff working outside the office environment or off-shore, let them use an AAPT Calling Card.
8. Schedule regular PABX checks with your maintainer and form a regular risk mitigation strategy to limit any system vulnerabilities.
9. Ensure that your PABX room is locked & secure at all times.
10. Be aware of the overt signs of PABX toll fraud such as short duration calls, inbound hang-ups, a spike in incoming hang-up calls, sudden increases in 1800 usage, or any calls made outside the normal business hours.
11. Check your bill regularly and ensure you can account for all itemised calls.
Calling card
Your AAPT Calling Card number and PIN is a valuable commodity to fraudsters. They frequently position themselves in areas where they can observe you entering your card and PIN numbers, then use these for their own purposes.
Prevention strategies
Be careful ..
1. Be careful when using your AAPT Calling Card on payphones, especially at payphones in busy airport terminals, train stations etc. Get "up close and personal" with the payphone so you cannot be observed entering the numbers.
2. Ensure you are not eavesdropped on if you are placing the call through an operator, either locally or via the Home Country Direct Service if you are overseas - in such cases you will be required to tell the operator your numbers.
3. Commit your PIN to memory, don't write it down on your Calling Card, and don't have it written down and kept within your wallet or purse. Don't disclose your Calling Card number or PIN to anyone calling you - AAPT will never call you and ask for your card number or PIN.
Social engineering
Some fraudsters can be very effective at persuading people of a helpful disposition to disclose information or get them to deviate from procedures, which will enable them to bill calls to your account.
Prevention strategies
1. Don't allow your receptionists or front office people to transfer inbound callers to dial-tone or an external number.
2. Ensure your operators don't deviate from established procedures under the influence of persistent or persuasive callers.
3. Ensure your staff are not duped into disclosing PIN numbers, passwords or Calling Card details.
General housekeeping
1. [Dispose of confidential in-house documents with sensitive material] such as employee names, phone numbers, access codes, etc., in a manner (shredding) which cannot be retrieved by "dumpster-diving" thieves looking for access into your phone systems.
2. Make sure you, or someone from your company review your AAPT monthly account closely and on a regular basis to immediately identify unusual activity early whether it is a PABX or voicemail hack, or simple unauthorised use by people such as contract cleaners or security guards. It is your duty of care to do this.
3. Do not allow casual visitors to your business unsupervised access to your telephone(s).
4. Contact your AAPT Account Manager and/ or your private maintainer immediately if you suspect your business has been a victim of communication fraud.
OUR LIABILITY TO AFFECTED CUSTOMERS
In accordance with our contractual agreement with you, you are liable to AAPT for all charges incurred on your account. It is your responsibility to ensure that your PABX is secure. AAPT will not take responsibility for any misuse, fraudulent or otherwise, of your privately maintained PABX that results in financial or other detriment to you.
If you think you've been defrauded, contact your AAPT Account Manager immediately.
MORE INFORMATION
Fraudsters and criminals are becoming increasingly cunning and sophisticated and are using technology or your good nature to separate you from your hard earned cash.
Scams involving stealing people's identity and using these to commit crime are sweeping the world and unfortunately have also arrived in Australia. These fraudsters can potentially steal money from your bank on-line by remotely stealing your login and password from your computer.
There are a number of prize draw and lottery frauds, Nigerian letter and e-mail scams circulating throughout the world including Australia.
Further information is available on these and other scams (detailing how you can protect yourself) at the following URL's
http://www.scamwatch.gov.au/
http://www.afp.gov.au/national/major_fraud/internet_scams#spyware
http://www.acma.gov.au/WEB/STANDARD/pc=PC_310294
If you think you've been duped or defrauded in any way, AAPT recommends that you contact the Police or one of the relevant agencies listed above.
INTERNET SCAMS AND YOUR SECURITY ONLINE
AAPT takes your online security seriously. It is our aim to raise awareness and to try to help you, our customer, keep up to date with the latest scams that could be potentially harmful to you.
Below is a list of some of the types of scams that fraudsters have designed to potentially trick and defraud you.
- Email hoaxs
- Phishing Scams
- Email Spoofing
- Computer software protection
- More Information
It has come to our attention that there are currently in circulation various forms of hoax emails that claim to be sent out by AAPT asking customers to provide personal or account information. Although they may seem genuine, AAPT would never send out an email asking you to share any personal information, such as your password or bank account details.
The main purpose of these emails is to try and trick you into sharing personal information in order to commit a crime using your name and credentials.
Remember, if something sounds too good to be true then it probably is!
PHISHING SCAMS (pronounced fishing)
Phishing scams are exactly as the word describes. Fraudsters are fishing for your personal information in order to use your legitimate credentials to commit fraud. Typically, phishing involves sending an email to a user falsely claiming to be a genuine company or venture. The bogus company will then attempt to scam the user into surrendering private information that will be used for identity theft. The email may direct the user to visit a website where they are asked to update personal information, such as passwords, credit card, and bank account details that the legitimate organisation already holds. Where the web site is part of a scam, the web site is set up only to steal the user’s information.
Below is one example of a (phishing) hoax email recently sent to some of our AAPT customers. Please be aware that there are a number of forms of hoax emails in circulation and some hoax emails may look quite different to this.
Dear AAPT Subscriber,
To complete your Aapt account, you must reply to this email
immediately and enter your password here (*********)
Failure to do this will immediately render your email address
deactivated from our database.
You can also confirm your email address by logging into your
Aapt account at webmail.aapt.net.au
Thank you for using AAPT.NET.AU!
THE AAPT TEAM
EMAIL SPOOFING
E-mail spoofing is forgery of an e-mail identity. In effect the message is made to appear to have originated from someone or somewhere other than the actual source. In much the same way as the phishing example email to our customers (above), the fraudsters change (spoof) the email identity to try to create the appearance of authenticity and to make you believe that the email has actually been sent from the company that you interact with. Not so! In the same way, some distributors of spam (electronic junk mail) use spoofing in an attempt to get recipients to open, and possibly even respond to, their solicitations.
COMPUTER SOFTWARE PROTECTION
Ask yourself, is your computer and personal information protected from viruses and spyware?
If so, is your computer security up to date? It is recommended that you download the latest security updates on a daily basis. A computer virus is a program that is designed to cause destruction and chaos. In some cases a computer virus may totally disable a computer.
Antivirus software can better safeguard your computer against malicious threats.
Email is a good example of how viruses are spread throughout the internet community.
Often viruses are spread via an email attachment. When the attachment is opened the virus is released onto the recipient’s computer. If you receive an email and an attachment from an unknown source, we suggest that you do not open it, but delete it immediately. If you are ever in doubt about the legitimacy of an email or file, again we suggest that you delete it.
AAPT does not endorse the use of any particular security products, however, to assist you, we have listed below links to some sites that may assist you with your internet security requirements:
http://www.microsoft.com/protect/default.mspx
http://security.symantec.com/sscv6/default.asp?langid=ie&venid=sym
http://housecall.trendmicro.com/
FRAUD
Background information
Fraud in the communications industry is a huge problem. It's believed to cost somewhere between [$54.4 – 60 Billion (USD) globally (CFCA release, 28.06.06), up by 52% from the last CFCA survey 2003]. It's also here to stay.
There are a number of different categories of fraudsters,
1. Hackers - unauthorised access to your PABX, voicemail or communications systems. Fraudsters who may be motivated by the thrill, notoriety gained, the challenge, havoc they can cause or simply for monetary reasons (aka. ‘Call Sellers’).
2. Phreakers - could be a hacker, but generally motivated by attaining free calls, service or access (billed to you).
3. Call sellers - those that make a living from stealing your communication services and selling them off to their own customers at your cost.
4. Organised crime - could fall into any of the above categories, but motivated by the anonymity factor to distance their identity & activities from law enforcement.
At AAPT, we've invested many resources to reduce the risk of your account being subjected to fraud. We have a dedicated fraud team to identify events on the networks that may indicate fraud occuring on your service/s.
Below are a few simple prevention strategies that you can take to minimse your risk. Just as the prudent person secures their home to prevent becoming a victim of burglary, some simple prevention strategies below may result in an attempted attack on your company phone systems being prevented.
This information is a value add service provided to you in the hope of reducing the risk of your business being hit by fraudsters.
• PABX, CPE, VoIP and voicemail fraud
• Calling Card fraud
• Social Engineering
• General Houskeeping
• Liability of your Service Provider
PABX, CPE, VoIP and Voicemail fraud
This industry-wide problem has increased in recent years, impacting businesses that own or operate Customer Premises Equipment (CPE), typically PABX or voicemail systems which fraudsters can access and make outbound calls [from] domestically or internationally.
Many "feature rich" PABX systems offer functionality such as DISA (direct inward system access) intended for employees to make calls billed to your company account while they are away from the business. Fraudsters know how to access these and bill their calls to you. Likewise, fraudsters know how to access your employee's voicemail services and use these to make domestic or international tolls billed to your account.
The costs associated with CPE fraud escalate very quickly. AAPT are aware of cases that have led to tens of thousands of dollars in just 24 hours. Also, with the increasing number of businesses using Voice-over-Internet Protocol (VoIP), you (the customer) must ensure that the same vulnerability checks are performed by your PABX maintainer to cater for this new technology.
Prevention strategies
1. Never give out technical information about your system to any caller that you are unable to authorise or confirm the identity of.
2. Do not allow your system administrator to maintain factory set passwords for maintenance of your phone system.
3. Introduce a PIN and password management policy where employees are not permitted to use predictable PIN numbers such as the last digits of their DDI, sequential numbers like 1111, 0000, or incremental numbers like 1234.
4. Ensure that PIN numbers are changed on a regular basis.
5. Do not allow unlimited unsuccessful attempts to enter voicemail - configure the system so that 3 [or less] unsuccessful attempts results in a lockdown.
6. Disable an administrator, contractor or employee's mailbox account the moment their employment ceases with your company.
7. If you have staff working outside the office environment or off-shore, let them use an AAPT Calling Card.
8. Schedule regular PABX checks with your maintainer and form a regular risk mitigation strategy to limit any system vulnerabilities.
9. Ensure that your PABX room is locked & secure at all times.
10. Be aware of the overt signs of PABX toll fraud such as short duration calls, inbound hang-ups, a spike in incoming hang-up calls, sudden increases in 1800 usage, or any calls made outside the normal business hours.
11. Check your bill regularly and ensure you can account for all itemised calls.
Calling card
Your AAPT Calling Card number and PIN is a valuable commodity to fraudsters. They frequently position themselves in areas where they can observe you entering your card and PIN numbers, then use these for their own purposes.
Prevention strategies
Be careful ..
1. Be careful when using your AAPT Calling Card on payphones, especially at payphones in busy airport terminals, train stations etc. Get "up close and personal" with the payphone so you cannot be observed entering the numbers.
2. Ensure you are not eavesdropped on if you are placing the call through an operator, either locally or via the Home Country Direct Service if you are overseas - in such cases you will be required to tell the operator your numbers.
3. Commit your PIN to memory, don't write it down on your Calling Card, and don't have it written down and kept within your wallet or purse. Don't disclose your Calling Card number or PIN to anyone calling you - AAPT will never call you and ask for your card number or PIN.
Social engineering
Some fraudsters can be very effective at persuading people of a helpful disposition to disclose information or get them to deviate from procedures, which will enable them to bill calls to your account.
Prevention strategies
1. Don't allow your receptionists or front office people to transfer inbound callers to dial-tone or an external number.
2. Ensure your operators don't deviate from established procedures under the influence of persistent or persuasive callers.
3. Ensure your staff are not duped into disclosing PIN numbers, passwords or Calling Card details.
General housekeeping
1. [Dispose of confidential in-house documents with sensitive material] such as employee names, phone numbers, access codes, etc., in a manner (shredding) which cannot be retrieved by "dumpster-diving" thieves looking for access into your phone systems.
2. Make sure you, or someone from your company review your AAPT monthly account closely and on a regular basis to immediately identify unusual activity early whether it is a PABX or voicemail hack, or simple unauthorised use by people such as contract cleaners or security guards. It is your duty of care to do this.
3. Do not allow casual visitors to your business unsupervised access to your telephone(s).
4. Contact your AAPT Account Manager and/ or your private maintainer immediately if you suspect your business has been a victim of communication fraud.
OUR LIABILITY TO AFFECTED CUSTOMERS
In accordance with our contractual agreement with you, you are liable to AAPT for all charges incurred on your account. It is your responsibility to ensure that your PABX is secure. AAPT will not take responsibility for any misuse, fraudulent or otherwise, of your privately maintained PABX that results in financial or other detriment to you.
If you think you've been defrauded, contact your AAPT Account Manager immediately.
MORE INFORMATION
Fraudsters and criminals are becoming increasingly cunning and sophisticated and are using technology or your good nature to separate you from your hard earned cash.
Scams involving stealing people's identity and using these to commit crime are sweeping the world and unfortunately have also arrived in Australia. These fraudsters can potentially steal money from your bank on-line by remotely stealing your login and password from your computer.
There are a number of prize draw and lottery frauds, Nigerian letter and e-mail scams circulating throughout the world including Australia.
Further information is available on these and other scams (detailing how you can protect yourself) at the following URL's
http://www.scamwatch.gov.au/
http://www.afp.gov.au/national/major_fraud/internet_scams#spyware
http://www.acma.gov.au/WEB/STANDARD/pc=PC_310294
If you think you've been duped or defrauded in any way, AAPT recommends that you contact the Police or one of the relevant agencies listed above.
Print this page
