Dial through fraud (DTF) is a process whereby a company’s telephone exchange is hacked by computer literate criminals who hack into the telephone exchange and then program it to allow calls to be routed out again.
The usual modus operandi is then to set up a temporary 'cheap overseas calls' bureau and sell calls typically to India, Pakistan, Turkey and other similar destinations for the cost of a local call and a small fee. The actual cost is just the local call into your telephone system. You pay for the premium rate overseas call.
Service Providers are increasingly vigilant and should warn you of unusual activity but sometimes not until tens of thousands of Pounds worth of calls have gone through your system and onto your bill.
I have been instructed as an expert witness in many such cases. A notable early case was The Simkins Partnership –v- Reeves Lund in the High Court in 2003 where I was able to show that the telephone maintenance company had not locked the system down again after routine maintenance. Hackers opened the system and thousands of calls were routed through the law firm in a matter of a few weeks.
In a recent case in the Birmingham TCC expert evidence was again crucial and I was able to show that the fraud had been started in the client’s telephone system but actually then carried out externally. The ruling; published in June 2014 found that the use by fraudsters of the system and the charges that resulted did not constitute use by the client and therefore the client was not liable to pay for that usage.
Preventing Dial Through Fraud
Both cases were won and the expert evidence was pivotal but it is much better to prevent the intrusion in the first place to avoid your business accumulating substantial or even crippling phone bills without your knowledge. By following these simple guidelines, you will significantly improve your security:
- Make sure all access to your telephone system is protected by strong passwords.
- Only those who really need to gain access should know the passwords. If your supporting organisation needs access, provide them with a temporary (time limited) password.
- Get your telephone system maintainers to check that only handsets that must be able to dial overseas have the security rights to do so. Lock all the others down.
- Find out how proactive your service provider is in detecting DTF. Call them or write and ask.
- Read the contract carefully! - who will get left with the bill if you are hacked.