Security Alert: Scammers are holding your phones hostage for ransom

I recently read an article in the Chicago Tribune that was actually reprinted from the  LA Times (,0,5710787.story). It described a nightmare similar to what some of our clients have gone through at different times over the past year.

Here is the scenario: all of a sudden (literally) all of their phone lines are taken over by a caller who is posing as a debt collection agency trying to collect on a delinquent account for an “employee”. In none of the cases was the named employee a current employee of my clients. All of the phone lines (in some cases they were SIP trunks, in other cases plain ordinary telephone lines and in two cases they were PRI running over a T1’s for a total of 46 channels) were taken over so that no calls could be received or made. The caller wanted to collect $500 or more dollars immediately. The business could pay- and then they would release the lines. In other cases, IP sets were “spoofed” and the hackers made hundreds of dollars in fraudlent calls that were billed to clients.

Can you imagine how frustrating that is? My clients were enraged. The local police were called – and were not able to do anything about the situation. The FBI Cyber Crimes unit was called – but they could do nothing about it. In each of the cases, other legitimate business numbers were faked (a.k.a “spoofed”) as the calling party.

In each of the cases,  we had to involve the carrier. Out of all of the carriers, SNET reacted the fastest. CBeyond was the most responsive with follow up. With SNET  in about 5 minutes, the nuisance calls were blocked and service was restored. In the other cases, the denial of service took over for a couple of hours. Denial of service attacks ( when hackers install programs on unprotected computers and overwhelm targeted servers) are common in the IP world. It’s a type of attack that is getting more common in the voice world as more companies adopt IP telephony (such as SIP trunks and converged circuits).

There are a few ways to protect yourself.

  1. First and foremost, either install your own Session Border Controller or make sure that your provider has an enterprise level session border controller installed on your circuits.
  2. Make sure that you know how to escalate your case through your carrier.
  3. Ensure that you have their emergency numbers on your cell phone and that you know your account information.
  4. Make sure that you have multiple authorized representatives on the account who can open and escalate trouble tickets.
  5. Know your vendors!  Emergency phone numbers, contact names and emails.
  6. If you are running your own IP equipment, make sure that it is in Stealth DMZ,  behind a firewall, that default passwords were changed and no one (even the most VIP) uses easy passwords.

In addition, the only way that this will be acted on is through involving law enforcement. The FBI Cyber Crimes unit should be notified and the incident should be reported. Helping them will give them necessary information in catching culprits. If you are an IT professional, join INFRAGARD which is a strategic partnership between the Bureau and IT professionals.


About Vic Levinson
Telecommunications and IT professional with over 27 years experience in Business Technology Solutions. Specializing in managed technologies solutions : hosted VoIP, cyber security, help desk, remote monitoring and maintenance, cloud work space and - the works. Founded Prime Telecommunications in 1993 and providing business communications solutions. Cloud Applications- everything from hosted network security, hosted Disaster Recovery, hosted printer management, data centers and colocation solutions for businesses.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: