Festive Fraud
As the festive season approaches, it's important to stay vigilant for fraudulent activity, especially as offices begin to close for the holiday. Unfortunately, the festive period sees an increase in fraudulent activities, with cybercriminals taking advantage of the busy and celebratory atmosphere to exploit vulnerabilities targeting IT and Telecom infrastructures.
Below is a list of precautions to take this festive period.
Telephone system specific considerations
Voicemail
Ensure your voicemail have passcodes set. Change from factory default avoiding generic or predictable codes, e.g. 1234 (0000 is known to fraudsters as factory default). Delete any voicemail boxes or extensions no longer in use. Be sure to configure your system so that three unsuccessful voicemail access attempts results in call failure or a voicemail lockout. Disable Call Through or set restrictions if this feature is required on the voicemail port to ensure call forwarding is only allowed within local area codes
Auto Attendant
Block your automated attendant option to dial outbound, a common tactic used by fraudsters.
Premium Numbers & International Calls
If possible block or restrict premium rate & international calls. Restrict calls out of business hours, e.g. during evenings, weekends and public holidays
Report & Action Unusual Events
Report and action repeated ring once events to your maintainer, silent calls events to your maintainer or repeated strange and silent voicemail messages (fraudsters are testing you)
Published Numbers
It is not wise to post a complete list of DDI numbers.
Upgrade from Digital to VoIP
Digital phone systems tend to be breached more often than a VoIP PBX or Cloud Based Phone systems. This is because they tend not to be consistently updated with software security enhancements and patches.
Check web site security:
Before entering personal or payment information, make sure the website is secure. Look for "https://" and a padlock icon
Ensure software is up to date:
Ensure that your operating system, antivirus software, and browsers are up to date. Cybersecurity vulnerabilities are often patched in updates.
Secure your devices
Ensure that your devices have updated antivirus software and consider using security features like device encryption.
Use strong passwords
Create strong, unique passwords for your online accounts. Use a combination of letters, numbers, and symbols, and avoid using the same password across multiple sites.
Enable Multi Factor Authentication (MFA)
Whenever possible, enable MFA for your online accounts.
Beware of Phishing
Be cautious of emails, messages, or advertisements that seem suspicious. Cybercriminals often use phishing techniques to trick users into providing sensitive information.
Backup Your Data
Regularly backup your data, including Microsoft 365 users, to prevent loss in case of a security breach. Ensure backup systems are secure and regularly tested
Use Trusted Websites:
Stick to reputable and well-known websites for your online shopping. Look for the "https://" in the URL and a padlock symbol, indicating a secure connection.
Be wary of Public WiFi
Avoid making online purchases when connected to public Wi-Fi networks. These networks open your employees to malware, encrypted networks, Man In The Middle attacks and more. If you need to shop on the go, consider using a Virtual Private Network (VPN) to encrypt your connection.
Log out after making a purchase
Always log out of your accounts after making a purchase, especially if you are using a shared computer or device.
Use a credit cards
Credit cards generally offer better fraud protection than debit cards. They often have more robust security features, and you are typically not held responsible for fraudulent charges.
Check your bank and credit card accounts
Regularly review your bank and credit card statements for any unauthorized transactions. If you notice anything unusual, contact your bank immediately.