Toll Fraud Bulletin
Over the past several years, The University of Texas at Austin has been hit with an increasing amount of telephone toll fraud. Please read the following information to learn more about Toll Fraud and to learn how to avoid being a victim.
What is Toll Fraud?
Toll fraud and long distance abuse are the unauthorized use of long distance telephone services. They include not only those who steal authorization codes and use or sell them to others, but also any University employee who uses the University's long distance system for purposes other than official business. It is against the Rules and Regulations of the Board of Regents (Part II, Chapter VII, Section 6) to charge personal telephone calls to a University of Texas account either by using University telephone authorization codes or University credit cards. Improper use of the University telephone system for toll calls may subject the employee to disciplinary action and penalty charges.
Toll fraud/abuse is theft. It is not a harmless prank but a serious offense which can result in felony charges. It is estimated that toll fraud in the United States exceeds one billion dollars per year and continues to rise. The extent of toll fraud and the problems caused by it are far reaching.
The University is not the only agency that is forced to put restrictions on calling capabilities and enforce more stringent security measures. On April 13, 1992, Canada began blocking the use of calling cards to any overseas destination. All calling cards, whether from Canadian, American or foreign telephone companies were affected by the restriction. What caused such drastic actions? An investigation by Bell Canada showed that calling card fraud from pay phones was causing losses of $500 for every $10 they made. While Bell Canada knew that such restrictions would inconvenience some customers, it felt that security measures had to be implemented. Its losses were amounting to over a quarter of a million dollars a day!
As long distance carriers improve security, more and more toll fraud is directed toward customer owned PBXs. Long distance companies no longer bear the cost of toll fraud that affects businesses and universities that own their PBXs as the University does. They maintain that costs stemming from toll fraud are the responsibility of the user. For this reason, the University is finding it necessary to incorporate greater security measures, restrict calling capabilities and hold users responsible for toll fraud except in cases where weaknesses in our system allow hackers to obtain codes. The University has always had a means of detecting hacking attempts and, two years ago, Telecommunications and Networking implemented tighter security measures for accessing the University's long distance system from off campus. Since that time, no codes have been compromised due to hacking.
Toll fraud that originates from campus numbers is usually due to lack of proper care of codes such as letting others use your code, leaving it written in places that are not secure or using it at fax machines that print activity reports showing the code as well as the phone number called. One department lost over $6,000 due to careless handling of a code. Toll fraud often involves remote access to the University's long distance system since calls can originate anywhere in the United States and be placed to anywhere in the country (or, until recently, to anywhere in the world). Codes that allow such wide access are valuable and can be sold easily.
Toll fraud ranges from people who think they can make a few "free" calls, to sophisticated call-sell operations that result in charges of hundreds of thousands of dollars. Once compromised, codes can be rapidly distributed, sometimes via electronic bulletin boards. Thousands of calls may be made long before a customer receives a bill and notices the unauthorized use. Take precautions. Remember, departments are responsible for all charges for the use of authorization codes which they have requested for their staff.
How to Avoid Becoming a Victim
Treat your authorization code the way you would treat a credit card.
Do not let others use your authorization code or calling card. The more people who share a code, the less accountability there is and the more difficult it is to determine which calls on the long distance bill are legitimate. The rule should be, one code for each person. Additional codes can easily be obtained from Telecommunications and Networking. Cancel authorization codes and calling cards immediately when an employee leaves.
When canceling a code, do not print the authorization code on the cancellation request. Telecommunications and Networking needs only the employee's name as shown on the long distance bill and the account that is charged.
When requesting long distance privileges, carefully consider what is needed and assign only those capabilities that are required. Request international and remote access capabilities only for those who must have them.
Memorize your authorization code and dialing instructions.
Beware of social engineering scams. Do not give your authorization code or calling card number to anyone simply because they claim to be from the telephone company or from Telecommunications and Networking. Authorized personnel already have access to that information. If you are unsure of the person calling you, get their name and phone number and offer to call back. Legitimate employees will not mind that you take precautions. Check and see if the number is actually a telephone company number and call to see if the person really is an employee.
Use caution when traveling and making calls from public telephones in airports, hotel lobbies, etc. Beware of "shoulder surfers" -- people who watch over your shoulder as you dial the phone. If you do not put a coin in the phone, the shoulder surfer knows you must use some type of calling card or code to complete the call. Some shoulder surfers use binoculars to see from a distance the numbers you dial. One person was caught nonchalantly aiming a video camera at a bank of pay phones as people dialed. He would go home and watch it in slow motion to determine the string of digits that allowed long distance access. Shoulder surfing accounts for a large percentage of all toll fraud. When calling from a public phone, be aware of people around you. Stand in front of the keypad to block the view. In a recent incident involving shoulder surfing, a University department suffered a loss of over $12,000 in three days. The importance of taking precautions against this scam cannot be overemphasized.
Use caution when throwing anything in the trash that has an authorization code written on it (scraps of paper, old phone directories, fax machine activity reports). Always obliterate the codes before doing so. Dumpster diving is a popular and profitable sport. UTPD recently notified Telecommunications and Networking of students who admitted to going through dumpsters in search of authorization codes.
Be sure all users review and initial the call detail provided with the long distance bill as soon as possible.
Report any unauthorized calls to ITS Long Distance at 512-471-5711 and cancel compromised codes immediately.
Last updated November 16, 2012 @ 4:04 pm