Hosted Phone Systems = Hacked Phone System
Here is yet another reason why I always strongly suggest NOT having a hosted phone system service such as what you would get at RingCentral, Vocalocity, or Fonality. Having to buy less hardware sure is tempting however the security risks are definitely not worth it.Take a moment to read the article below that I found over at infoworld.com that details a recent hack on a hosted phone system. It’s just not worth risking your companies reputation to have a lower hardware acquisition cost. Either way a hosted phone system will end up costing you more in service cost then having an onsite phone system.
At fullserviceit.com we only install onsite phone systems for these very reasons.
The next day at 8 a.m., we were back at the offsite location, ready to test everything once more before returning to the home office. At 8:15 a.m., we got a call from the vendor inquiring if we’d had a break-in the previous evening, occurring just after 5 p.m. We were quite sure we hadn’t since we’d been standing outside the door talking until 5:15.
He explained that shortly after the system went to night ring, there were 19 calls of 10 seconds or less placed to a number in Africa. Each call was charged at several hundred dollars. Fortunately, the vendor’s tech staff were online, noticed the call log, and immediately disabled international calling from that location.
We quickly verified that those calls had not originated from our site, and a couple of hours later, the vendor reported back with the results of the inquiry.
It turned out one of the vendor’s former employees had stolen and cloned the credentials for one of the phones given to us. Though he was no longer employed by the company, he apparently still had access to monitor the phones, which he used to watch for the same media access control ID to be deployed.
At the same time, the ex-employee registered a phone number with an African phone service, similar to the way a 900 number works in the United States. Just by dialing such a number, the caller consents to the charges, which can run into several hundred dollars, depending on how the person sets it up. It soon became a waiting game for him.
When the opportunity arose, he acted quickly. He could tell we were on the East Coast and simply waited for 5 p.m., figuring it was the common quitting time. He called the office to test for a night ring, got it, and began to dial the number in Africa over and over again before the vendor saw and cut him off. The vendor understandably didn’t disclose any more details about the depth of the ex-employee’s shenanigans.