Toll Free Numbers - Not just for Businesses Anymore

How Not to Be a Victim of Business "Tolling"

First it was slamming. Then it was cramming. Now it's "tolling". Just when you thought it was safe to make a phone call again, the phone crooks out there in "phoneland" have come up with a brand new way to steal from your business with their latest phone scam.

If you're the one in charge of reviewing your company's phone bill each month - here's what you need to know to prevent losing thousands of dollars in just a few minutes.

The official phone company term for this new type of fraud is "Social Engineering". The Telecom Agent Association & Chamberlain Communications have coined the catchy word "tolling" to teach businesses about the danger and high cost of this new type of fraud.

The word "tolling" is a variation of the acronym TOL that stands for "Transfer to an Outside Line". A receptionist inadvertently transfers an unknown caller to an outside line - the primary way this new type of fraud occurs.

AT&T states that "Social Engineering is the theft of telephone service, perpetrated by a caller, for the purpose of completing a call with no intention to pay for the call."

How the Tolling Scam Works

Social engineering normally occurs when a caller wishing to perpetrate such a fraud convinces a receptionist, PBX operator or ordinary Centrex user at a business to transfer him or her to a long distance operator.

Once connected, the phone crook or "toller" asks the long distance operator to connect a long distance call (usually to an international destination.) The toller knows that the charge for the call will appear on the line being called from (which appears to the long distance operator as a line at the innocent business.)

If you think this can't happen to your business just ask around at your next business mixer. Informal surveys suggest 20% of businesses have been tolling victims in the last three months. The average loss is $550 in just one day.

"Tolling" Methods - How They Get You

Tolling fraudsters will generally represent themselves as employees of the local phone company who are doing emergency repair phone work for the innocent business in the office building basement or at a "phone box" a block or so away.

They generally tell the unsuspecting receptionist that they "need their help doing a test" to clear up the problem. "Yeah, this is Bill with Pac Bell down in the phone room. We've just about got the phone problem fixed that your president was screaming about. To complete the fix though I'll need your help with a couple short phone tests. Could you please hit 'transfer, nine - zero - zero' on your console there and hang-up?"

Tolling perpetrators may also say they want to measure the connectivity levels on the phone line and if they can't test the call through, it could lead to serious dial tone service interruptions. Phone company service technicians would never have a reason to do this!

A caller could request to be transferred to extension "900" or "800." (9 or 8 initiates the call setup to get an outside dial tone from a customer's PBX and 00 is the dial pattern that gets them to the long distance operator.)

The "technician" may request that the receptionist transfer them to the "test number 910-102-880." (9 initiates the outside dial tone and 10-10288-0 is the access code for the AT&T operator. Any one of several hundred other operator access codes could also be substituted in like 10-10-9000 for MCI/Telecom USA.)

Tollers will call into a large business from the outside and ask the receptionist for an internal extension, say then to the extension owner they've "reached the wrong extension" and then ask to be transferred back to the receptionist. When this call is received back by the receptionist, the call appears to be an in-house call or transfer. The toller will then ask for an outside line or ask to be transferred out while posing as an employee of the firm.

"Tolling" Targets" - Who is at Risk?

Any business that has a PBX, hybrid key telephone system or Centrex lines could be targeted for tolling. As well, businesses having multiple employees that the operator or receptionist wouldn't know by name or voice are often targeted.

Specific recent targets include:

Hospitals
Car Dealerships
Armed Forces
TV and Radio Stations
Law Enforcement Agencies
Schools
Law Firms
Government Offices

Since even the smallest businesses have installed Centrex lines to avoid buying phone systems, even the smallest companies are susceptible to this crime.

"Tolling" Tips-Offs" - How to Know It's Coming

The main tip-off is getting a "repair call" from anyone representing themselves as calling from any sort of telephone company and/or anyone requesting any sort of transfer.

Multiple requests for transfers to extensions 900 or 800.

Background noise as an indicator that the call is originating from outside the business (e.g. cars, trucks or other street noises suggesting that the call may be coming from a pay phone.)

Requests for outside lines or transfers after hours or on weekends when most supervisory personnel are gone for the day.

Preventing "Tolling" Recommendations - What Your Business Can Do

The best policy is not to transfer anyone, ever, to an outside line. If a company decides to allow call transfers however, consider the following

Implement a structured telephone transfer policy with regularly scheduled training for all employees yearly and all new employees immediately.

Do not dispose of information with employee names or titles in public dumpsters. Tollers can retrieve such information and successfully use it to pose as the employees to unsuspecting new company operators or receptionists.

Use "callbacks" to confirm the identity of any caller requesting a transfer. If a person posing as a technician requests an outside line for any reason, ask for his or her supervisor's name, the supervisor's telephone number and the technician's callback number to verify legitimacy.

Develop a password system to approve legitimate transfer requests. Have the password change every 30 days or so and request that password users not write the passwords down anywhere.

Use alternative to employees calling in and requesting transfers. Issue calling cards to employees who travel. Calling cards are a great way to monitor authorized usage while preventing tolling.

As the person in your office responsible for reviewing the monthly phone bills for legitimacy, you'll need to be on the watch for any unusual "operator assisted" calls. Three-hour calls to obscure little countries you didn't know existed are usually your first tip-off. Unfortunately, finding tolling this way means you may have already been hit for several thousands of dollars.

Who's out there to help you before or after this crime has been perpetrated against your business?

Calls to your local phone company, long distance phone company and the folks who work on your phone are a good start. The victimized business is ultimately and solely responsible for footing the bill on this crime however.

Another person who can help is an independent telecommunications contractor or agent. Like stock brokers or real estate agents, telecom agents, such as Chamberlain Communications, offer complimentary consulting in exchange for commissions received. More often than not, your local telecom agent has had recent experience getting a long distance company to forgive these tolling charges in exchange for documented assurances that the company has "protected itself" against repeated tolling attacks.