Over the past several months, UC Berkeley has been hit with an increasing amount of telephone toll fraud. Toll fraud ranges from people who think they can make a few "free" calls using illicitly obtained authorization codes and calling cards, to sophisticated call-sell operations that result in charges of hundreds of thousands of dollars. Once compromised, codes can be rapidly distributed — one distribution method is via electronic bulletin boards. Thousands of calls may be made long before a customer receives a bill and notices the unauthorized use. Take precautions. Remember, departments are responsible for all charges associated with phone authorization codes they have requested for their staff.
Some tips to help avoid becoming a victim of toll fraud
- Do not respond or return calls to people you do not know.
- Do not share personal information via voicemail or email with anyone.
- Treat your phone authorization code the way you would treat a credit card.
- Do not let others use your authorization code or calling card. The more people who share a code, the less accountability there is and the more difficult it is to determine which calls on the long distance bill are legitimate. The rule should be, one code for each person. Additional codes can easily be obtained from IST.
- Memorize your authorization code and dialing instructions.
- Beware of social engineering scams. Do not give your authorization code or calling card number to anyone simply because they claim to be from the telephone company or IST. Authorized personnel already have access to that information. If you are unsure of the person calling you, get their name and phone number and offer to call back. Legitimate employees will not mind that you take precautions. Check and see if the number is actually a telephone company number and call to see if the person really is an employee.
- Beware of "shoulder surfers" — people who watch over your shoulder as you dial the phone. Shoulder surfing accounts for a large percentage of toll fraud. When calling from public telephones (such as in airports, hotel lobbies, etc.), be aware of the people around you and stand in front of the keypad to block their view. If you do not put coins in the phone, the shoulder surfer knows you must use some type of calling card or code to complete the call. Some shoulder surfers use binoculars to see from a distance the numbers you dial. One person was caught nonchalantly aiming a video camera at a bank of pay phones as people dialed. He would go home and watch the video in slow motion to determine the string of digits that allowed long distance access. The importance of taking precautions against this scam cannot be overemphasized.
- Use caution when throwing in the trash anything that has an authorization code written on it, for example, scraps of paper; old phone directories; fax machine activity reports. Always obliterate the codes before doing so. Dumpster diving is a popular and profitable sport.
- When people leave the employ of your department, cancel their authorization codes and calling cards immediately.
- When canceling an authorization code, do not include the code on the cancellation request. IST only needs the employee's name, as shown on the long distance bill, and the account that is charged.
- When requesting long distance privileges, carefully consider what is needed and assign only those capabilities that are required. Request international and remote access capabilities only for those who must have them.
- Be sure all users review and initial the call detail provided with the long distance bill as soon as possible.
IST is available to answer any questions you have regarding toll fraud, or any other unauthorized telephone activity. Contact us at 642-8500 (option 1, submenu 3).
Sidebar: A recent example
IST has been informed that some campus customers are receiving voicemail messages that ask them to return calls to the telephone number 011-855-474-4022, as well as another number in the same 855 area code. Dialing these numbers will connect you to locations in Cambodia (South Asia) with charges starting at $5.49 for the first minute. Do not return these calls unless you happen to do business in that area of the world, and you know who is calling you.
In the event you receive this type of voicemail message, or any message requesting you to do anything unauthorized, contact IST, 642-8500 (option 1, submenu 1 for voice repair), and provide the following information so IST can trace the potential fraudulent activity:
Neither IST nor AT&T, the campus's long distance carrier, will ever ask you to return an international call, or ask you to provide personal information, such as your calling-card number, your password to voicemail, or any other confidential information. Beware if someone tries to get you to disclose confidential or personal information.