T 5.14 Call charges fraud

Call charges fraud in connection with data or telecommunication servers has the objective of transferring the cost for telephone calls or data transmissions to another person, for example by misusing a PBX system. Corresponding manipulations can be carried out in a variety of ways. On the one hand, attackers might attempt to abuse the features available on a PBX system to charge calls. For example, call forwarding or dial-in options that can be programmed remotely are suitable for this. On the other hand, rights can be granted in such a way that incoming "outside lines" occupy outgoing "outside lines". This way, the caller may be connected directly to the "dial tone" when a certain number is dialled from outside, with the cost for this being borne by the PBX system operator.

Along with the technical possibilities, call charges fraud may also be performed by the users themselves. Using various methods, e.g. making telephone calls from other people's telephones, reading other people's authorisation codes (passwords), or modifying personal privileges, an attempt can be made to make calls at the expense of the employer or other employees.