8th October 2014 – Comms Council UK Autumn Workshop – Convergence Summit South Sandown Park ‘Telecom Fraud – Part 2 – Prevention is Better than the Cure

Please Note: This event has already taken place. Click here to see future events

On 8th October, ITSPA, with 55bcb105-8f57-4586-9faf-fd37e3d612e3, held a workshop on fraud as part of Convergence Summit South Conference, which was well represented by ITSPA members.

Prevention is Better than the Cure

was kindly sponsored by Yealink

The agenda was as follows: 1) Telecoms/VoIP Fraud – the current state of play and how bad is it?

2) An outline of three specific types of fraud and what to do to tackle it - PBX Hacks - Accessing SIP credentials - Identity spoofing

3) ITSPA work with Law enforcement and the plan ahead in tackling this problem

4) Panel Q&A – How to prevent fraud, spot fraudsters and adhere to best practice

The workshop was both well attended and informative, containing a great deal of valuable information in a session of just over an hour, with demand for more follow up at a future event. The event began with Simon Woodhead, CEO of Simwood, outlining the theme of the workshop and explaining his and Simwood's recent work to raise awareness of the seriousness of VoIP fraud, including their own 'honeypot' as well as the analysis that Simwood have provided. He concluded by making the prediction that attendees would not act on the advice contained in the session, and challenged them to prove him wrong.

David Cargill then provided a omprehensive section on PBX hacking and CLI spoofing. David outlined what PBX hacking is, explaining the growing nature and damage caused by the problem, and then explained 5 key recommendations that should be followed. He also pointed out that ITSPA has produced two documents that provide excellent advice regarding this issue: 'The Recommendations for secure deployment of  an IP-PBX' Best Practice document and the recently published 'Recommendations for Provisioning Security' Best Practice document. A summary of CLI spoofing then followed, with scams such as 'vishing' and 'swatting' being outlined before a number of steps on how to combat these problems were raised. David also provided a summary of ITSPA's on-going work to tackle this problem through collaborating with law enforcement agencies.

In his presentation Steve Watts of Yealink focused on security from a SIP end perspective.  A great number of security procedures were outlined by Steve, which fell under the categories of: provisioning security, network access security, conversation security, privacy and application security. In conclusion, he summarised that a multi-faceted approach would be the best path for attendees to take.   Colin Duffy's presentation provided an outline of Voipfone's own fraud experience, principally focussing on a standard hack as well as credit card fraud. Colin provided a detailed and highly useful run through of Voipfone's recent experiences of fraud and the steps that it has taken to combat the hack attempts. He also recommended that attendees read the relevant parts of Europol's recent report on Internet crime which is available here.

The session concluded with Simon Woodhead returning to the stage to provide details of a range of no cost solutions that could be adopted (including using a carrier with realtime billing, using the 'honeypot' data and being cautious when using auto-provisioning) before then initiating a question and answer session with the audience. The afternoon was highly constructive for all those that attended and there was demand from the audience for a further session to explore the issues raised in further depth.

 

Upcoming Events:

11 November, 2021

TBC

The joint dinner with Cavell Group is back in November. Please add the date to your calendar and we’ll share the booking details soon…….

14 October, 2021

Nawaab, 27 Wellington Street, Leeds, LS1 4WG

The Comms Council UK Curry Club is back! We are re-starting the informal industry dinners in Leeds. This event is open only Comms Council…

22 July, 2021

Online

The registration for SIP Forum’s STIR/SHAKEN Virtual Summit is now open. The webinar series will be presented by the experts leading the development of…

23 June, 2021

Online

Comms Council UK members are invited to our webinar on the implementation of the European Electronic Communications Code (EECC). The EECC brings substantial changes…