What are Ghost Calls and what can you do to prevent them.
There
has been a noticed increase in the number of ghost calls. There are
several reasons that you might receive these types calls.
Ghost or
Phantom Call- a phone call that when a person answers finds there is no one on the other end of the call. These calls contrast with silent calls where call centers place a call with no readily available agents.
The most likely is that a test call is made to your number
for reasons of building a contact database. However, some scans take place to discover network weaknesses. These represent the ways to
identify the type of ghost call.
Calls
with a caller ID number, but no one there. Phantom call traffic.
Similarities that point to what is most likely taking place:
- Circumstances: Local number as caller ID. The caller never
leaves a voicemail.
The caller ID number is spoofed so that
caller ID details make it very hard to trace back to the originating
carrier and caller. Calling the number may result in "The number has
been disconnected."Or "You have reached a non-working number." Many of
the phone numbers displayed as caller ID are selected because they are local
to the number called. This increases the likelihood of that the call
will be answered and verified. And on the list your number remains.
- Calls that do show up in your CDR records. Checking
your Call Records does show a call with the caller's (possibly spoofed)
number. In this case you can block that number; however, the most likely
result will be that the next test will be from a completely different
number. Many legitimate outbound call centers call and disconnect if a
live person does not pick up the phone. These legitimate companies
usually abide by FCC rules.
- Calls that do not show up in CDR records. These
types of calls are specific and are frequently the result of SIP scanners
probing a phone system. (Note: See below.)
A call is received from a local caller ID. When answered The Call is
Connected to a Call Center:
- Circumstances: A local number shows in Caller ID that when
answered then goes to a call center.
These types of calls
frequently use spoofed numbers as a caller ID so there is no way to easily
locate the caller. However, when answered the call will then
connect to a call center agent after a noticeable minor delay,
who then attempts to sell you something. Some of these call centers
offer legitimate products and some are scam operations. The company that generates the outbound calls may or
may not be associated with any one particular call center. Some
regularly generate millions of outbound calls for numerous call centers,
many of which are in a foreign country. The FCC has made efforts to
stop the most abusive companies and enacted new requirements for
carriers to enact that should ultimately eliminate calls that circumvent
FCC rules.
Phantom Rings or Ghost Calls that are most likely SIP Scans:
- Circumstances: Calls that do not show up in the Call Detail Records or call
logs. Occasionally there are rings or calls that actually derive from SIP scanners.
These SIP scans are probing networks, IP phones and VoIP ATAs for potential
weaknesses. Many result as rings on phones that look as calls that originate from three or four-digit
extensions, like 100, 1000 or 1000 numbers. Or on an in-house PBX
CDR often as "Received call xxxxxxxxxx from unknown host." When these
types of scans occur they are often at night and the phone may ring
constantly. The display might even show "SIPVicious" which
represents the name of the scanner. If answered, there is no one at the other
end.
- What to do if you experience rings from a SIP scan.
First, ghost calls rarely come from a service provider rather, they are
usually the result of a scanner probing SIP ports, primarily 5060. Scans
are made sending SIP invites to random IP addresses looking
for a reply. For
an in-house PBX you should always ensure "best security practices" which
should include setting a default incoming call rule to block unknown
calls. Many hosted VoIP and SIP trunk providers offer instructions, depending on the
phone or endpoint, to configure settings that will prevent these
occurrences. Settings regularly include disabling "Allow IP Call"
and enabling "Accept SIP Trust Server Only." Some devices can be
configured to restrict the source IP and to only allow specific IPs. The IPs
that you then will accept calls from should comprise of the addresses given
to you by your provider.
How to prevent SIPVicious ghost calls.
With
more work at home employees security risks increase. Hosted VoIP or
cloud PBX providers
routinely initiate very tight security control into their platforms that
result in very few intrusions. More limited companies that have their own PBX
phone systems typically lack specialized IT personnel. These smaller
companies often depend on in-house admin or a phone technician to ensure
systems and remote phones are secure. In all cases, ensure firmware of all devices,
like routers
and IP phones
have been updated. PBX
software should have all security patches installed regularly. International
Calling should be disabled if not needed and "best practices" enacted. Use
non-standard ports. The use of
VPNs for remote workers provides distinct advantages, as does the use of HTTPS
and SFTP.
Some IP phones include essential security settings to disable
direct IP calls. For instance, on a Grandstream GXP21xx phone, there is an
important security setting "Accept Incoming SIP from Proxy Only" that needs
to be set to Yes.
On Yealink
IP phones there are two settings;
"Accept SIP Trust
Server Only" needs to be set to Enabled and "Allow IP Call" to Disable. Both
settings should be found under the Features Tab on the General
Information Page.
A "one-ring" phone scam that is different, but one you need to be aware of.
"One-ring" cell phone scam.
- A scam that has been on-going for several years and periodically
resurfaces is distinctly different from other types of
"phantom" calls. Scammers, many from west Africa, use
auto-dialers to call primarily cell phones in the USA with only one
ring. They then hope that the person that received the "missed call"
will instantly call back. The number is an international toll number
and will appear as a charge on your phone bill. The scammers then
receive a large portion from the cost of the call. The FCC has issued
alerts on this scam going back to 2014 and regularly issue updated
warnings when the activity escalates.
Neighbor Spoofing
The term Neighbor Spoofing refers to calls made showing a caller ID
with the first six digits, namely the area code and local exchange of your
locality. The tactic is built upon the reasoning that you might be more
likely to answer the call, believing it may be someone close by. These
calls appear to look like they are coming from a local business or even a
neighbor. Despite present laws preventing these strategies, government
authorities caution that neighbor spoofing and robocall scams are
currently on the rise.
Conclusion
For those companies that have recently deployed work-at-home employees
connected to the office PBX, attention to security remains a high
priority. Keeping employees informed of security intrusions is
essential. Recently there has been an increase in all types of nefarious
activities, however, by remaining attentive to some of the techniques used,
companies can take precautions to reduce risks to a minimum.
Best Practices to prevent unwanted access to your PBX.
Network best practices should include ensuring your phone system's
security vulnerabilities are closed. Most breaches occur to easy targets.
Those that are looking to gain access scan millions of IP addresses
looking for the most vulnerable targets. Ten Tips for Better PBX Security.