August/September 2016
NIZIOLEK
some of the things corporate IT managers should consider to curb mobile costs:
Extending the device refresh cycle is a fundamental measure companies can use to
save costs.  e last few generations of iOS devices have not delivered material functionality enhancements. Additionally, there is not much that can break on today’s devices (other than the screen). Until there’s some great new innovation, extending the life of devices beyond the initial two-year subsidy period can provide the bene t of reduced monthly plan costs, particularly with AT&T Mobility.
Look at alternatives to iOS. 85 percent of companies use iOS as their primary mobile platform. Apple devices are more expensive than most Android-powered equipment. Android’s issues with security and fragmentation are now history and the operating system is much more enterprise ready. Look for costs savings here
while also gaining the bene t of more memory. Data consumption drives cost. Voice and
messaging – the pillars on which the mobile industry was built-- have been commoditized and are now o ered on an unlimited basis. Carriers see big bucks in the massive demand for data.
 is makes managing and forecasting your enterprise data consumption critical tasks in controlling cost. IT managers need to scrutinize their policies and evaluate the data consumption implications of new application deployments (or have a partner do it).
Understand what is driving data consumption within your organization. Most users average
a reasonable 1-2 gigabytes a month, but there’s always some head-scratching end-of-month report of some users gobbling up 99 gigs or more. It usually comes down to video and
audio streaming that drives that kind of costly
consumption. Look to curb consumption by leveraging Wi-Fi at home and o ce locations. Additionally, consider Enterprise Mobility Management solutions that can empower companies to administer corporate policy and block the streaming or downloading of data that is expensive and counterproductive to business needs.
As most businesses are international today, make sure you are buying the latest carrier international plan o ers. For years, carriers enjoyed the bene t of high margins for voice and data roaming.
 at veil has been removed, but enterprises have to be proactive to ensure they pay the lowest rates possible. 80 percent saving or more are possible compared to legacy international plan o ers.
We all do business in a world of multiple vendors and multiple billing systems –
Telecom Reseller 17 continued from page 13
however the challenges addressed above
can be signi cantly simpli ed by leveraging Mobility as a Service (MaaS). MaaS is a similar concept to So ware as a Service (SaaS) that has revolutionized the corporate IT departments by providing  exibility and scalability to enterprise customers.
MaaS enables companies to focus on their core business goals while outsourcing the management and budget control of their mobile devices, carrier plans, and mobile services. By employing a solution such as MaaS, you can centralize your company’s mobile technology oversight to make sure what you’re buying is necessary and what rates you are paying are fair.
 e last decade has demonstrated that the only constant in mobility is change. No one can predict every change as it occurs, but e ective mobile management requires constant review of your environment. ■
To repair, recycle or trade-in old headsets...that is the question!
MULLIGAN
by Cindy Mulligan, Owner of Hands-Free Communications (hands-freecommunications.com)
As a headset vendor and manufacturer’s rep I’ve met many call center and IT managers and, without fail, one of the  rst questions I get is “what do I do with this box of old headsets?”
And, I’ve discovered that in most cases
they have no idea what headset models they have, whether they are in our out-of-warranty, or if they have a trade-in value. Now this is completely understandable because the last thing they have the time or desire to do is become headset experts.
So this is my PSA for those having to deal with this issue. First and foremost, headsets are wearable technology and they’ve encountered sweat, saliva, hair products, etc., so invest in some gloves... safety and sanity  rst! Second, headsets are e-waste and must be recycled. However, before deciding to just recycle you should check their warranty status or trading-in value. Imagine how pleased upper management will be when they learn that you got made or saved money o  the pile of old headsets. Can you say Employee of the Month? But, in the infamous words of Brad Pitt in the movie Seven: “What’s in the box?!” Here are tips to determine the headset models, warranty status and trade- in values.
MODEL AND WARRANTY
Major brands such as Plantronics, Jabra, Sennheiser, etc., carry two to three-year warranties. Bluetooth headsets carry limited one-year warranties.
 ey’re not worth repairing nor do they have trade-in value, so you should put them in the recycle pile. Now  nd the boxes that the headsets came in.
You don’t have the boxes? No problem! Corded headsets have plastic tubes clamped on the cords and that’s where you’ll  nd the model number and warranty info.  is information is also on the base of wireless headsets.
Manufacturers typically add three months to manufacture dates, to cover shelf-life, or
VPhishing and Vishing
ishing is a phishing attack Part 2 of 3 with each other. Services that were once conducted by telephone, usually disjointed are now combined. Broadband targeting Voice over IP (VoIP) users, phone services send calls over computer
such as Skype users. Vishing exploits public trust in landline telephone services and is difficult for authorities to monitor and track. Scammers can fake caller ID data and hide behind bill-payer anonymity to dupe victims.
VOICEMAIL OVERLOADING AND PHONE NUMBER HARVESTING Voicemail overloading is also referred to as spamming over Internet tele- phony. Much like getting spam email, a VoIP user can get junk voice- mails. Spammers simply send a voicemail message to thousands of IP addresses at a time. Because voicemail spamming is as easy as email spamming,
a VoIP user can get a lot of junk voicemails quickly.
Phone number harvesting can refer to a few different things. Regarding cellphones, number harvesting occurs when users download free ring tones from a site that, in turn, uses the numbers to push advertising messages back to the phones. Number harvesting also describes a VoIP attack in which an attacker monitors incoming and outgoing calls on a VoIP system, building a database of phone numbers. The attacker uses the numbers to make unauthorized calls, for voicemail overloading, or for other deceptive purposes.
SELECTING THE BAIT
Thieves may employ a number of phishing strategies to bait victims. All the emotional appeals, sense of urgency, and timing work exactly the same way as in other forms
of phishing. What changes is mostly the delivery: In the case of vishing, voice- based telephony is the delivery system.
SETTING THE HOOK
Vishing hooks may use callback numbers and automated recordings. Victims take the bait, dial the callback number, listen to the recording, and reveal sensitive information. Large-scale operations may employ an answering service or a call center unwittingly participating in the fraud. Hooking victims through vishing is nearly identical to hooking them in other forms of phishing; it’s mainly the delivery
SJOUWERMAN
networks. The connection points to older phone networks create openings for criminals to commit phone fraud. Just
as mobile banking services set the stage for smishing, VoIP extends phishing-like attacks to Internet telephony.
Broadband phone services allow users
to acquire phone numbers with area codes in remote cities. Distant criminals can create the illusion of calling from local organizations. In some cases, intruders find ways around network defenses and actually do make calls from legitimate organizations. Proprietary VoIP protocols only worsen the problem by making it difficult for security experts to combat VoIP vishing.
Several other factors contribute to the success of vishing:
● Inherent trust placed in telephone systems, especially compared to Internet messaging
● A reachable phone-using population
● General acceptance of automated phone systems
● Common usage of overseas call centers with foreign callers
● Flexibility of voice and text recognition
● Tailored phone calls that seem more personal to the victim
Vishing isn’t limited to VoIP services with user-specified prefixes and identification. Third-party companies offer phone spoofing services, allowing callers to pay for anonymity. Some services provide VoIP for private branch exchange (PBX) systems, which connect the internal telephones of a private organization. These services also allow companies to select arbitrary phone numbers, and thieves use this situation to their advantage.
IP telephony creates the opportunity for vishing attacks because of its social and technological reach. VoIP allows criminals to reach anyone, from any location in the world. Sending, receiving, and automating calls, as well as routing traffic through proxies involves minimal cost. Advanced vishing may use a malware agent to handle message delivery. An example of a malware agent is a botnet, which is a network of remotely controlled computers, usually meant for malicious purposes. ■
By Stu Sjouwerman, founder and CEO of KnowBe4 (www. knowbe4.com)
mechanism that’s different.
A VISHING EXAMPLE
Let’s examine an example of a vishing attack:
● The thief uses a list of numbers stolen from a financial institution, a war-dialer to automatically call numbers, and a legitimate voice messaging service. The spoofed caller ID shows a legitimate organization name.
● An automated recording alerts the consumer to the bait. The recording urges the victim to call a fake number for one
of a variety of reasons, such as account expired, account overdrawn, fraudulent activity, billing errors, or whatever suits the scam.
● The victim dials the provided number, which plays an automated recording. Voice instructions direct the victim to provide credit card or account numbers.
● The thief captures any other necessary details, such as security PINs, expiration dates, date of birth, and other important information.
For example, residents of Elgin, Texas, received automated calls from fraudsters claiming to represent KCT Credit Union and First Community Bank. In New
York, recordings claimed to represent Cattaraugus County Bank and Mt. Vernon Money Management. In vishing attacks, sometimes the banks and credit unions are identified by name. Sometimes the callers pose as travel agents or lottery officials for unknown agencies. In every case, these callers offer only lies and deceit.
WHY SMISHING AND
VISHING WORKS
Vishing works because of technology convergence—that is, the merger
of formerly separate and distinct technologies. Systems that were once isolated from each other can now interact
MULLIGANcontinuesonpage 22 ››