According to an application vulnerability specialist, Fortify Software, HUB Computer Systems in the US has been hit by a $52,000 phone bill following the unauthorised access of the company IP-enabled PBX by hackers.

"The advent of IP-enabled PBXs, and the facility of remotely- programmable `conventional' PBX systems, means that hackers can – with sufficient time and access - rack up large phone bills on the unfortunate victim's account" said Robert Rachwald, Fortify's director of product marketing.

Of course, it now being holiday season and companies priming for a prolonged shutdown, the risk is even greater for business and the opportunity even greater for the hacker with time on their hands and a little insider knowledge to strike.

IT staff need to take extra care to protect company PBXs by shutting down systems that are unlikely to be used and locking down the ability to reprogram the system remotely.

According to Rachwald, this time of year is one of the busiest periods for phone companies on the international call front, with the result that international call resale fraud is also at its highest. Indeed, the very fact that HUB Computer Systems appears to have been hit by that $42,359.59 phone bill for calls to Bulgaria pretty much proves the demand for fraudulent international calls.

"The modus operandi is always the same - the hackers stand at known meeting and gathering points for international visitors in a given city and then announces they are offering calls home, typically via prepay mobile phones, for a fraction of the normal costs. After that, they simply rake the money in - probably around $5,000 to $10,000 in the case of the HUB Computer Systems telephone hack," Rachwald warns.