What is toll fraud?
Toll fraud, or VoIP fraud, starts when hackers hack into your PBX and gain access to your phone system. From here, they can make unauthorised, illegal calls to pretty much anywhere in the world. The stolen call time is passed off as legitimate traffic, for example in the form of callings cards or low-priced calling tariffs.
Toll fraud is almost always linked to organised criminal activity, with gangs purporting to be legitimate businesses.
The worst part is, businesses are often left unaware that they have been victims of fraud until they receive eye-watering bills for what could be thousands of pounds.
How to prevent toll fraud
The good news is there are a few simple steps you can take to keep your business protected from toll fraud:
1. Use strong passwords
This may seem like a no-brainer, but you'd be surprised how many businesses don't put any effort into setting passwords. After all, they can be your best defence against potential attackers.
At the very least, you need reset the default password on your PBX. When choosing a new one, be sure to include a mix lower and upper case letters, special characters, and numbers that don't relate to your name or any other public information.
It's also a good idea to reset the password every time someone leaves the business. It's nothing personal - just good practice!
2. Set up a firewall
Session Initiation Protocol (SIP) can be used to create firewalls that help to protect VoIP phone systems from fraud. A SIP-based firewall inspects both voice and data packets as they pass through your network. Although not a 100% guarantee for complete protection, firewalls will serve as security measures, automatically alerting you of possible breaches.
3. Restrict international calls
If your business is domestic, it makes sense to restrict international calls entirely. Most VoIP systems can be configured to do this quite easily.
If you need to make a lot of international calls, you may want to consider adding an extra layer of security, such as an authorisation code that is required before making any international or long-distance calls.
4. Review call logs regularly
Most VoIP phone systems come with an interface that will allow you to track incoming and outgoing calls. Make sure you take full advantage of this, reviewing your calls on a weekly basis at the very least.
If your business is primarily domestic, any international calls are a big red flag. If your business regularly makes long-distance calls, be sure to keep an eye out for any calls to unexpected countries, including the most commons countries for toll fraud to terminate:
- Latvia
- Gambia
- Somalia
- Sierra Leone
- Guinea