It’s sad to say, but criminals are trying to access your company’s phone network to make calls. It could end up costing you thousands of dollars and they could be trying to do it right now! It’s a scam known as Toll Fraud or Phreaking. Globally, it costs billions of dollars per year in phone charges for calls that companies never made.

Hackers can illegally access your phone system and initiate calls to premium rate numbers overseas. Each call they make results in them pocketing a percentage of the fee. They can do this from virtually anywhere in the world using automated tools, making you an easy target.

Here are some steps you can take to protect yourself.

Toll fraud monitoring

Consider implementing automated software that monitors your calls. It sits patiently in the background, monitoring call traffic, looking for abnormal call patterns. Once detected, it prevents further calls, saving you money. It’s an affordable, easy to implement solution - think of it as an insurance policy for your phone bill.

Network security

Session Border Controllers (SBC) are like firewalls for phone systems. They monitor all phone traffic looking for a wide range of security threats and can instantly cut off access. An SBC is mandatory if you have staff using mobile clients on their smart phones or you are using SIP trunks over the internet.

Passwords

Your phone system is only as secure as your passwords. If you haven’t changed the default passwords - you are asking for trouble! This is critical for remote access and maintenance tools since it can give hackers access to your complete network. It is also important for your employees’ voicemail box as well. Voicemail systems can allow calls to be forwarded to external numbers. Once compromised, calls to your voicemail will be redirected to a premium rate number - at your cost!

Turn off what you don’t use

Your employees unfortunately move on to other jobs. When they leave you obviously cut off their access to email and IT systems. You need to do the same for the phone system. Not that they will try to hack you, but unused phones can cause a security risk. If compromised, you may never know that the phone is being used to make calls until you receive your next bill – ouch!

Not everyone needs to call Zimbabwe Not every staff member needs to be able to call international numbers. Ensure employees can only call the numbers that are required for them to do their job. This stops staff making unwanted calls or phones in common areas being accessed by visitors and raking up hundreds in unwanted phone charges.

Training is key

Employees can’t be expected to protect your business from something they don’t understand. Spend time educating your staff on the dangers of toll fraud and the simple steps they can take to ensure they don’t become a victim:

  • Choose strong passwords for voicemail access – don’t use 0000, 1234 or their extension number.
  • Never give out phone extension and password details to anyone that asks.
  • Log out of phones when they go home – especially in hot desk environments.
  • Never click on links or install software from people you do not know.
  • Watch out for visitors or strangers accessing phones without permission.
  • Report strange phone activity, such as not being able to log in to their phone or always getting busy tone when making outbound calls.

Stay safe.


Steve Woff
Senior Product Manager
steve.woff@nec.com.au