One of the ‘most popular’ telephone fraud schemes, is toll fraud. Let’s have a look at what toll fraud is and what we can do about it.
What is toll fraud?
It is called toll fraud when criminals get unauthorised access to a phone service or company network and use it to place illegal and expensive calls. Often people think it is all about making long-distance calls but that may become less of an issue. Today, there are plenty of ways to make cheap international calls, like Skype. Also, the costs of international calling will reduce over time. No, in my opinion, a much bigger risk is toll fraud where on purpose someone’s telephone access is abused to make calls to expensive premium numbers. The fraudsters operate these premium numbers themselves and the premium which is accidently paid by the victim means a direct profit for the criminal.
Financial risks of toll fraud
In the most severe cases, it is possible for a hacker to steal hundreds of euros per hour per access. If you multiply this by the number of phone lines that simultaneously can be abused, we are talking about serious numbers. Many market experts claim that toll fraud damages are even twice as high as the financial impact of credit card fraud.
How does toll fraud work?
The essence of toll fraud is that the criminal get unauthorised access to the phone system. There are different scenarios for that. I won’t describe them all, but very often it is done via the corporate voicemail system or automated attendant functionality. For example, malicious scripts are available which detect open VoIP ports and use them to access the company telecom network. From there, the hacker can try to access the voicemail or attendant functions. These features are often weakly secured with default passwords or pin codes, and they can be used to initiate outgoing calls.
Of course, there is also a more straightforward scenario. In many offices, all phones are open and not secured by a pin code or password. Anyone present in the building can take a phone and make any call to any destination number.
How to prevent toll fraud?
Toll fraud prevention comes in two flavours: either make restrictions to what is possible when someone has access to the phone system or ensure that the phone system security is up to date. We discuss both options here.
Make restrictions to the phone use
If it is easy to get access to a phone line but it cannot be used to make expensive calls, we already minimise the risk of toll fraud. So, blocking outbound calls to expensive destination numbers may work. The same applies for restricting after-hour calls or limiting the call forwarding and transferring possibilities. However, this also means that you limit the flexibility of your employees to do their work whenever and wherever they want.
Make the telephony system more secure
Therefore, securing the telephone network itself may be a more rewarding approach. This starts simple, for example by changing default passwords and use passwords with sufficient characters and symbols. But also basic management actions like cleaning up old extensions, devices or mailboxes will contribute to the security. And of course, it is worthwhile to check whether your corporate telecom system runs te latest software versions.
Make telephony security as easy as possible
Last but not least, make security easy for your employees. You may notice that the recommended long and complex passwords don’t work since people forget them. Or you see that they hate it to enter passwords or pin codes using the basic telephone keypad. And that they, as a consequence, leave their phones always logged in. In such case, consider a different approach.
For example, consider the use of VoIP Single Sign-On software. This software synchronises the computer network security with your VoIP security. It means that whenever the user logs into his or her computer or laptop, the associated telephone on the desk is automatically signed in as well. It will probably make toll fraud via abandoned desktop telephones something from the past.