Toll fraud is real, with a loss of $US38.1 billion ($49.8 billion) in revenue due to communications fraud in 2015 alone. Like all technological scams, people commit toll fraud because it is a brilliantly irritating combination of anonymity, profitability, and scalability. The appeal of toll fraud means it is a severe concern for phone users, including businesses as long-distance per-minute charges add up fast. That’s why we’re here as your local tech experts to break down toll fraud and prevention best practices.
What is toll fraud?
Toll fraud is the use of a telecommunications product or service without the intent to pay. Traditionally, it is when an individual illegally gains access to a customer’s PBX (phone system) and places telephone calls free of charge. In the past, the “hacker” had to have specific knowledge about a business’s PBX to exploit its security weaknesses. This knowledge had to be precise because all the phone systems were proprietary based.
Today the telephone world is working with an ever-increasing number of standards. Most of the PBX’s today adhere to one rule or another. Now the hacker only needs to be able to exploit a single standard to have access to thousands of potential “hacks”. The carriers are also adhering to these standards. Consequently, your PBX is not the only opportunity for toll fraud to occur.
In its 2015 survey, the Communications Fraud Control Association (CFCA) attributed $38.1 billion in losses to fraud.
How to prevent toll fraud
Adhering to the following security procedures will help protect yourself and limit your company’s liability:
Set up a firewall
Session Initiation Protocol (SIP) is often used to create firewalls that help to protect VoIP phone systems from fraud. A SIP-based firewall, which inspects both voice and data packets as they pass through your network, can be used as a filter for fraudulent calling.
Review your call log
Reviewing your call log is another simple but important step in preventing toll fraud. Most VoIP phone system interfaces allow you to track incoming and outgoing calls; be sure to look at these on a weekly (if not daily) basis. Also, ask your carrier how they plan on notifying you when a hack is suspected and how they plan to deal with the situation.
Flag international calls
If your business is primarily domestic, any international call should be a red flag. Companies that do make a lot of long distance calls should be aware of the countries where toll fraud most often occurs. If possible, block international calls and document your request. If not, contact your PBX supplier to discuss options for limiting your potential losses.
Purchase software that stores all of the telephone numbers your users call. Having this data will help you determine if the fraudulent call originated from your PBX or your carrier’s network.
Today’s technology allows us to set predefined rules around suspicious activity. Sending email alerts, for example, giving you visibility and the option to lock down the phone system or simply allow business as usual if you recognise the dialled number.
Toll fraud is a real concern in today’s world, and thousands of dollars of usage can be charged to you in less than a day!