Toll Fraud, or telephony fraud, is the illegal and unauthorised use of your phone equipment, lines and services. It costs the UK an estimated £1.2 billion every year.
A hacker will gain access to your company phone system in order to make numerous fraudulent calls, often to premium-rate and international numbers. These attacks often take place out of office hours with victims sometimes only realising when their next phone bill arrives. This means attacks can go undetected for long periods of time.
Although there’s no guarantee of being 100% safe, there are ways in which you can protect your business from being a victim of toll fraud.
Monitor call traffic
It’s very important to regularly review traffic coming both to and from your business. Most VoIP phone systems allow you to track incoming and outgoing calls – be sure to look at these on a weekly, if not daily basis. Additionally, if your business primarily operates in the UK, any international call could be a red flag. Businesses that do make numerous long-distance calls should be aware of the countries where toll fraud most often occurs.
Onecom customers can benefit from a fraud monitoring service which looks at your account and call logs and when anomalies are detected, our support team are alerted and will contact you to help mitigate the impact of fraud on your business.
Although it may seem obvious, passwords are one of the best weapons you can use against toll fraud. All passwords for your telephone system and voicemail applications should be strong and changed on a regular basis. Default system passwords or one using your name is not ideal and puts you at higher risk.
When you create a new password, be sure to include a combination of lower and upper-case letters, special characters, and numbers. You should also ensure that your password is at least 8 characters long.
Don’t forget to change your password whenever an employee who previously had access leaves your company.
Remove services you don’t use
Telephone systems can do a lot of different things and it’s good practice to determine what is necessary for your business and what level of restriction you should apply to phones during normal and off business hours.
Remove or de-activate any telephone system functionality you don’t need, including remote access ports. You may also have redundant mailboxes that you no longer need or old access codes and voicemail passwords of people who leave your business – don’t forget to deactivate these immediately.
Add international call restrictions
Many hosted VoIP solutions can be configured to restrict international calling entirely or allow secured access. If your business makes a lot of international phone calls, consider adding an extra layer of security, such as an authorisation code that must be input before placing an international or long-distance call. If you’re not sure how to add this, please contact us for help.
Set up a SIP firewall
Session Initiation Protocol (SIP) is often used to create firewalls that help to protect VoIP phone systems from fraud. It’s a signalling protocol that inspects both voice and data as they pass through your network – an SIP firewall acts like a filter for fraudulent calling.
Educate your staff
Educating your team on the seriousness of toll fraud, as well as the precautions they can take to help prevent it, should be top of your list. After all, the system is only as strong as its users.
Cases of Toll Fraud are often linked with the stealing of authorisation codes and passwords. Staff need to be aware of what do to do if the receive any suspicious calls requesting transfers or passwords.
Unfortunately, even with precautions hackers can still get into your system and the subsequent phone bills can cost thousands, so it’s important to keep vigilant. If you would like more information about toll fraud and how to protect your business, get in touch with one of our experts today.