Toll Fraud: How to Protect Your Phone System from a Costly Problem
February 24, 2021
It’s a side of hacking that doesn’t always get the headlines, but can have a major impact on companies’ bottom line: Telecom fraud – which results when bad actors attack enterprise phone systems – is a scourge that can cost voice service providers more than $50 billion per year..
Unprotected PBX and VoIP/cloud communications services are sensitive to hackers and fraud, resulting in service downtime, call quality issues, as well as direct financial loss.
But perhaps the biggest concern for individual corporate customers is toll fraud – which happens when a bad actor generates a high volume of international calls on expensive routes, making calls to what are known as “premium rate numbers” and then taking a cut of the revenue generated from those calls.
Cost of Toll Fraud
According to No Jitter, a publication of trade organization Enterprise Connect, toll fraud attacks happen in a variety of ways. In most instances, attacks take the form of International Revenue Share Fraud (IRSF), an approach where attackers exploit a compromised VoIP server to generate large numbers of calls to high calling rate markets. Attackers make their money often by setting up fraudulent companies, or in conjunction with rogue telecom operators.
Other forms of fraud, according to No Jitter, include attacks to high-cost 8xx numbers or SIM box attacks that seek to evade telco interconnects to avoid paying tariffs. In addition to these commonplace attacks, many phone calls are simply spam or fraudulent attempts to get unsuspecting receivers to part with their money through several illicit schemes.
Unfortunately, most enterprise telecom leaders still pay little attention to security. No Jitter’s Workplace Collaboration: 2019-20 Research Study
found that barely one in five companies surveyed have a pro-active security strategy. Of those with a strategy, most include audits, penetration testing, and regular patching as key components of their security approach. Only 25% believe that adopting SIP trunking creates an additional security risk.
As entry points into phone systems increase – thanks to the growing use of softphones, mobile clients, APIs, and WebRTC that embed calling into just about any app – so too do the potential vectors for attack. So how can companies protect themselves?
Building A Toll Fraud Strategy
As the risk of attacks grows, along with awareness of past successful attacks, so too should enterprise awareness of the need to proactively protect their WC applications, even if using cloud-based services. Fortunately, enterprises have tools that can leverage analytics to understand calling patterns, look for known attack signatures or anomalies that could indicate zero-day attacks, and automate the process of blocking an attack or mitigating the impacts of one that has occurred. Ideally, a solution would enable rapid detection, anticipate an attack with predictive analysis, and automate means of responding to or preventing the attack. With more than 60 percent of organizations running more than one calling system, a toll fraud prevention platform would ideally enable unified management across a multi-vendor calling environment.
End users can also play a significant role in protecting the organization from toll fraud. At CTI, we insist on the following minimum steps:
- A clear password policy that is enforced for all extensions in the system – even for remote workers. The password length recommendation must be at least 8-10 digits length.
- When setting passwords, consecutive digits, repetitive digits or extension number for a password should not be recommended password policy — i.e. 123456,1111, etc.
- When creating a new extension/user, they need to follow the same password policy regardless of what kind of set it is (analog, digital or IP set). Hackers can utilize any extension in the system to gain access to the system and use it to dial out international calls.
- Finally, a review firewall rules for voice traffic to confirm that non-required ports are secured.
A toll fraud prevention and mitigation strategy starts with recognizing the problem, in this case, the risk to reputation and the costs of a successful toll fraud attack. CTI can help businesses protect their voice infrastructure, prescribing a proactive approach that includes a security strategy, regular audits, patching, penetration testing, and the capability to leverage analytics to improve the ability to recognize, contain, and respond to attacks as they occur, or to prevent them from occurring in the first place.
To learn more about CTI’s capabilities regarding cybersecurity and how we can protect your organization from this type of threat, please complete the form below: