Toll Fraud Prevention
What is toll fraud?
Toll fraud is the theft of long-distance telephone service. Toll fraud takes many forms. It is particularly prevalent on phone systems that have not been secured. Toll fraud poses a worldwide problem. Fraudsters can easily rack up many of thousands of dollars in long distance charges before you know it’s happening.
How does it occur?
Fraudsters may attack your telephone system by using various techniques that help them guess the passwords for voicemail boxes. Fraudulent operators access your telephone system if your passwords are easy to guess.
Costs associated with calls placed on your phone lines are your responsibility, regardless of whether you authorized those calls or not. For this reason, it is imperative that you take steps to protect your company against toll fraud.
How can you protect your voice system?
Be proactive! Take these important steps to protect against toll fraud. If you do not, it is only a matter of time before you become a victim. Following are some general guidelines to protect your company against toll fraud. We encourage you to take due diligence above and beyond what is listed here.
- Toll restriction: International locations are the major destination for toll fraud calls. Block all international numbers and only enable calls to those places that you need to call. If possible, setup passwords for long distance calls. If this is a possibility, change the passwords regularly, and especially when an employee has left the company.
- General security: Follow best practices for all security, including monitoring resources for vulnerability, maintaining patches and reviewing logs. Consider utilizing standards-based security add-ons where possible.
- After-hours calls: Restrict all outbound after-hours calling.
- Limit access: Limit system access to authorized personnel only, even during company business hours.
- Passwords: Immediately change the default passwords provided with your phone systems, and include password changes as part of your regular maintenance, and when personnel leave your company. Require complex passwords.
- Unused mailboxes and phones: Proactively disable mailboxes and remove all access to outgoing employees immediately. This is not only to protect against retaliation from disgruntled former employees, but also against anyone who may obtain that person’s security information.
- External transfer: Restrict call forwarding and call transfer features, especially to external numbers. Program your phone system so that extensions can forward only to known numbers, and restrict all others. Never forward a caller to 901 or 90#.
- Software patches: Make sure your phone and voicemail systems are up-to-date and that all current patches have been installed.
- Monitoring: Monitor calling patterns and usage on a regular, scheduled basis. High costs can be generated in a very short period of time and will continue until action is taken to stop it.
- Block Collect Calls: Block the system from accepting reverse charges on telephone calls – opt for a toll-free number instead.
- DISA Numbers: Never publish any phone numbers that could provide direct access to your system (DISA). Change your DISA numbers periodically, and issue a different DISA authorization code for all users. Warn users to never write down their authorization codes.
- Invalid Access Attempts: Identify invalid access attempts to your DISA and route them to an operator. Implement DISA ports that drop the line when an invalid code is entered and program your PBX to generate an alarm when an unusual number of invalid attempts are made, and to disable the port after a set number of invalid attempts.
- Modems: Eliminate three-way calling on all extensions that use modems. Physically disconnect modems that are not in use.
- Firewalls: Restrict access to the SIP port(s) on your PBX to only allow SIP traffic from your provider’s IP address, and block it from any other sources.
Or email firstname.lastname@example.org for a professional consultation!