What is Toll Fraud?
Toll Fraud is the theft of long-distance services by an unknown third party. It takes many forms including but not limited to the unauthorized entry into a customer’s phone system or equipment. Businesses that use telephone systems and voicemail systems are particularly at risk if these systems are not secure. Toll fraud is a global, industry wide problem with potentially devastating effects – racking up tens of thousands of dollars-worth of long-distance calls in a very short time. Phone fraud linked to Phone System hacking is a significant threat estimated at 4.96 billion dollars annually, well ahead of credit card fraud.
Understanding Your Legal Responsibility
Toll fraud is an act performed by devious minds much like the malicious individuals that write viruses that attack your telephone system. The tools of their trade include dialers capable of calling thousands of calls an hour looking for a system to crack. Securing your phone system is an imperative step in protecting your company from toll fraud. In such cases, if a call has originated with, or passed through your phone system or equipment, you are responsible for the charges associated with the call, whether the call is authorized or not. This means that if you are the victim of toll fraud, you are liable for the costs. TOPS takes steps to safeguard our customers helping to reduce the possibility of toll fraud occurring.
In order to prevent toll fraud we highly recommend engaging the support program for your phone system and equipment to prevent toll fraud. However ultimately, it is your responsibility to ensure your phone system and equipment is secure.
What Can I do to Protect My Phone System?
Just as you would not leave the front door unlocked or the keys in the ignition, your phone system must be appropriately secured. We have outlined below protective measures you may take to reduce the risk of toll fraud. Keep in mind these are general guidelines, and we do encourage you to contract the provider or maintainer of your phone system to discuss security measures specific to your own setup.
- General Security: Have an annual review, maintain strong physical security, follow best practices for securing an IP-based service, monitor resources for new vulnerabilities, maintain patches, and review logs. Consider utilizing standards-based security add-ons where possible.
- Toll Restriction: International locations are the major destination for toll fraud calls. Recommended practice is to block all international numbers and only enable those you need to call. Some systems allow for passwords to be required for long-distance calls.
- Restrict Outbound/External Transfer Options
- Passwords: Immediately change the default passwords provided with your phone systems. Change user and administration passwords frequently. Change phone system passwords when key personnel leave your organization.
- Unused Mailboxex &: Phones: When employees leave the company, remove their access from all phone systems immediately. This is not only to protect against retaliation from a disgruntled ex-employee but also from anyone who may obtain that ex-employee’s login information.
- Software Patches: Make sure that your phone and voice mail systems are up to date and have all current patches installed.
- Monitoring Monitor calling patterns and usage using whatever auditing features are provided with the system on a daily or weekly basis. Most toll fraud is generated in a short time days to weeks and usually after hours when detection is least likely. Encourage employees to report strange languages on voice massages, especially those left after hours, or unusual and unexpected activity by the phone system (i.e. all lines busy first thing in the morning).
- Social Engineering: Instruct employees to never give out technical or password information about your phone systems to unknown callers. Taking a moment to return a call can help to ensure you are speaking to the correct people.
- Formal Audit: Consider having TOPs audit your phone systems to probe for any vulnerabilities that may have been overlooked or neglected.
- IP PBX: IP PBXs are susceptible to the same fraud issues as traditional phone systems. Additionally, they are also subject to security gaps in your data network. Control administrative access, user host-based intrusion prevention, and use network firewalls/intrusion prevention systems.
What to do if you suspect Toll Fraud
- Contact TOPs immediately to have security breaches checked into.
- Call your long-distance provider immediately.
- Report the incident to your local police authority.
Recently there has been a rash of Toll Fraud taking placing in the interior of B.C. Many customers have had system breaches which have resulted in Toll Fraud.
At TOPS we take your telephone system &: its security very seriously. We want to insure that your system is up todate &: that all steps can be taken to prevent this toll fraud from happening.
TOPS Telecom is offering to perform a security audit of your telephone system for a flat rate of $125 to secure your system &: change passwords. We also restrict international calling if you wish to disable the telephone system from allowing calls out through external ports.
If you are interested in a free Toll Fraud Audit, please email us at firstname.lastname@example.org