Toll Fraud Blog Standard Utilities

The Telecom Industry’s Dirty Little Secret: Toll Fraud

Toll fraud is becoming an increasingly common problem for businesses and the telecoms industry. Telephone systems can be insecure and vulnerable to attacks from hackers who profiteer from fraudulent calls, leaving us to foot the bill.

Standard Utilities can help your business understand potential threats and feel confident about using the internet. By implementing secure processes, you can significantly reduce your business’ chances of becoming a victim of toll fraud.

What is Toll Fraud?

Toll Fraud, also known as VoIP fraud, is when a hacker accesses your phone system to make fraudulent calls from your account usually to international destinations. They do this by using the latest technology and software to identify insecure systems and find their weak spots. The stolen call traffic is usually sold on through overseas calling cards or low cost call tariffs, often funding organised crime and terrorism.
Unfortunately, many businesses only discover that they have fallen victim to toll fraud after the intrusion has taken place and the costly telephone bill comes through. This is often a recipe for unwanted stress, worry and unpleasant conversations with your network provider not to mention the cost.

How to prevent Toll Fraud

The best prevention is understanding and educating yourself on how toll fraud can happen in the first place. Typically, hackers gain access by finding the following weak points in telephone phone systems:

Password Security

An obvious but crucial factor is password security. Telephone system providers tend to provide products that by default use simple passwords that are easily guessed. However this is something you can easily combat.
During the installation of telephone system, make sure that you change the password from the default one provided to a more secure one. If you have to submit your new passwords using a telephone keypad, then ensure the numeric combination avails of all digits available and avoid easy to guess passwords such as:

  • Simple patterns e.g. 1234, etc.
  • Your extension number
  • Dates or Addresses Digit repetition e.g. 1111, etc.
  • Default passwords

Standard Utilities also recommend that as part of the on-going maintenance contract of the PBX system, you change your passwords every three months and remember to never give the same password to more than one user.

Auto Attendant

Auto Attendant is a menu based system that is often used on incoming calls to direct callers to their destination/ department of choice based on the number options they enter (for example: ‘For reception Press 1, for Accounts Press 2’ etc). This is one of the first telephone system features to be targeted by attackers.

Intruders will look to see if digits can be entered for unannounced/ seemingly unused caller options or to see if the star key * and hash key # options are configured for system management features. In all cases they will look to see if digit ‘9’ allows them access to seize vulnerable trunks and dial through the voicemail onto the public telephone network (PSTN).

It is recommended that all AA options that don’t have a configured route (particularly digit 9, star key and hash key) are set to either play the Auto-Attendant / menu options again or drop the call.


Voicemail is very similar to Auto Attendant and most PBX systems will use the same application as the Auto Attendant system. In fact, it is thought that most intruders attack PBX systems through the voicemail system.

Intruders achieve this by firstly calling your number and leaving a message on your voicemail using a specific telephone number. They will then call back into the voicemail to hack your password. Once in the mailbox, the intruder will trial the ‘call back’ feature which commands the PBX to return the call from any messages left.

If it works and the intruder receives a call back on their specific number, they will continue to use the ‘call back’ feature to leave messages from more expensive numbers. In essence the intruder is dialing a local number into the voicemail and using your PBX to make calls at an international or premium rate.
Intruders tend to use unused mailboxes so their activity goes under the radar. Therefore, at Standard Utilities we highly recommend that you delete any mailboxes for inactive users, delete mailboxes for any users that do not use voicemail, remove mailboxes for staff that leave the company and remove inactive group mailboxes.

Call Barring or Day and Night Routing

Installing call barring or Day and Night routing patterns into your telephone system is an effective way to control incoming and outgoing calls.

Toll Fraud often involves attackers targeting a system outside of business hours when intrusion attempts go unnoticed. This enables them to make calls that can be redirected to other numbers at a premium rate.

By installing call barring or Day and Night routing patterns you can restrict your telephone system from dialing expensive international numbers or operator services. It is also possible to restrict all outgoing calls (except emergency numbers) when the office is closed. We would also recommend that you lock down access / admin rights to the system, as it is not unheard of for hackers to have been given access by an internal member of staff.

SIP Trunks

With the decline of ISDN lines and advances in technology, the adoption of SIP trunks has never been higher. However, technology that runs over the internet can be vulnerable and open to being attacked.

To help reduce risks Standard Utilities recommend that you avoid using public internet access / wifi on your devices and always try to use a private connection to access your SIP provider. If,this is not possible, we would recommend that you at least ensure that a reliable firewall is in place to only allow connections from known IP addresses and on specified IP ports.

IP Network

The benefits of using IP telephony by far outweigh the disadvantages, however these should never be ignored.

If, for example, you connect to a local or wide area networks which aren’t maintained by your provider, then this puts your telephone system at risk of intrusion. Standard Utilities would highly recommend that you provide your end users’ IT department with a list of all known IP addresses and IP ports relating to your telephone system. That way access can be permit and restricted accordingly.
If necessary, use IP encryption protocols such as Transport Layer Security (TLS) and Secure Real Time Protocol (SRTP) to ensure all connections and real time voice traffic is secure.

What to do if you get Scammed

If you suspect that you have fallen victim to Toll Fraud, Standard Utilities recommend that you activate a system ring plan within your network that will redirect any incoming calls away from voicemail and Auto-Attendant and straight to a staff member. Bypassing Auto-Attendant and voicemail will usually help stop the problem as this is where most toll fraud occurs. The ring plan protection will also ensure that international and premium rate outbound calls are restricted. Access to contact the operator or directory enquiries numbers are also restricted.

Following our advice you can substantially reduce the risk of your business falling foul of toll fraud. Unfortunately it is impossible to guarantee 100% protection from telephone system hackers. We would recommend that if you suspect or detect Toll Fraud activity you should report it immediately to the Police by contacting Action Fraud at or calling 0300 123 2040.

If you need to protect your business against toll fraud, contact Standard Utilities today to learn how we can support you.

Call us on 028 9032 8888 or email us at [email protected]


Last updated 1 month 2 weeks ago