October 29, 2014
Challenges with security breaches and toll fraud are nothing new. As long as there have been telephones and charges for using them, hackers have come up with a variety of techniques to compromise phone systems for making international calls — resulting in serious financial implications for businesses. While we’ve seen a dramatic shift from legacy PSTN to digital phone systems in recent years, toll fraud is still an ever-present threat. In fact the risks of toll fraud within a VoIP environment can be even more severe. For instance, some hackers are able to hijack systems and push through charges that can total $2,000 an hour or more.
A recent article from The New York Times even quotes one Georgia-based architecture firm that ran up a $166,000 phone bill in a single weekend last March. Hackers had broken into the firm’s phone network and routed calls from the firm to premium-rate numbers in Gambia, Somalia and the Maldives — popular end points for hacked calls.
Luckily, by partnering with a top-tier UC provider that takes a proactive approach to monitoring and analyzing real-time VoIP communications on a daily basis, businesses can take heart in knowing that they will be alerted immediately to any variance in usage patterns — and that they will be better-equipped to identify toll fraud early.
Let’s take a look at some precautions that service providers should have in place to reduce their customers’ succumbing to toll-fraud.
Monitoring and Alerts System
When evaluating solutions, enterprises should choose a service provider that proactively monitors and alerts users to any unusual phone activity — similar to how a credit card company flags non-habitual spending amounts. Most companies should not be getting an absurd amount of calls after hours or on weekends. If this is happening, an alert to a company’s IT department about such activity is necessary.
Strong Password Security and Heavy Encryption
Hacks can occur because of poor password protection on voicemail and telephony systems. While less common, it is also theoretically possible for man-in-the-middle attacks to intercept unencrypted call signaling information and interject fraudulent calls into unsuspecting enterprise networks.. Encryption should be used whenever possible, especially if doing so has no additional cost or performance burdens. IntelePeer offers TLS/SRTP on all of its SIP trunks for no additional fees. You can read more about encryption in a previous blog post: Full Security Compliance: What’s Missing from Your Network?
Turn Off Unnecessary Features
While there are a lot of steps that enterprises can take to protect themselves, sometimes we overlook the simple things and they catch us off-guard. For example, since it is widely known that most end points of these fraudulent calls end up in countries like Latvia, Gambia, Somalia and Sierra Leone and originate in the States, turning off international calling or limiting the number of available locations to which your company can call would be a good safeguard to set up.
Smart VoIP providers know to treat their customers’ phones like Internet-connected machines — which is what hackers are already doing. Ensuring that your VoIP provider can offer these basic safeguards plus more can be the difference between an obnoxious toll-fraud charge and none at all. To quote The New York Times.
“People don’t realize their phone is a six-figure liability waiting to happen.”