As businesses continue to embrace cloud-based communication systems, the risk of toll fraud—a type of telecommunications fraud that exploits vulnerabilities in phone systems to make unauthorised long-distance or premium-rate calls—has become a growing concern. At Empire Technologies, we are dedicated to helping our clients secure their communication infrastructure against these evolving threats.
Understanding Toll Fraud
Toll fraud occurs when cybercriminals gain unauthorised access to your phone systems, often by compromising PBX credentials or exploiting poorly secured endpoints. Once inside, they can rack up significant charges by making international or premium-rate calls, leaving your business with hefty bills.
Common Methods of Toll Fraud Include:
- Credential Theft: Cybercriminals steal PBX credentials to gain access to your phone system and make unauthorised calls.
- Exploiting Exposed Endpoints: Unsecured SIP phone interfaces that are exposed to the internet are a prime target for attackers.
- Abuse of Public Phones: Phones in public or unsecured locations, such as hotel lobbies or conference rooms, can be used to make fraudulent calls if not properly configured.
Best Practices to Prevent Toll Fraud
To protect your business from the financial and reputational damage caused by toll fraud, it’s essential to implement the following security measures:
- Secure PBX Credentials: Never send PBX usernames and passwords via the same communication channel. Use strong, unique passwords and avoid sharing them over unsecured methods like email.
- Enable Two-Factor Authentication (2FA): For systems like your cloud phone management portal, enabling 2FA adds an extra layer of security, ensuring that even if passwords are compromised, unauthorised access is still blocked.
- Monitor and Limit Call Activity: Set up alerts and thresholds for call charges and consider blocking international calls for phones that don’t require them. Regular monitoring can help detect and respond to suspicious activity quickly.
- Harden Endpoint Security: Ensure that SIP phones and other endpoints are not exposed to the internet. Properly configured firewalls and blocking access to phone web interfaces can prevent attackers from exploiting these vulnerabilities.
- Regularly Audit Access: Periodically review user access to your phone systems, ensuring that only necessary personnel have access and that outdated or duplicate accounts are removed.
- Use Complex, Auto-Generated Passwords: Utilize your system’s ability to generate strong, complex passwords and enforce regular password updates to minimise the risk of credential theft.
- Implement a Lockout Policy: Make sure that laptops and devices used to access your cloud phone systems automatically lock when not in use, requiring a password to unlock.
Partnering for a Secure Future
At Empire Technologies, we work with our clients to implement these and other best practices, ensuring that your cloud phone systems are resilient against toll fraud and other cybersecurity threats. By staying proactive and vigilant, we can help safeguard your business’s communication infrastructure, allowing you to focus on growth and innovation with peace of mind.
Cyber Security