What is Toll Fraud?
Toll fraud is organised crime.
Whether you have an analogue, digital or IP based telephone system, fraudsters can hack in, normally out of office hours, and gain control of your system in seconds. They use advanced software to crack passwords and bypass firewalls.
Once the system has been accessed, unauthorised and illegal calls can be made to locations anywhere in the world. The stolen call time is passed off as legitimate call traffic in the form of calling cards and low-priced calling tariffs. In almost all cases, there is a link to organised criminal gangs.
Often businesses are not made aware that they have been hacked until they receive telephone bills for what could be thousands of pounds.
How to spot Toll Fraud
There are certain signals to look out for alerting you of toll fraud. Increasingly, members of the workforce are deceived in order to gain access. For example, they could ring you on a local access number or NGN service asking to be continually transferred between personnel until obtaining an outside line.
Other signs to watch out for are:
- Obscene phone calls
- Continuous hanging up of the phone
- Recurring incidents of asking for an invalid extension number
- Wrong numbers
- Callers asking who they have reached
- Silent calls that wait for you to hang up
- Out of the ordinary calls on your call records
What can you do to prevent Toll Fraud?
Cases of Toll Fraud are extensively linked with the stealing of authorisation codes and passwords. It is essential that your staff safeguard these to the best of their ability. The numbers should never be written down or programmed into auto diallers. Other ways to prevent Toll Fraud:
- Change passwords regularly and make sure they’re strong
- When outside, be vigilant of people listening in on phone calls
- Before accepting charges on a call, verify the identity of the caller
- Restrict calls to other countries
- Place time limits on calls i.e. prevent phone calls in the evening
- Regularly check voicemail system, remove old mailboxes immediately when a member of staff leaves, limit voicemail access to internal lines, do not publish remote access numbers
- Secure IT system when linked to your phone system
- Block unauthorised access to phone system from external sources
- Change CTI access passwords
Companies using auto-attendants to answer calls can also be left open to fraud. Fraudsters will go to the automated attendant and dial the 90XX or 900 extensions. On several exchanges these numbers will connect them to outside lines. You can limit or block the capabilities of local dialling or long distance trunks in order to stop this. Block access codes such as 900XXX can be used in these circumstances.
What do I do if I suspect I’ve been hacked?
Toll fraud can lead to expensive losses that can accelerate extremely quickly so if you notice any of the above signs and are a Taurus customer you should contact our Helpdesk on 01392 202020 or email email@example.com. You should also contact your line/LCR provider (if not with Taurus).
There is currently no way to stop toll fraud. You can educate yourself and your workforce to lower the chances of it happening, stop it when it occurs and reduce the harm it can do.
We recommend including telephone system related applications as part of company security policy and seek insurance against such acts.