Toll fraud, also known as telecommunication fraud or PBX fraud, is one of the most prevalent and costly threats in telecommunications. It involves unauthorized use of a business’ phone system to make long-distance or international calls, often to premium-rate numbers. These fraudulent activities can result in substantial financial losses, disrupted operations, and damaged reputations for businesses that are targeted by these threats. To detect and prevent toll fraud, businesses may adopt a multilayered approach to telecom security that combines technologies for fraud detection, call security, and call authentication.
How Toll Fraud Works
Toll fraud is a scheme where attackers exploit vulnerabilities in a business phone system to make unauthorized calls. These calls are typically made to expensive long-distance or premium-rate numbers, generating high charges. The attackers often own or collaborate with the operators of these premium-rate numbers, allowing them to profit directly from the fraudulent activity.
Here’s a breakdown of how toll fraud typically operates:
- Exploiting Vulnerabilities Attackers start by identifying weaknesses in a business’ telecommunication systems. They may target unsecured PBX (Private Branch Exchange) systems, VoIP (Voice over Internet Protocol) systems, or voicemail systems. Their exploits often take advantage of default passwords, weak credentials, unpatched software, or poorly configured network settings, making it easy for attackers to gain access.
- Gaining Control of the System Once inside the phone system, attackers manipulate it to make unauthorized calls. They may program the system to automatically route calls to high-cost destinations, such as international or premium-rate numbers. These numbers are often located in regions with high billing rates for calls, allowing attackers to maximize the financial impact on the victimized business.
- Generating Revenue Attackers make money by directing calls to premium-rate numbers they control or are affiliated with. A portion of the call charges is shared with the attackers, providing them with a steady revenue stream. These numbers are deliberately set up in regions or through services that generate high fees per call.
- Avoiding Detection To prolong the attack and avoid detection, fraudsters use a variety of tactics such as spreading call activity across multiple phone numbers, using random patterns, or conducting the attacks during off-hours when monitoring is less active. This helps them evade suspicion and continue their fraud for extended periods.
- Leaving Businesses with the Costs The financial burden of toll fraud falls on the victimized businesses, which are typically held responsible for the fraudulent charges. Depending on the duration and scale of the attack, these costs can range from thousands to millions of dollars. Beyond the financial losses, businesses also face potential disruptions to operations and damage to their reputation.
Common Forms of Toll Fraud
Toll fraud can take many forms, each with its own tactics, but the goal is always to place large numbers of calls that generate high charges to the victim and deliver a payout to the attacker. Some of the most common forms of toll fraud include:
-
PBX Hacking Attackers gain unauthorized access to a business’ Private Branch Exchange (PBX) system. They may exploit weak passwords, unpatched software, or unsecured ports to infiltrate the system. Once inside, they configure the PBX to make long-distance or international calls to premium-rate numbers they control. The attackers profit from the charges while the business is left to cover the costs.
-
VoIP Fraud With VoIP systems, attackers may exploit vulnerabilities in the software or configuration to hijack the system. They may use brute force attacks to crack weak credentials or find loopholes in unsecured networks. After gaining control, they route calls through the business’ VoIP system to high-cost destinations. The internet-based nature of VoIP systems makes them particularly attractive targets because they can be accessed remotely from anywhere in the world.
-
International Revenue Share Fraud (IRSF) IRSF involves attackers making unauthorized international calls to specific high-cost regions. The attackers collaborate with overseas operators to share the revenue generated from these calls. Often, they use hacked PBX or VoIP systems to generate a high volume of calls to these locations.
-
Premium-Rate Number Fraud In this scheme, fraudsters set up premium-rate phone numbers that charge callers exorbitant fees. They then use compromised phone systems to repeatedly call these numbers. The attackers receive a share of the fees from the premium-rate service provider, while the victim is stuck with enormous phone bills.
-
Voicemail Hacking Attackers gain access to voicemail systems with default or weak passwords. They use voicemail boxes to make unauthorized outbound calls, often routing them to international or premium-rate numbers. This method is particularly insidious because voicemail systems are often overlooked as a security risk.
-
Callback Fraud In callback fraud, attackers trick victims into calling a high-cost number. This is typically done through social engineering, where the attacker leaves a message or sends an email asking the victim to return a call to resolve a fake issue. The callback routes to a premium-rate number, generating revenue for the attacker.
-
Social Engineering and Insider Fraud Attackers sometimes use social engineering to trick employees or service providers into granting access to phone systems. In other cases, an insider with authorized access collaborates with fraudsters to manipulate the system for financial gain. This method relies on human error or complicity rather than technical vulnerabilities.
How to Detect Toll Fraud
Detecting toll fraud as soon as possible is critical to minimizing its impact. Typical warning signs include:
- Unusual Call Patterns A sudden increase in long-distance or international calls, especially to unfamiliar regions, is a common indicator of toll fraud.
- High Call Volumes During Off-Hours Fraudulent activity often occurs at night or over weekends when monitoring is less active.
- Unexpectedly High Phone Bills A significant spike in telecommunications costs without a corresponding increase in legitimate usage may signal unauthorized calls.
- Access Logs with Suspicious Activity Logs showing repeated failed login attempts or unusual access to voicemail and PBX systems could indicate an ongoing attack.
- Customer Complaints When customers report receiving calls from your business number that you didn’t initiate, it may indicate spoofing or toll fraud.
The Impact of Toll Fraud on Businesses
The consequences of toll fraud can be severe, affecting businesses in multiple ways:
- Financial Losses The primary impact of toll fraud is the cost of unauthorized calls. These charges can range from thousands to millions of dollars, depending on the scale of the attack.
- Operational Disruptions Fraudulent activity can overload phone systems, disrupting legitimate business communications and operations.
- Reputational Damage Customers and partners may lose trust in a business that has been compromised, especially if fraudulent calls target or harass external parties.
- Legal and Compliance Risks Businesses may face regulatory scrutiny or legal challenges if their phone systems are used for fraudulent or criminal activities.
How to Prevent Toll Fraud
Preventing toll fraud requires a proactive approach that combines technology, best practices, and regular monitoring.
- Use Firewalls and Encryption Deploy firewalls to secure VoIP systems and encrypt call data to prevent unauthorized access and eavesdropping.
- Monitor Call Activity Implement real-time monitoring and alerts for unusual call patterns, such as high volumes or activity during off-hours.
- Strengthen Passwords Replace default passwords on PBX, voicemail, and other telecommunication systems with strong, unique credentials.
- Limit Access Restrict access to phone systems and configure them to block international or premium-rate calls if they are not necessary for your business.
- Update and Patch Systems Keep PBX and VoIP systems up to date with the latest security patches to protect against known vulnerabilities.
- Work With Your Carrier Partner with your telecommunications provider to implement fraud detection and prevention measures. Many carriers offer services to block suspicious calls or to put a cap on expenses.
SecureLogix: Leading Solutions to Combat Call Fraud
Industry-leading SecureLogix is solely dedicated to solving the security, trust, and authentication issues that plague today’s voice networks and contact centers. With inbound and outbound call solutions for call branding, security, and authentication, we enable businesses and their contact centers to reduce costs, maximize revenue, and restore trust. With SecureLogix as your partner, you can work with a single vendor that offers a comprehensive solution for the full range of security and trust issues threatening the enterprise today.
To combat toll fraud and other forms of call fraud, SecureLogix offers a portfolio of call security and authentication solutions:
-
SecureLogix Call Defense™ System This 11th generation proprietary technology combines multiple solutions to defend against toll fraud and other threats. The Call Defense™ System sits at the edge of your voice network, scanning and filtering call activity to sort good traffic from bad in real time. With a voice firewall, voice intrusion prevention system (IPS), a malicious callers database (Red List), and forensic reporting, the Call Defense™ System provides real-time visibility and control of all voice calls into and out of your network. With this SecureLogix technology, you can effectively identify and stop attacks like fraud, vishing scams, robocalls, traffic pumping, telephony denial of service (TDoS), impersonation scams, and others.
-
SecureLogix Call Secure™ Managed Service This offering combines the security features of the Call Defense™ System with the expert help of the most experienced call security experts in the industry. This service enables you to access the protections of an industry-leading call security solution while freeing your IT team from the need to deploy, manage, maintain, and upgrade the technology.
-
SecureLogix® Orchestra One™ Call Authentication & Trust Service This service provides automated inbound call authentication with outbound call spoofing detection. Orchestra One™ quickly verifies and authenticates every inbound call at the lowest per-call price, leveraging multiple zero-cost and low-cost metadata services and orchestrating thousands of call details to deliver a rigorous, high-value risk score for each call. With this SecureLogix solution, you can reduce the duration of agent calls by up to 30 seconds, minimizing contact center costs through automation. Seamless integration with outbound call center software for spoofing protection enhances call trust by identifying and blocking spoofed calls attempting to use your corporate numbers to impersonate your brand.
FAQ
Q: What is toll fraud?
Toll fraud is unauthorized use of a business’s phone system, often to make long-distance or premium-rate calls. It exploits vulnerabilities in PBX or VoIP systems to generate revenue for attackers.
Q: How do attackers exploit phone systems for toll fraud?
Attackers often use default passwords, insecure configurations, or software vulnerabilities to gain access to PBX or VoIP systems. Once inside, they make unauthorized calls to high-cost numbers.
Q: Can small businesses be targets of toll fraud?
Yes, toll fraud affects businesses of all sizes. Small businesses are often more vulnerable because they may lack advanced security measures.
Q: What role does a telecommunications provider play in toll fraud prevention?
Many providers offer fraud detection tools, call blocking services, and spending caps to help businesses manage toll fraud risks.
Q: What should I do if I suspect toll fraud?
Immediately contact your telecommunications provider, review call logs for unauthorized activity, and secure your system by changing passwords and implementing additional protections.