Don’t ignore the continued threat of Toll Fraud

by | Jan 31, 2020 | Business Telecom Services, Hosting, Security, Telephone System Maintenance

According to a Communications Fraud Control Association (CCFRA) survey, fraud loss costs an estimated $28.3 Billion USD a year. This is 1.74% of total revenues.  Including Toll Fraud.


The Top five fraud methods are: Subscription Fraud (Application), Payment Fraud, PBX Hacking, IP PBX Hacking and Wangiri (Call Back Schemes).  We have a free video guide about the threat of Toll Fraud called: Toll fraud explained here.

In terms of fraud types, the Top five are: International Revenue Share Fraud, Arbitrage, Interconnect Bypass (e.g. SIM Box), Domestic Premium Rate Service (in country) and Traffic Pumping (includes domestic revenue share schemes).

The top five emerging fraud methods are: Payment Fraud, IP PBX Fraud, Abuse of network device, or configuration weaknesses, and IOT Fraud.

Yet many telecoms enterprise continue to pay little attention to security and the threat of toll fraud.

Unfortunately, with the growing use of softphones, mobile clients, APIs, and WebRTC that embed calling into just about any app, there is an increased potential for attack. Scammers are always looking for new ways to profit from unsuspecting individuals and organisations. Therefore, taking the appropriate measures to safeguard against telecom fraud is an ongoing effort.

Don’t ignore the risks to reputation and the costs of a successful toll fraud attack.

One of the leading causes of telecom fraud at the enterprise level is PBX hacking and toll fraud. With this, hackers deploy scripts that look for open ports on your telecom system. Once found, they deploy standard passwords and then control the traffic passing through the system. This then allows the hackers to route calls to premium services or uses the system to provide extensive toll calling to continue the fraud.

Why is it then, that security of the enterprise phone system is often overlooked and not considered a priority when it comes to security?

It’s not just legacy PBX systems that are being compromised either; IP systems are just as easily targeted.

In order to minimising the risks of telecom fraud, you first need to understand the risks.

Once you acknowledge and understand the risks, you must implement a security strategy that includes regular audits, patching and penetration testing. Using analytics can also help to recognise threats, contain and respond to attacks as they occur. Crucially, it can help to prevent them from occurring in the first place.

Identify potential vulnerabilities – determine any vulnerable areas in the network system and address them immediately. This will eliminate any avenues of access for scammers. It is also critical to ensure ports are secure and not susceptible to breaches.

Change passwords – by not changing default passwords, or neglecting to make passwords as strong as possible, you are only increasing your organisation’s likelihood of experiencing a malicious attack.

Adopt SHAKEN/STIR – use a digital certificate-based public key cryptography to provide call authentication. SHAKEN (Secure Handling of Asserted information using tokens) and STIR (Secure Telephony Identify Revisited) protocols are the strongest methods of combatting robocalling spammers.

Work with your service provider to understand which protocols they’ve adopted to detect fraud. In addition, proper screening and authentication will eliminate hacking and unwanted calls, whilst also protecting your business from cyberattacks.

MF Telecoms Services offers customised telephony fraud protection to best suit your business needs and requirements.

ECR – Exceptional Call Reporting – monitors call traffic of VoIP, SIP or fully hosted systems, at set, predetermined thresholds.

MF Telecoms Services can also add Toll Fraud Software to NEC phone systems. This works in a similar way to ECR, but also gives the option of adding destinations and times rather than cost as the parameters.

For peace of mind, and to find out more about how MF Telecoms Services can help you put security measures in place to guard against future toll fraud attacks, please contact us for more information. Alternatively, you can call 01892 514687 and ask to speak to one of our UK business consultants about the continued threat of toll fraud to UK business.