Fraud Prevention
Guidelines and best practices to protect your business phone system from toll fraud.
Effective Date: March 22, 2026
1. What Is Toll Fraud?
Toll fraud is the theft or unauthorized use of long distance phone service. It is especially prevalent for unsecured phone systems or those with lax security. Fraudsters can rack up tens of thousands of dollars in unauthorized charges before administrators are even aware that a breach has occurred.
2. How Does It Occur?
Fraudsters infiltrate telephone systems — whether analogue, digital, or IP based — using software to determine usernames and passwords and crack pass codes. This activity is typically carried out outside normal office hours. Once they have gained access, hackers route unauthorized calls to any location in the world.
It is imperative to change default passwords, implement complex pass codes, and maintain good password management practices to reduce exposure.
3. Your Responsibilities
Costs associated with calls placed on your phone lines are your responsibility, regardless of whether you authorized those calls. It is imperative to take steps to protect your system against toll fraud.
4. How to Protect Your Voice System
It is important to take steps to guard against toll fraud. If you do not, it is only a matter of time before your company is victimized. The following guidelines will help protect against toll fraud, but we strongly encourage taking measures above and beyond what is listed here.
Toll Restriction
International locations are a major destination for fraudulent calls. Block all international numbers and only enable those that are needed for legitimate business purposes. Some systems allow passwords for long distance calls — change these regularly and whenever employees leave the organization.
General Security
Follow best practices including monitoring for vulnerabilities, maintaining patches, and reviewing logs. Use standards-based security add-ons where possible.
After-Hours Calls
Restrict all outbound after-hours calling to reduce the window of opportunity for unauthorized use.
Limit Access
Limit system access to authorized personnel only, even during business hours.
Passwords
Change default passwords immediately upon installation. Include password changes in your regular maintenance schedule and whenever personnel leave the organization. Require complex passwords at all times.
Unused Mailboxes and Phones
Proactively disable mailboxes and remove access for outgoing employees immediately. This protects against retaliation and prevents anyone from obtaining their security information.
External Transfer
Restrict call forwarding and transfer to external numbers. Program extensions to forward only to known numbers. Never forward a caller to 901 or 90#.
Software Patches
Keep phone and voicemail systems up-to-date with all current patches to close known vulnerabilities.
Monitoring
Monitor calling patterns and usage on a regular basis. Fraudulent charges can generate high costs very quickly and will continue until they are stopped.
Block Collect Calls
Block reverse charges on your phone system. If you need to receive inbound calls at no cost to the caller, opt for a toll-free number instead.
DISA Numbers
Never publish numbers that provide direct system access. Change DISA numbers periodically. Issue different authorization codes for all users. Warn users never to write down their codes.
Invalid Access Attempts
Route invalid DISA access attempts to an operator. Drop the line on invalid codes. Generate an alarm on unusual or repeated invalid attempts. Disable the port after a set number of invalid attempts.
Modems
Eliminate three-way calling on modem extensions. Physically disconnect unused modems to prevent unauthorized access.
Firewalls
Restrict SIP port access at the IP address or subnet level to reduce exposure to port scanning botnets.
If you have questions about toll fraud prevention or would like help securing your phone system, contact us at (403) 327-7100. We'd be happy to help.