Toll Fraud

Understanding Toll Fraud can sometimes be half the battle. To assist with this, we’ve put together a short run-down of the what, the why and the how.

Toll Fraud, how does it work?

Toll fraud is when an unauthorized person or persons is able to access your phone system to make calls to long distance or premium numbers.

The practice is so common that according to the figures that are currently available, there is between $4.4 billion and $38 billion in toll fraud each year. Why do these figures from different sources vary so much? Because its not law for either telecommunications providers nor their customers to report such activity on their equipment. Toll fraud is under-reported because it is handled as an internal issue by most companies.

How do they get into your system?

There are lots of ways to get into a PBX, however the most common method see’s attackers gain access to a phone system by means of port scanning. First, they will find an open connection to a customer’s PBX system. Once the vulnerability has been found, the attacker will then launch a SIP brute force (running thousands of combinations of usernames and passwords per minute) attack on the open connection to find the customers username and password. Alternatively, a lot of customers will use default hardware passwords, which are quickly and easily broken.

After the attacker has gained access, you would usually see a short test call made to a standard destination (e.g. USA) test number. The number is usually VoIP hosted.

How does making calls on my PBX benefit them?

Attackers seeking to commit toll fraud are organised. The payoff is large and the effort is generally small and unreported. There are a few ways they can maximize their successful attack on a PBX system.

  • Black Route / Call Reselling: In this kind of attack an attacker gains access to multiple PBX systems. They then offer to sell the call traffic through a legitimate platform at a relatively low price. Once they have a buyer for the call traffic, they then send that traffic through the hacked systems. They benefit from collecting money from the legitimate customer on one side and never having to pay for the high value calls on the other.

  • Overseas Premium Numbers: Attackers purchase premium (think 900 numbers) numbers from countries around the world, where calls to that number result in them being paid. They then use the compromised PBX system to call the premium rate numbers and leave the calls open for as long as possible. This results in the attacker collecting the money for calls made to the premium numbers with the compromised PBX owner paying their provider for the calls.

  • Short Stopping: One of the more worrying methods. An attacker works with a dishonest telecommunications provider, when a call is made to a country, the dishonest carrier stops it from reaching its final destination and shares the profit with the attacker. The PBX owner is charged for the call, and is where the profit comes from.

How do I stop this from happening?

Internet connected PBX systems have become the norm in the last 10 years, with good reason. They provide far greater ease of use and functionality usually at a fraction of the cost of systems in the past.

However, since the system is connected to the internet it needs to be secured like any other internet device.

Setup your firewall

The most common way to stop an attacker dead in the water is to use a good strong firewall. Some PBX systems have firewalls built in (E.g. Asterisk with IP Tables) and others don’t (E.g. Hardware appliances).

If you have a corporate firewall or a firewall of any kind, if you don’t need people to access your PBX from outside of your office, simply block the PBX ports. There is no need to have them open in a lot of cases.

Work with your telecommunications provider

Make sure your telecommunications provider has toll fraud mitigation. Even better, make sure its working on the connection you have with them.

Telecommunications providers have usually invested a lot of money in their toll fraud solutions. It’s a good idea to use them if they are available as it benefits both them and yourself.

Use complex passwords

If you must have phone extensions available on the open internet, make sure you use complex passwords. They should be relatively long and not use any standard words. If in doubt use a password generation tool.

Remove default logins from phones and devices

A lot of VoIP based phones and ATA’s have default login details. By doing a simple google you will be able to find these login details on the internet. These are extremely insecure.

Please change all of your equipment login to use custom usernames and passwords, and remember if the administration interface doesn’t need to be internet facing, block it with your firewall.

Remove international calling

If you don’t need to call international destinations, remove the ability to do so from your PBX. Most businesses only call a handful of destinations. This is generally all that needs to be enabled. Although this step won’t stop fraud, it will mitigate the damage should any occur.

Install a Toll Fraud protection tool

Its important to understand that no system is invulnerable to getting hacked, no matter what level of security you have. By using a toll fraud protection tool such as PBX Shield you mitigate the damage caused by a successful attack on your PBX or VoIP system. The toll fraud protection system is your last line of defense and steps in when all else fails to protect you from fraudulent activity costing you thousands.

About PBX Shield