Toll Fraud and How to Protect Your VoIP Network

A finger pressing against a digital lock.
If you’re a business owner, you’re likely already familiar with Voice over Internet Protocol (VoIP) phone services such as Frontier AnyWare. The perks of VoIP—like rich features, convenient scaling, and low prices—exist because VoIP takes analog phone signals (your voice into a receiver) and converts that sound into digital information for delivery across the internet.

Digital signals are typically clearer than traditional phone signals and cost less money to transfer across the internet than analog signals cost to send across telephone networks. VoIP also requires a lot less hardware to operate, so it’s easier to scale. And for similar reasons, it’s easy to develop new features for VoIP because the process can be done almost entirely through software.

But with every technological development comes risks—read on to learn more about toll fraud and how you can detect and protect your business from this threat.

What’s the Risk with Using VoIP?

While most of the advantages of using VoIP services stem from this digital conversion, it’s also the reason behind its inherent security risk. Since VoIP service operates across internet networks, it’s open to a lot of the same attacks that most internet services are. On top of that, VoIP has also generated several unique scams designed specifically to exploit its digital platform.

Toll fraud is among the most widespread exploitations, and it costs companies billions of dollars a year worldwide. The term toll fraud isn’t new and has been used to describe phone fraud long before VoIP services were invented—but it’s since evolved into a much more dangerous threat. VoIP toll fraud refers to a situation where hackers take over part of a VoIP phone network and use it to reroute their own phone calls—the expensive kind—in very high volumes. Sometimes that means sticking you with thousands of expensive long-distance calls or even 900 numbers with heavy toll charges.

How Does Toll Fraud Affect You?

Toll fraud typically targets two different levels: telecom service providers and subscribers (you and your business). The difference between these two levels of attacks is who has to pay the direct costs. Telecom-level attacks may not have a direct impact on your bottom line, but over time, they’ll have an impact on what telecom companies charge you for VoIP services.

Currently, it’s nearly impossible for telecom companies to avoid these attacks because they need to work with other companies across the world to provide comprehensive phone service. The unfortunate result of this situation is that not every country has the same strict standards that the US does for internet and VoIP security, making it easier for attacks to occur.

With subscriber-level attacks, hackers attempt to bypass your network security to place calls through your VoIP accounts. Once they break into your system, they wait for odd hours or weekends, then flood your network with calls. This way, the calls have a higher chance of going undetected.

How Do You Detect Toll Fraud?

Toll fraud can be difficult to detect directly, especially if you have a large VoIP pool where hackers can hide. However, some signs will appear on your network, giving you clues to possible VoIP attacks:

  • Strange internet behavior such as redirects, unexplained browser extensions, and other anomalies
  • Spurious antivirus messages
  • Microphones, webcams, and other equipment activating automatically

How Do You Protect Your Business?

Protecting your VoIP phone system falls into the same category as protecting your internal business network from external attacks because your VoIP phone system is a part of that internal network. All basic internet security protocols apply:

  • Keep your network computers and devices up to date.
  • Enforce strict password procedures.
  • Have stand-alone, hardware firewalls set up at strategic points in your network.
  • Use VPNs when practical.
  • Set up IP address access-list permits.

However, VoIP phone systems also demand their own set of special protocols to ensure that inherent security flaws can’t be exploited. The single, most abused VoIP protocol is called Session Initiation Protocol (SIP). SIP is how your network determines when people are communicating over the phone (i.e., a session) and what network events signal that the conversation is over. A hacker might exploit this session by rewriting your SIP protocols to hold a line open, even after all parties have hung up their phones. Here are some ways to prevent SIP exploits:

  • Set up a dedicated firewall for SIP protocol ports.
  • Restrict employee phone access.
  • Set up protocols to disable all calling features outside of business hours.
  • Review phone logs and billing statements regularly.
  • Check in regularly with your carrier.

When all is said and done, VoIP security is network security. Sometimes VoIP systems can be overlooked because the hardware appears to be a standard telephone receiver. However, the reality is that VoIP phone systems are just as susceptible to attacks as any computer system connected to the internet—and in some ways more vulnerable.

You should be able to secure your VoIP system, but for additional security, don’t hesitate to get in touch with Frontier about networking security products.