Toll Fraud Prevention: Guide on How to Protect Your Business
In today’s digital world, everything is based on cloud and networking, including your telephone services. Even before the widespread move to remote work, most companies were using Voice over Internet Protocol (VoIP) telecommunications services. VoIP telephone systems transmit all calls over an internet connection, taking the voice data and converting it into digital files so the receiver’s phone can decode it.
Like most other cloud-based technologies, VoIP benefits your business by:
- Reducing costs per call.
- Offering service mobility.
- Providing versatile features.
- Making conference calls easier.
However, just like every other technology, people looking to make quick money have found ways to exploit VoIP. Fraudsters target VoIP, not just as telecom fraud, but to impact the end consumer. According to the Communications Fraud Control Association (CFCA) Fraud Loss Survey Report 2021, International Revenue Share Fraud (IRSF), also called toll fraud, cost companies $6.69 billion dollars. Even more troubling, toll fraud was the winner of the “Biggest Loser” contest across all twenty fraud types in the survey. The next most costly, traffic pumping, costing businesses a total of $4.54 billion.
In other words, if you’re using VoIP services for your company communications, understanding toll fraud and toll fraud prevention is key to saving money and protecting your business.
What is toll fraud?
Toll fraud, also called international revenue sharing fraud (IRSF), occurs when fraudsters use your phone lines, equipment, or services to generate high volumes of fake long-distance, international, or premium-rate calls while the company owning the targeted system gets charged for them. Fraudsters can target mobile phones, calling cards, pay phones, and phone systems (PBX hacking) to achieve their goals.
Some examples of toll fraud include:
- Employees making unauthorized VoIP long-distance or international calls to friends and family
- Attackers routing personal calls or charging the owner of a PBX by gaining unauthorized remote access
- Fraudsters routing their customers’ calls through the targeted PBX after gaining remote access by pretending to be a small telecom company
- Fraudsters using a compromised PBX to sell telephony services to their customers to make money while the targeted organization incurs the costs
- Attackers using a compromised PBX to generate high volumes of fraudulent calls to international and premium-rate numbers just to make the target company spend money
Many tactics mimic the ones that cybercriminals use as part of their attacks, like leveraging default passwords to gain unauthorized remote access to your networks. Basic security protections can help you mitigate IRSF risks.
How does toll fraud work?
Toll fraud isn’t limited to VoIP systems. In legacy phone systems, fraudsters would exploit complex features that people used when getting an internal PBX (private branch exchange) dial tone. The user dialed a Direct Inward Dial (DID) number, heard a dial tone, and then made calls. When companies failed to secure these with a PIN or attackers compromised the features somehow, it led to toll fraud.
With VoIP, fraudsters changed their attack methods. VoIP uses your data network and the internet. This means that fraudsters and attackers can use the same methods for toll fraud as traditional data breaches. Some examples of how they target systems include:
- Port Scanning: The Session Initiation Protocol (SIP) for VoIP uses TCP ports 5060 and 5061 so an unsecured, internet-facing SIP server is easy to locate.
- Passwords: SIP trunks and SIP extensions use passwords, so weak or leaked passwords create a vulnerability.
- Servers: VoIP uses SIP servers that attackers can gain unauthorized access to and reconfigure.
- Voice Verification Code Spamming: Scripted attacks targeting SMS 2FA data flows. Fraud techniques like SMS pumping are also used, where attackers trigger massive volumes of SMS-based authentication requests to exploit premium-rate numbers for financial gain.
Who is at risk of toll fraud?
Any business or industry that uses VoIP can be at risk of toll fraud. When your business uses premium telephone numbers, fraudsters are more likely to target you. Premium rate numbers charge higher-than-normal rates because to provide specific services, and a lot of companies use them for services like:
- Adult Chat Lines
- Tech Support
- Voting
- Weather Forecasts
In addition, these premium rate numbers can also include things like:
- Emergency Numbers
- Mobile Number Types
- Shared Cost Ranges
Typically, geographically based number authorities allocate and report the premium rate numbers to the International Telecommunication Union (ITU), a specialized United Nations agency. A good example is the 900 prefix that the North American Numbering Plan uses in the United States.
In this case, it’s less about who a target is than where the fraudster wants to direct the calls. Any geographic location with expensive calling rates is a likely destination. Some examples of “top destinations” include:
- Cuba
- Estonia
- Gambia
- Guinea
- Latvia
- Lithuania
- Maldives
- Sierra Leone
- Somalia
- Tunisia
- Zimbabwe
Best Methods to Prevent Toll Fraud
The most effective toll fraud prevention method is having a robust cybersecurity program with toll fraud detection software that protects your VoIP systems, networks, and servers. Typically, you’ll need security technologies that help you manage different types of risks from network monitoring to bot detection.
- Monitor Vulnerability Scanning Threats
Since fraudsters know the ports that VoIP technologies use, they often actively scan for vulnerabilities that give them access to your network. By analyzing every request to your online telephone services, you can block this reconnaissance activity, especially when they use bad bots to try to gain access.
2. Identify At-Risk Systems
Before you can set up any controls, you need to understand the connections across your systems. To do this, you need to:
- List all equipment.
- Engage in a risk assessment.
- Set mitigating controls, starting with the highest risk assets.
- Create emergency and contingency plans.
- Monitor for PBX/SIP Gateway vulnerabilities.
3. Establish Password Protection Methods
As with everything else that’s network connected, your VoIP services use passwords. You need to make sure that you remove all default passwords as a first step because fraudsters can easily find these online. In addition, you should have a robust password policy that requires:
- A minimum length of a least 16 characters.
- Special characters.
- Upper and lower case letters.
- Number.
- Password change regularly.
You should also define how many failed login attempts lead to blocking access. Failed login attempts indicate potential unauthorized users attempting to gain system access.
4. Limit Geo Permissions
Since some geographic regions are riskier than others, you may want to set restrictions around countries where toll fraud terminates.
5. Restrict International Calling Behavior
You can configure your VoIP system to restrict international calling or require secured access. This helps mitigate the risk of unauthorized calls because it creates an additional layer of security. If your employees need to use an authorization code, then you can monitor for unusual international calls and long-distance calls more easily.
6. Monitor Call Logs
Frequently monitoring records is key to preventing toll fraud. Your VoIP phone system interface should track incoming and outgoing calls. If you’re a business that doesn’t require a lot of long-distance calls, this can help with your fraud monitoring.
7. Use Endpoint Security Features
Securing all endpoints helps mitigate risks. As part of your endpoint security protocols, you want to include:
- Protecting mobile apps and APIs.
- Disabling unwanted services or protocols in routers, firewalls, and network computers, including H.323, SIP, CDP, services TCP, UDP, RTP, ICMP, FTP, VNC, TFTP.
- Implementing IPSec VPNs like PPTP and L2TP.
- Using SSH (Secure Shell) protocols.
- Hiding IP addresses using NAT.
- Encrypting all links with DES, 3DES, or AES encryption and keys with at least 128 bits.
- Limiting Dynamic Host Configuration Protocol (DHCP) as much as possible to avoid the assignment of IP addresses automatically.
8. Set Rate Limits
Part of a toll fraud strategy is using bots. Fraudsters use them to send high volumes of traffic over a short time period. Limits can include:
- Number of calls per minute or per day.
- Duration of calls.
- Concurrent calls.
9. Appropriately Setup PABX, PBX, or Switchboard
Secure deployments are the first step to preventing toll fraud. If you set up your PABX, PBX, or switchboard following best practices, then you’re limiting the fraudsters’ ability to exploit systems. Some best practices include:
- Restricting unauthorized internal PBX extensions from accessing international networks.
- Assigning an administrator responsibility for authorizing extensions.
- Assigning an administration responsibility for authorizing users with special permissions.
- Requiring PINs for telephone services.
- Securing telephone services to mitigate the risk of unauthorized physical access.
- Restricting or removing unused categories like Direct Inward System Access (DISA) that unauthorized users can exploit.
10. Monitor PABX, PBX, or Switchboard
Beyond just monitoring the call logs, you also want to monitor the PABX, PBX, or switchboard to ensure it the deployment remains compliant with your internal controls. As part of this, you should:
- Regularly monitor records like CDRs, logs, and bills to verify or scan for unauthorized calls.
- Maintain current documentation for common international call destinations, including countries, remote offices, home offices, and suppliers.
- Compare destination documentation with PBX records.
- Set and detect early alerts by monitoring national or international traffic outside of regular business hours.
- Ensure that you suspend service immediately if you detect abnormal activity.
11. Monitor Network Security
Beyond just working with your VoIP services, you also need a strong network security monitoring program to keep VoIP connections safe. This means that you should:
- Assign responsibility for monitoring activity to a network administrator.
- Implement firewall functions, like a web application firewall for any calling apps.
- Establish multi-factor authentication for company network access, including for users and other network computers.
- Set detection rules for unusual network behavior, like high traffic volumes from risky or unknown IP addresses.
- Implement proxy servers to define bandwidth policies and network access outside the company network.
- Use recognized encryption schemes for all data-in-transit across the network.
12. Backup Configurations
Your emergency and contingency plans should include maintaining updated database backups. You also need to document your data restoration procedures.
Prevent Toll Fraud With DataDome
DataDome’s SaaS anti-bot software can help you protect against toll fraud and prevent online fraud because we analyze every request to your online services, automatically blocking bad bots. With DataDome, you can protect your mobile apps and APIs using a dedicated algorithm for each interface.
We compare every request against our massive in-memory database, using a blend of artificial intelligence (AI) and machine learning (ML) to determine in less than 2 milliseconds whether a request is from a human or bot.
With DataDome, you can create an allowlist, and we automatically block all unwanted traffic. Recognizing that each interface and endpoint has different usage patterns, we created unique protections for websites, logins, mobile app APIs, mobile app logins, and machine-to-machine APIs.
Once you set up DataDome, we monitor of both server-side and client-side so that you can detect all behavioral, reputation, and signature signals that help detect and mitigate risk of toll fraud and online fraud. Combining client-side and server-side signals is highly effective at detecting and tracking bots so that you get a complete picture of the sophisticated attacks targeting your company’s networks, systems, and devices.
Toll Fraud Prevention FAQs
What is toll fraud VoIP?
With toll fraud, scammers use your phone lines, equipment, or services to generate high volumes of fake international, long-distance,or premium-rate calls. Toll fraud targets Voice-over-Internet Protocol (VoIP) services because fraudsters can exploit vulnerabilities across service setup, networks, and password hygiene.
What is toll fraud Cisco?
CISCO’s Toll Fraud Precention features enforces security on the Session Initiation Protocol (SIP) to secure the Unified CME system, mitigating the risk that unauthorized users will exploit the SIP line side.
What is IRSF?
International Revenue Share Fraud (IRSF), also called toll fraud, is when fraudsters use a telecommunciations service or product without intending to pay for it by using Voice-over-Internet Protocol (VoIP) technologies that allow lins to make simultaneous calls.