What is toll fraud?
Phone service providers describe it this way:
Toll or phone fraud is theft. It occurs when an unauthorized person gains access remotely to a company’s telephone system to make long distance toll calls. In the most serious cases, hackers are able to capture long distance lines and then “resell” long distance service at a significant expense to the company they’ve hacked.
Recently at InteleCONNECT, we have had a few of our clients who have been affected by toll fraud. In a nutshell, toll fraud involves getting access to a business phone system, and it typically happens after hours on nights and weekends, in the hopes it will go unnoticed longer. Hackers usually get access through the phone system voicemail and then make outgoing long distance and/or international calls at your expense. They can rack up hundreds or thousands of dollars in charges in a very short amount of time before it is noticed by either you or your phone service provider.
Hackers gain access into a phone system voicemail because it isn’t protected properly. In many cases access is gained because the business uses a generic or repetitive passcode to access voicemail. (like 1234, 1111 or the last 4 digits of your phone number). Protect your business by making pass codes more difficult and always change the pass code after its initial set up from the default number assigned at the time of installation. You should also check with your phone equipment vendor to make sure that your phone system and each phone at your business are protected.
I liken toll fraud to credit card fraud. About a month ago one of my vendors that I have set up on auto pay contacted me that they had not received payment, which was strange. After calling my credit card company I found my card info had been compromised and used to make about $4000 in charges. That much purchasing alerted my card company to suspect the activity was suspicious and to block any further charges to my account until they spoke with me.
One of the biggest differences between toll fraud and credit card theft is that in most cases the credit card companies don’t hold you responsible for the costs. With toll fraud, most carrier’s policy is that they will not compensate for the toll fraud. It’s also very difficult to get the police involved because they hackers don’t just use your account, but they go from one phone system to another multiple times, making it very difficult to track and find who is responsible.
REMEMBER THIS: Preventing toll fraud is your responsibility.
Here are some things you should know:
Contact your PBX/phone equipment vendor to ensure you have reduced your risk by having a protected phone system.
Change passwords, account and authorization codes regularly that are used for remote access, voice messaging, administrative and other purposes.
Use these common toll fraud protections:
- Secure account codes
- Use long distance authorization codes
- Block international calls – especially if your company doesn’t typically make them. Some carriers will also put a 4 digit access code on the lines in order to use International Calling.
- Closely monitor your bills for any suspicious activity
- Check with your insurance provider to see if your policy has any prevention against this type of fraud.
- Talk to your PBX/phone equipment vendor to make sure your protected
- If you receive a call from your service provider about suspicious toll fraud, please take it seriously and call them back immediately to discuss
- Check to see if your insurance policy has any provisions in it that would insure you against toll fraud if it should happen to you
Let me wrap this up with some things to think about.
This is happening right here in central MN. In a worst case scenario, we had a client who was hacked and they came in via his toll free number (so he incurred toll free charges on his account) AND they used his voicemail to make international outbound calls, (so he incurred international long distance charges to his account) – DOUBLE WHAMMY!
Just remember the old saying, “an ounce of prevention is worth a pound of cure”. Being proactive about toll fraud, making sure your staff and IT department are aware of it, making sure passcodes are updated and changed from the generic/default codes can save you time, lots of money and headaches.
If you would like to know more about this or have any questions, please feel free to give us a call.