How to Protect Your Business Against Toll Fraud

Toll Fraud accounts for losses of £1.2billion in the UK alone

Toll Fraud, also known as VoIP Fraud or SMS Pumping: is a crime in which a hacker gains access to and makes unauthorised use of a business’s telephone system and carrier services, typically by breaching computer security and accessing a PBX to use its communication facilities. While we cannot eliminate the potential for Toll Fraud, taking the steps outlined and adhering to any recommendations following a review will mitigate the impact.

Britannic offer a service that helps mitigate the impact of toll fraud.

Request a Fraud Risk Assessment

We recommend you request a ‘Fraud Risk Assessment’ be carried out by one of our technicians, even if you have had one in the past. This is especially important if you have made new additions to your system or changed passwords since your last audit. Please be aware that there will be a nominal charge of £125.00 per system. The lead time is currently 10 working days.

Toll Fraud Destinations

We have seen calls to premium rate numbers i.e. 09xxx, non-geographic numbers i.e. 0871, even 0844, mobile Wi-Fi numbers i.e. 07xxx as well as international destinations.

Toll fraud usually occurs outside business hours when the activity is unlikely to be noticed. Fraudsters can make vast amounts of calls, often running up bills of thousands of pounds per trunk per day until stopped, and because your carrier has provided its service legitimately to you they will charge for these calls. This means a bad case of toll fraud can have serious financial impact on your business.

How Does It Work?

We will remotely access your system to do the assessment.

The checks will include the following:

  • Check system administration passwords and password ageing & notify you if found to be default settings.
  • Check a number of user mailbox passwords at random.
  • Review the switch setup in respect of barring, including trunk barring, remote access.
  • If appropriate, update barring policies – i.e. known current mobile Wi-Fi numbers, include in the barring tables.
  • Recommendations for additional programming if required and any costs that may be associated.
  • Report on findings and what actions should be taken.

How to: Steps you can take to protect your business against Toll Fraud

There are some basic steps that you should take immediately to protect your system. While we cannot eliminate the potential for Toll Fraud, taking the steps outlined and adhering to any recommendations following a review will mitigate the impact.

If you have SIP devices (iPad, soft phone, mobile client, SIP phones etc.)

  • You must ensure that a ‘strong’ password is used – not the extension number or an easy to ‘guess’ passwords.
  • You should only use SIP devices if both the phone system and the SIP device have a mechanism to secure SIP (e.g. Digest Authentication).
  • Never expose SIP phones (softphones or hardphones) to the Internet without encryption or a VPN.  Talk to Britannic if you need advice on how to secure remote devices.
  • Ensure that your individual voicemail users have changed their passwords and that passwords should be more than 6 digits with a numbers and special characters.

System specific toll fraud

Please follow the below links for additional, system-specific information. If you have further questions, please don’t hesitate to contact your Britannic Account Manager to discuss your specific requirements.

Mitel systems Avaya systems Avaya IP office

Request a Toll Fraud Audit

function async(u, c) { var d = document, t = 'script', o = d.createElement(t), s = d.getElementsByTagName(t)[0]; o.src = 'https://' + u; if (c) { o.addEventListener('load', function (e) { c(null, e); }, false); } s.parentNode.insertBefore(o, s); } async('js.hsforms.net/forms/current.js', function() { hbspt.forms.create({ css: '', portalId: '457312', formId: 'da1db199-d62a-4f6d-a9f6-fb2c5c1ea505', target: '#hubspotform-submitted-18-5', onFormReady: function(form) { let formHiddenField = document.querySelector('input[name=""]'); if (formHiddenField) { formHiddenField.value = 'toll_fraud_services'; } function checkEvent() { if (event.data.type === 'hsFormCallback') { if (event.data.eventName === 'onFormSubmitted') { const formWrapper = document.querySelector('.form-wrapper-18'); const headline = formWrapper.querySelector('.js-form-headline'); const content = formWrapper.querySelector('.js-form-content'); if (headline) { headline.style.display = 'none'; } if (content) { content.style.display = 'none'; } App.trackByLeadForensics({ link: '#hubspotform-submitted-18-5', label: 'Contact Form Submission' }); const successMessage = formWrapper.querySelector('.submitted-message'); if (successMessage) { const allForms = [...document.querySelectorAll('#hsForm_da1db199-d62a-4f6d-a9f6-fb2c5c1ea505')]; if (allForms.length) { allForms.forEach(function(form) { const parent = form.parentElement; const wrapper = parent.parentElement; const headline = wrapper.querySelector('.js-form-headline'); const content = wrapper.querySelector('.js-form-content'); parent.innerHTML = successMessage.innerHTML; if (headline) { headline.style.display = 'none'; } if (content) { content.style.display = 'none'; } }); } } } } } window.addEventListener('message', checkEvent); } }); (function() { window.jQuery = window.jQuery || function(nodeOrSelector) { if (typeof(nodeOrSelector) == 'string') { return document.querySelector(s); } return nodeOrSelector; }; })(); });