Cloud Voice: Understanding, Combatting, and Overcoming Toll Fraud

Michael Tindall

The marvels of modern-day cloud communications have culminated in the widespread adoption of Voice over Internet Protocol, or VoIP. As companies increasingly turn to this digital marvel for seamless communication, however, they are exposed to new realms of potential cybersecurity threats—one of the most significant types being toll fraud. 

Fortunately, businesses that are equipped with a deep understanding of the nature of this threat and armed with preventive measures, can fortify their operations and safeguard their communications.

A Deeper Dive into VoIP and Its Value Proposition

VoIP has revolutionized the way companies communicate. By transmitting calls over internet connections and converting voice data into digital files, this technology offers more than just clarity; it offers a promise of efficiency and cost-effectiveness. The myriad benefits are hard to pass up:

  • Economic Advantages: Substantial cost savings for calling, especially long-distance conversations.
  • Unparalleled Mobility: Making and receiving calls from anywhere, ensuring business continuity and flexibility.
  • Feature-Rich Solutions: From video calls to document sharing, the capabilities are diverse and tailored to modern communication requirements.
  • Effortless Conferencing: Connecting multiple parties, whether for brainstorming sessions or global meetings, has never been easier.

However, the landscape isn’t devoid of challenges. As VoIP garners popularity, it simultaneously becomes a lucrative target for fraudsters, leading to the rise of toll fraud.

Deciphering Toll Fraud and Its Nuances

At its core, toll fraud is an unauthorized use of a company’s telecommunications system, primarily to make long-distance or international calls, with the intent of sticking the unsuspecting company with a hefty bill. These illegitimate activities can be initiated from various sources:

  • Insiders making non-unauthorized long-distance calls.
  • External attackers rerouting their calls through a vulnerable PBX.
  • Cybercriminals compromising the VoIP system to make the target company incur unnecessary charges.

Understanding toll fraud’s modus operandi is crucial. Traditional systems were compromised through features like internal PBX dial tones. VoIP systems, due to their online nature, have introduced newer, more sophisticated attack vectors:

  • Port Exploitations: Unprotected SIP servers are easily discoverable, making them prime targets.
  • Credential Vulnerabilities: Weak or reused passwords for SIP trunks or extensions are potential entry points.
  • Server Manipulations: Gaining unauthorized access to SIP servers allows rerouting and misconfiguration.
  • Voice Verification Exploits: Automated scripts target SMS 2FA data flows, bypassing crucial security checks.

A Business’s Vulnerability to Toll Fraud

Toll fraud isn’t discriminatory. Whether you’re a startup or a global conglomerate, if you use or offer VoIP services, you are susceptible. The allure for fraudsters increases when businesses use premium rate numbers, often deployed for specialized services such as:

  • Targeted Helplines
  • Voting Systems
  • Event Notifications
  • Customer Feedback Lines

These numbers, due to their unique nature, command higher rates, making them attractive targets.

Fortifying VoIP Systems Against Toll Fraud

Combatting toll fraud requires a multi-pronged approach:

  • Proactive Vulnerability Scans: Periodically scan to detect potential security loopholes.
  • Asset Audits: Understand your connected assets, gauge their risk, and apply mitigating controls.
  • Password Protocols: Establish stringent password policies, removing defaults and enforcing complexity.
  • Geographic Restrictions: Set your VoIP account to eliminate or limit connections from or to high-risk regions.
  • Monitoring Call Patterns: Commio, for example, regularly reviews live call logs for anomalies, and frequently stops fraudulent calling before the charges run up.
  • Endpoint Safeguards: Ensure all endpoints, from mobile apps to network computers, are securely configured.
  • Rate Control: Set limitations on call rates or funded balances to detect bot-initiated fraudulent activities.
  • PBX Deployment Standards: Adhering to best practices during setup can mitigate many risks upfront.
  • Real-Time PBX Monitoring: Ongoing surveillance ensures immediate detection of unusual activities. This should always include heightened security during any holiday or national observance, as the Commio team sees increased fraudulent activity during these times. 
  • Network Integrity: Beyond VoIP, maintaining robust network security is crucial.
  • Backup and Recovery: Regular backups and well-documented recovery protocols ensure business continuity even in case of breaches.

Cloud voice, with its multitude of benefits, is an indispensable tool for businesses in this digital age. Like all technologies, however, VoIP comes with its set of challenges. By understanding the threat landscape, especially the menace of toll fraud, and adopting robust, proactive security protocols, businesses can harness the power of VoIP while safeguarding their interests.

Essential Guide for Cloud Communications Compliance & Cybersecurity:

Download the full eBook


Part 1: Compliant Calling in the Cloud – Call Compliance, STIR/SHAKEN | Dialing Strategies | Dealing with SPAM Labels

Part 2: Text Messaging Compliance – Getting Started with Messaging Campaigns | Different Messaging Types, Compliance | Long Code Compliance Checklist | 7 Traits of a Good Provider

Part 3: Securing Your Voice & Messaging Business – Empowering Your Team | The Human Element | Cybersecurity 101 | Know Your Customer! | The Robocall Mitigation Database | Toll Fraud

Date posted: September 26, 2023

Topic: Outbound Voice   Toll-Free  

Tags: Cyber Security   Toll Fraud   VoIP   VoIP Fraud  

Michael Tindall

Michael Tindall leads Commio's product development and engineering teams. While attending Clemson University, Michael co-founded Tsoft Solutions, purchased by ClearSky Networks. Next he built and ran support for US Networks. Michael then worked for Bandwidth till he was approached by Aaron Leon to build a cloud-based routing system. The rest is history. Michael is a “40 under 40” winner, and one of only 18 OpenSIPS Certified professionals worldwide. When not coding the future of telecom, you’ll find him enjoying movies, cars, entertaining, and exercising.

Recent posts from Michael Tindall

Get the latest from Commio

We’ll send you one email a month featuring our latest blog content.