Toll Fraud: What Every Contact Center Needs to Know

Toll Fraud: What Every Contact Center Needs to Know

Nov 23, 2018


Cybercrime is not isolated to the Internet alone.

With most companies now using Voice over Internet Protocol (VoIP) to manage their communications, fraudsters and hackers have a lucrative target source, when left unprotected. With the ability to make simultaneous calls from one line, toll fraud – the illegal use of telecommunications – has become a great concern for companies and contact centers who use VoIP and PBX technologies.

Small businesses are most at risk as their local carriers lack anti-fraud systems and are left footing the bill. Larger companies using major telecom carriers have more sophisticated fraud systems in place to catch hackers before they run up six-figure charges. They can also afford to credit customers for millions of fraudulent charges every year. Unfortunately, their detection systems are “after the fact,” and not preventative.

Big or Small, every business is a target for this $40 Billion worldwide problem. Yes, that’s Billions of dollars!



Toll fraud is generally committed after business hours. Fraudsters call a business and identify its automated answering system based on menus and prompts. Fraudsters attack the company’s open ended (IVR option 9) IVR system what is often used by staff to access their voicemail. By entering default passwords (such as sequence 1234) until they get access to a vulnerable mailbox where the system can now be used to make long distance calls, leaving the company to pay the bill!



Here’s a quick checklist that can help you identify possible toll fraud on your network:

  1. Complaints that the system is always busy
  2. Sudden changes in normal calling patterns, such as increases in wrong number calls or silent hang-ups, traffic during off hours (night, weekend and holiday traffic), increase in average call times
  3. 800 and WATS calls, international, operator or 10XXX calling, and odd calls (i.e. crank or obscene calls)
  4. Toll calls originating in voicemail
  5. Long holding times
  6. Unexplained 900 (Chat Line) calls
  7. High tolls for any unauthorized trunk extension
  8. Hearing foreign voices when you pick up a line


Prevention Is Your Best Line of Defense

Your first step is to ask your Telco provider their policies on Toll fraud prevention and protection. If you’re not happy with their policies and procedures, then find a telco that takes this issue seriously.  If more businesses demand preventative measures, telecom companies would be more inclined to proactively protect your business.


TOP 10 things you can do to counter fraudulent attacks against your VoIP system:

  1. Restrict dialing according to user function, instead create roles and assign appropriate dialing privileges
  2. Lock accounts after a defined number of failed password changes (3 attempts is standard practice)
  3. Perform security audits
  4. Use authorization codes (on your IP PBX or with your carrier)
  5. Restrict long distance calls to only countries you deal with, and block all others
  6. Monitor your system regularly and adopt auditing procedures (i.e. check irregular calling destinations, time of calls, duration of calls)
  7. Always close network ports on phones that are in public areas, apply template where the PC port is disabled.
  8. Block long distance calls from being made after normal operating hours (nights, weekends, holidays)
  9. Immediately disable voicemail following an employee’s departure
  10. Block
  • Or disable unused features
  • Access to remote maintenance ports and system Admin ports
  • Premium, high per-minute or per-call 1-900 phone numbers
  • 101xxxx feature that allow calls to be made with another long-distance carrier
  • 0-11 feature that allow overseas calls
  • 0+ feature that allow calls to be made with operator assistance



And then there are the duh! measures that sometimes need to be repeated. Don’t get caught by one of these:

  1. You hear it often enough, but it needs to be repeated – use a strong password and rotate often (minimum 6 digits, no predictive patterns like 1234, repetitive digits like 3333, or the reverse of the extension)
  2. Adopt a password policy according to recognized industry standards (NIST, ISO 27K, SANS, PCI)
  3. Change all default factory passwords


For our Genesys PureConnect clients, here are a few simple preventative measures you can incorporate today:

  • Block users from making changes to their IC client
  • Remove available call forward options
  • Block access to voicemail from external lines
  • Configure PureConnect to forward calls only to internal numbers
  • Use the Password Check Utility to search for default 1234 passwords and provide password aging information


VoIP is not going anywhere. But neither is toll fraud. These attacks, like all internet security risks will continue and become more sophisticated. Minimize your risk by partnering with an experienced Cloud Unified Communications company that provides a bundled Unified Communications service, QoS, and secure data services with best-practice toll fraud mitigation techniques in place.

Contact us at Quovim C3 and let us guide you through the process.


Phillip Fernandes

Technical Support Engineer, Quovim C3


Partner Resources to Explore




Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.