Top 10 Ways to Prevent Toll Fraud

By Sean Finney

A recent news item told the story of an AT&T customer who discovered $20,000 of international calls on her bill. Unfortunately this is not an uncommon occurrence but there are things you can do to prevent this from ever happening to your company.

Most phone systems sold today allow users to return calls from within their voice mailbox. This is a convenient feature when you are driving and checking messages; instead of fumbling for a pen to write down a number the system will call the person back using their caller ID. After your call is completed you are returned to your mailbox where you can listen to the rest of your messages.

What a great feature! But this is also how hackers gain access to your phone system and rack up $20,000 worth of international calls before you even notice. They don’t hack your phone system with a computer, they do it with a telephone.

Here are some of the best practices we employ at United Data Voice to prevent our client’s phone systems from being hacked:

1. Turn off international calling.
I am sure the victim in the news item conducts all of her business within the United States. If international calling had been disabled she would never have received a $20,000 phone bill. The “hacker” racking up the international toll charges could also be your night janitor keeping in touch with his family back home. No passwords needed to hack your phone system, he just places a call. The “hacker” could also be one of your employees who uses the system to call her boyfriend in Europe for “free.” Both your phone system and phone company can block the 011 international prefix; do both. If you need to make international calls in your business, read further.

2. Turn off features that allow users to place outside calls from their voice mailbox.
This will stop all hackers because even if they gain access to a voice mailbox the most they will be able to do is send voice messages within your company. Not being too lucrative for the hacker, they will move on.

3. Restrict features to only the users who need them.
If you like being able to place calls from voice mailboxes then enable the feature only for the users who need it. The fewer the mailboxes that have the it enabled the more secure.

4. Use strong passwords.
Avoid basic password patterns such as repeated digits (1111), consecutive digits (1234), or digits that match the extension (Ext, 101 using 1011, 9101, 10101, etc.). Any phone system worth its salt won’t allow you to use these passwords anyway. Hackers will also try to guess passwords like your zip code or your address.

5. Use a unique password for every mailbox.
Having one default password for every mailbox might seem like a good idea until you get the phone bill for $20,000.

6. Turn off unused mailboxes.
Many phone systems have voice mailboxes that have not been assigned to anyone. Tighten up your system and disable or delete any mailbox that is not being used. This will also prevent callers from leaving messages in mailboxes that aren’t being monitored. When an employee leaves the company, disable their mailbox and forward their calls to whomever will be taking over their duties. Otherwise free international phone calls may be the last perk of the employee you have just terminated.

7. Get an unlimited local and domestic calling plan.
If you are still paying per minute toll charges it’s time to look for new phone service. A phone line with an unlimited local and domestic long distance calling plan can be had for $40 per month or less. With international calling disabled your bill will be the same every month regardless of the number of calls. If you do get hacked at least it won’t result in a $20,000 phone bill.

8. My company conducts business overseas, what can we do?
Check to see if your phone system has an account code feature that will force the user to enter a unique account code in order to place an international or long distance call. This extra layer of security goes a long way to prevent toll fraud.

9. Periodically audit you phone system’s logs.
Most phone systems have an internal database that will log all calls made on the system. Reports can be sent on a regular basis and monitored for suspicious activity. You might learn some interesting things about your employees from these reports that your phone bill will never show.

10. Don’t try and manage your phone system yourself.
The real reason why the Woodland Hills attorney received a $20,000 phone bill was because nobody was managing her phone system. Find a vendor who will manage your phone system and make sure all of these leaks are sealed. Modern phone systems can be remotely managed at a reduced cost compared to older systems which require a technician on site. The cost of an annual service contract is nominal compared to a $20,000 phone bill.

--------
Sean Finney is the President of United Data Voice, Northern California’s premier provider of business communications products. We deliver affordable yet powerful, reliable voice and data products for your business, large or small. Our certified professionals have in-depth knowledge and experience installing, servicing and maintaining stand-alone and multi-networked systems. For more information, visit www.uniteddatavoice.com

Contact Information

Tim McGraw

Media Relations

United Data Voice

Contact via E-mail