Increase in Toll Fraud Cases – what is it and are you protected?

By Teltech ICT

Over the past 6 month, there has been an alarming increase in the amount of Toll Fraud cases being reported by Carriers. Australia, due to its geographical location has been protected from threat in many cases. Unfortunately, this is not the case in a digital world. Through the internet, or telecommunications network, hackers are able to get access to your phone system to make fraudulent calls, running up bills in the sum of thousands of dollars.
Telephone Technologies with its continued commitment to providing its customers with the highest level of support, have produced the below document detailing the risks you are currently facing in today’s communications network, and a list best practice options available from Telephone Technologies to best protect your investment moving forward.

What is toll fraud?

Toll Fraud is a term used to describe the occurrence of unauthorized calls on a phone system. This misuse can of course originate in-house, for example private calls initiated by an employee, or forwarding of a direct number to an extension and then on to an external destination. However, the rise in Dial Through Fraud (DTF) and VoIP security threats reported recently shows us that the worst misuse is likely to be generated remotely by hackers who exploit any available remote access to the customer’s phone system to generate expensive unauthorized calls. It is important to note that any customer thus affected is still liable for all such call charges and these can sometimes run can extremely expensive. DTF can be per perpetrated via a number of access methods, examples include IP Phone systems reprogrammed remotely, SIP Trunks, SIP Extensions, DISA (Direct Inward Service Access) or Voicemail.
The hacker has the aim of obtaining access codes and passwords/PINs that will enable unauthorized calls to be made via a customer’s phone lines. Often, the hackers the sell on these details to an organised fraudster for profit.

How am I affected?

There are 3 main areas that hackers are targeting to gain access of your on site phone equipment.

  • Via Voicemail feature (Dial Through Fraud) by taking over user’s voicemail boxes
  • Via your Internet connection on open ports not protected by your Firewall
  • Via SIP trunks not locked down by a dedicated Session Border Controller

Depending on your site & phone system configuration you may not be vulnerable to any of these areas, or you may be vulnerable to all 3. In order to identify the risk to your site please contact our support team to discuss the risk factors and what steps need to be taken to protect your system.

Services & Products Offered by Telephone Technologies

Phone Technician Site Visit – (Dial Through Fraud)

Telephone Technologies have been working closely with NEC and have produced a best practice procedure to be implemented on customer’s sites to protect against Dial Through Fraud.

IT Technician Site Visit – (Fraud via internet connection)

Depending on your network infrastructure, we can liase with you in-house technician to supply best practice procedures to be implemented by your IT staff. Alternatively, if you do not have in house IT Staff, Telephone Technologies can provide one of our IT technicians to attend site and complete these changes for you (technician will require all passwords and login credentials to router & firewall to complete be able to implement this procedure).

Session Border Controller – (Fraud via SIP Trunks)

If you have upgraded your lines to SIP (this does not include Telstra SIP as there is a dedicated Session Border Controller at Telstra End) using a public carrier, you are required to open ports in your firewall to allow these calls to connect. A session border controller is a perpose built firewall specifically for SIP traffic to lock down these open ports to ensure the traffic moving through is legitimate traffic coming from your ISP and not a 3rd party.

Case studies released by South Australian Police & UK Fraud Bureau

Telephone carriers are not liable for [toll fraud] call charges as it is the responsibility of each company’s IT consultant to secure their system as they would secure their internet connection and local area network from outside intruders.”
“Phreaking” Investigation: Full Media Release Text
DATE Tuesday 23 February 2010
Detectives from the South Australia Police, Electronic Crime Section, have been investigating a recent incident involving a local Adelaide business and hundreds of unauthorised phone calls billed to their account. “Phreaking”, otherwise known as ‘dial-through fraud’ or ‘toll fraud’, is the fraudulent and illegal use of a company’s telecommunications system by a third party from a remote location. A Voice over Internet Protocol (VoIP) telephone system or a Private Automatic Branch Exchange (PABX) is common place among many businesses to manage their telephone needs. Some systems arrive setup with default features that can be exploited by criminals, such as call forwarding. Once a phone system has been compromised by criminals, calling cards are sold and distributed in overseas countries, often to unsuspecting members of the public, which are in turn are used to call any number of foreign countries. A compromised phone system will call through several other compromised systems until connecting to an unsuspecting member of the public overseas. Telephone bills can add up extremely quickly and the more outgoing lines available the more people can connect and dial out. In several interstate cases phone bills in excess of $100,000 are being charged. Telephone carriers are not liable for these call charges as it is the responsibility of each company’s IT consultant to secure their system as they would secure their internet connection and local area network from outside intruders. Tracking down offenders is difficult as the criminal behaviour originates from overseas. SAPol recommends all business owners review their policies regarding this often forgotten side of their infrastructure and ensure their system is secure. This can include disabling features of the phone system that are not used by their business, changing the default passwords to something much stronger and restricting 1900 and overseas calls from being dialled if this service is not used.

The National Fraud Intelligence Bureau is continuing to receive reports of individuals and businesses falling victim to “PBX Dial through fraud”.

Businesses are particularly vulnerable to this type of fraud when they are closed or have limited staff cover such as during the holiday period or over weekends.
Private Branch Exchanges (PBX) are telephone systems used by businesses to communicate both internally and externally. Fraudsters target these systems to make calls to premium rate/international numbers. Victims are liable for the fraudulent transactions, which can cause significant financial harm or even bankruptcy.
It is important to remember that fraudsters may not always commit this fraud for financial gain. They can also listen to company phone calls or steal and delete sensitive business data which could be a higher cost than the compromised phone calls.
Dial Through Fraud most commonly occurs when businesses are most vulnerable i.e. during times when businesses are closed but their telephone systems are NOT for example in the early hours of the morning or over a weekend or public holiday.
Please see below a listing of the most common countries initiating toll fraud

  • The most common countries
    • Latvia 10%
    • The Gambia 8%
    • Somalia 7%
    • Sierra Leone 6%
    • Guinea 6%
    • Cuba 4%
    • East Timor 4%
    • Lithuania 4%

At Teltech, we are always on hand to help our clients identify the best option and the benefits they stand by knowing about Toll Fraud Monitoring.
For more information, you can make enquiries online here.
Alternatively, our consultants love to have a chat, so give us a call on (03) 9781 7000.