If you’re not familiar with toll fraud, we’ll give you a quick introduction. Toll fraud is a breach of security on call control equipment, such as a Private Branch Exchange or Key System. Fraudsters hack your call system to gain access to the configuration menu in the call controller. They often gain this access through insecure voicemail PIN codes or configuration menu PIN codes that haven’t been changed from the manufacturer default.

Once they’ve hacked in, two things can happen. When criminals are able to access the settings menu in the call controller, they can set up your system to offer “free” long distance calls that the business owner has to pay for. The other thing that can happen is the hacker can gain access to private information through the system.

This isn’t 'prank call' mischief, this is organized crime. The payoff in toll fraud is selling hacked long distance services as time-bound calling cards on black markets around the world. The fraudsters sell the minutes for profit and the hacked business foots the bill for the actual services.

It can take a little time for a breach to be detected, which means a significant tally of long-distance charges can be racked up quite quickly. Often the first sign of toll fraud is an unexpected or unidentifiable increase in a monthly bill, making it important to monitor these on a regular basis.

If your system has a toll-free 800 number attached to it, the fraudsters can run up bills on both inbound and outbound long distance calls using that number. In this case, charges will begin to pile up even faster. Once you realize you’ve been hacked, it can still be tricky to trace it back to the source. Hackers are sneaky and they generally cover their tracks to avoid being caught. They often use a previously hacked system to call and hack into other systems, setting up a daisy chain of call controllers to distance themselves from the eventual charges.

Now that you know why they do it, let’s talk about how they do it and what you can do to prevent it.

Toll fraudsters use something called brute force (multiple frequent calls) to reach a business and identify cracks in its automated answering system. The business will likely notice a large increase in their inbound call traffic on their bills, but have no idea why. They will attack the open-ended Interactive Voice Response (IVR), most commonly used by staff to access their voicemail, with short calls to the directory.

You know how you’re always told to change your voicemail passwords from the default? Here’s why: trolls enter those basic passwords, such as 1234 and 1111, until they gain access to a mailbox. Once they crack the code, they can take over the system and use it to make those long distance calls and start racking up those bills.

The good news is that preventing toll fraud is pretty straightforward:

• Implement international calling restrictions on your business lines. Blocking international calls outside of business hours is often recommended, as 90% of toll fraud occurs on weekends, holidays, or when offices are closed. SaskTel would be happy to help you set this up.

• Review bills and call logs carefully and regularly.

• Use strong passwords and pins!

• Set up a security appliance in front of your call controller. Contact our team for details on how to set up SaskTel Network Security products on customer-owned or SaskTel-provided hardware.

• Contact SaskTel to have a Strategic Security Assessment conducted. This assessment will identify possible threats and determine which of your systems are particularly vulnerable to hackers.

Toll fraud can be easily avoided through the adoption and review of internal corporate call control equipment and limitations on long distance usage. To get started on setting up some security measures for your business, call SaskTel Business Sales at 1.844.SASKTEL (1.844.727.5835).

Revised Blog with updates from May 15, 2020.