What you need to know about toll fraud

You may not be familiar with toll fraud, but you should be! Learn how to guard your business from this type of cyber assault.

If you’re not familiar with toll fraud, here’s a quick introduction: toll fraud is a breach of security on call control equipment, such as a Private Branch Exchange or Key System. Fraudsters hack your call system to gain access to the configuration menu in the call controller, often through insecure voicemail PIN codes or configuration menu PIN codes that haven’t been changed from the manufacturer default.

Once they’ve hacked in, two things are possible: they can set up free long-distance calls that the owner of the private branch exchange has to pay for, or they can gain access to private information through the system.

This isn’t 'prank call' mischief. This is organized crime. The payoff in toll fraud is selling hacked long distance services as time-bound calling cards on black markets around the world. The fraudsters sell the minutes for profit and the hacked business foots the bill for the actual services.

It can take a little time for a breach to be detected, which means a significant tally of long-distance charges can be racked up. Often the first sign of toll fraud is an unexpected or unidentifiable increase in a monthly bill.

If your system has a 800 number attached to it, the fraudsters can run up bills on both inbound and outbound long distance calls using that number—in that case, charges will pile up even faster. And once you’ve detected the problem, it will still be tricky to trace it back to the source. Hackers generally cover their tracks to avoid being caught, often by using a previously hacked system to call and hack other systems, setting up a daisy chain of call controllers to distance themselves from the eventual charges.

Resize Untitled design 4

Now that you know why they do it, let’s talk about how they do it and how to prevent it.

Typically toll fraud is committed after business hours. This is of special importance to most offices now, as the majority of people are working from home, and there are more exploitable hours available, especially if offices are closed and main phone lines haven’t been forwarded to another line.

Toll fraudsters use something called brute force (multiple frequent calls) to reach a business and identify cracks in its automated answering system. They will attack the open-ended Interactive Voice Response (IVR), most commonly used by staff to access their voicemail, with short calls to the directory.

You know how you’re always told to change your voicemail passwords from the default? Here’s why: trolls enter those typical passwords (think 1234 and 1111) until they gain access to a mailbox. Then once they crack the code they can alter the system, take it over and use it to make those long distance calls and rack up those bills.


Fortunately, stopping and preventing toll fraud is pretty straightforward:

  • Implement international calling restrictions on your business lines. Blocking international calls outside of business hours is often recommended, as 90% of toll fraud occurs on weekends and holidays or when offices are closed. SaskTel can help set this up upon request.
  • Review bills & call logs carefully and regularly.
  • Use strong passwords and pins!
  • Set up a security appliance in front of your call controller. Contact our team for details on how to set up SaskTel Network Security products on customer-owned or SaskTel-provided hardware

Toll fraud can be easily avoided through the adoption and review of internal corporate call control equipment and limitations on long distance usage. Want to set up some security measures today? Talk to our team at SaskTel!

Join the discussion

Follow us on LinkedIn!

For all the best SaskTel Business Solutions content, follow us on LinkedIn.


We help SK businesses to thrive

We are committed to ensuring you have access to the services you need. Our networks, ongoing investments, experience, and experts means your technology is reliable and resilient.