Phoney Phone Lines and Sure-Fire Security: How to Prevent SIP Trunk Fraud

While businesses go to great lengths to protect their IT infrastructure against nefarious cyber criminals, there is one vital aspect of business security that is so often overlooked – effectively securing your telephone system.

Telephone fraud is not the most commonly known form of attack and you’d be forgiven for thinking it’s not something that happens often in the UK. In actual fact, phone fraud – or toll fraud – is on the rise with an estimated 84% of UK businesses at risk of an attack and the UK is one of the top five most targeted countries in the world.

Toll fraud can have the same detrimental effects on a business as cyber attacks, including reputational damage and financial losses. Therefore, taking measures to protect your phone system should not be underestimated.

What is toll fraud?

Toll fraud typically occurs when a hacker uses an IP scanner to search the internet and identify publicly facing phone systems. They use brute force attacks or even default vendor passwords (such as admin/admin) to gain access. Once in they will set up diverts and calls to expensive international destinations and take a slice of the revenue generated from these calls.

In most case, this goes undetected and businesses only find out that it’s happened when they receive their next phone bill. By then it’s too late and hackers have potentially run up tens of thousands of pounds in fraudulent calls. And guess who’s liable for covering the costs of such bills – you are.

Hackers can gain access to your network in seconds whether you have an analogue, digital or IP based phone system. However, it’s important to remember that SIP trunking exposes your phone system to IP level threats, which makes SIP trunks particularly susceptible to this type of crime.

Bank Holidays, weekends and other out-of-office hours are prime times for hackers to try and access your phone systems. So, as your business winds down for the festive season, ensure your IP phone network is secure with our top tips.

7 ways to help prevent SIP trunk fraud

  1. Set spending alerts: Contact your SIP trunking provider to set a spend threshold that will generate alerts once the limit has been reached.
  2. Create complex passwords: Ensure you change all your phone system’s default passwords to unique, secure passwords. Use a minimum 10-character mixed case password with a combination of letters, symbols and numbers. You should change default usernames where possible too. Also remember to change your passwords regularly, including voicemail mailbox, extension and remote access passwords.
  3. Implement a call barring plan: Where possible, bar outgoing international or premium rate numbers. Banning outgoing calls outside of office hours will also help keep your phone system secure. Block any suspicious incoming phone numbers to help prevent the caller from gaining access to your information.
  4. Disable unused features: If you don’t use certain features, such as conference calling facilities, disable them. At the very least, disable them for the extensions that do not make these types of calls. If they are needed, consider setting destination restrictions, so only certain destinations can be dialed.
  5. Review phone logs and statements: Regularly checking call traffic to and from your business will make it easier to pick up any anomalies that could be fraudulent. Checking your bills thoroughly will also alert you to any suspicious activity.  Our hosted collaboration customers can utilise Call Reporting and Analytics to analyse and report on call traffic.
  6. Set up a firewall to protect your phone system: To keep your telephony platform as secure and private as possible, set up a firewall or SBC to prevent your system from being exposed directly on the internet. This includes management ports as well as SIP ports.
  7. Use a SIP trunking provider who prioritises your security: Here at N4Engage our ISO 27001 certification ensures that we meet stringent control requirements for our SIP platform to offer our customers the highest possible level of quality and security. We can also provide you with monthly insights on your call spend and monitor changes in patterns to help detect suspicious activity.

Find out more about our SIP Trunking solution.