International Call Fraud Mitigation
Unlike a traditional phone system, a Voice over Internet Protocol (VoIP) enabled system may be accessible over the Internet. While this facilitates access to many new and exciting features such as trunking and access for remote users, an Internet presence also makes systems potentially vulnerable to those who wish to hijack your system in order to make expensive phone calls to far-flung locales.
Keeping these would-be freeloaders from using your phone system for no good is as easy as following a couple simple rules:
If your system doesn’t need to be accessed by remote workers then don’t allow access to the entire Internet. Have your firewall provider add rules which only allow access from your sip trunking provider(s).
Use very strong randomly generated passwords. While you usually only have to enter a password every once in a while, those who are wanting to use your system without permission can try thousands of passwords a minute. This isn’t their first rodeo so they don’t just guess; passwords like admin!23 are on the top of their list to try.
If your voicemail system permits remotely changing a call forward, ensure that it does not permit the forwarding of calls to international numbers.
Even if you are following these guidelines religiously there are bound to be systems that slip through the configuration
cracks, or someone down the line will tire of entering their complicated password and change it to something like
When this eventuality occurs the cost can be extremely high. At Clearfly we have seen compromised customer phone systems with only a
few lines tally up over $2000.00 per hour in international calls. Imagine now that they gain access to your system at 9 PM on a
Friday and you don’t notice until all your lines are in use Monday morning. There could be close to 60 hours of abuse before
anyone notices what is going on. Even at $100 per hour that is $6000 that you will be responsible for. As a fail-safe you
should seriously consider choosing a SIP trunking provider which provides
near real-time fraud detection, and can block your international calling when the activity is deemed suspicious.