Toll Fraud and Security: Why PBXs Get Hacked

Author: James Loder

Has this ever happened to you? You log into your PBX one morning to find failed login attempts from all corners of the world. If not, you’re among the lucky, as, sadly, this is a common occurrence. In this situation, you’re looking at a best-case scenario of inefficient security practices that allowed such intrusions to occur with minimal disruption. Worst case scenario offers a far bleaker picture: fraudulent activity that results in thousands of dollars of charges to your phone bill at the end of the month. This is known as toll fraud. 

A multi-billion dollar a year illegal scheme, toll fraud funnels money primarily from SMB businesses to criminal organizations across the globe. While the actual methodology of this type of fraud has proven difficult to stamp out, there are some proactive (and easy) steps you can take to protect yourself and your business from the devastating financial ramifications.

Get in the mind of the hackers

Your first step in combatting this form of fraud is to understand how the hackers benefit. Toll fraud is most frequently centered around International Premium Rate Numbers (IPRNs), which are international numbers traditionally billed on a per-minute basis. Think: “call now and speak to X for $2/minute,” or something of the like. The high cost of termination for these phone calls is split between the terminating provider and the owner of the IPRN.

While these numbers have a valid, legitimate use, they are also the perfect launching pad for bad actors to rack up huge fees. Here, the fraudsters will first purchase the IPRN, then target vulnerable systems with the ultimate goal of pushing as many phone calls as possible through that number to generate revenue. Targeting what they deem is “low-hanging fruit,” hackers are always on the lookout for a PBX that they can easily break into before moving on to the next. 

Employ cyber security practices

You don’t need to be a cyber security expert to take basic precautions that could save you or your customers thousands of dollars of fraudulent charges. It may seem like a no-brainer, but be sure to require secure login credentials. Couple that with a limit on login attempts with a resulting blacklist and you’re well on your way to securing your PBX. The truth is, systems are most commonly accessed as a result of weak passwords or users who neglect to set security rules. 

Institute country-specific restrictions on calls

If you are doing business domestically, there is no reason to allow your users to dial internationally. If sweeping international call restrictions aren’t practical for your business, consider blocking calls to countries that are toll-free hotspots. Fortunately, 3CX, along with other PBXs, offer this functionality. 3CX also maintains a global blacklist that harvests the IP’s of bad actors from all over the world, automatically adding them to your PBX blacklist.

I would be remiss if I didn’t mention another noteworthy form of fraud, and that is Wangiri. We’ve all been on the receiving end of this one in the form of a phone call from an unknown number with an immediate hang-up as the phone rings. The fraudster is likely calling from an IPRN with the hope that you’ll call them back. What’s in it for them? Your callback generates revenue for the owner of the IPRN, in the same manner that traditional toll fraud works. The good news is this one is very easy to combat. Don’t return calls to unknown numbers or you might find yourself on the wrong side of a large phone bill.

PBX fraud does happen, but you are not powerless to stop it. With some simple security protocols and rules, blacklist functionality and common sense, you’ve got this covered. 

For more information on preventing fraud, talk to one of our team members today.


Seeing Is Believing

Sign up for a free, personalized demo and see how the power of the cloud can work for you and your clients’ businesses.

    [3cx-clicktotalk id="8797" title="Telin Team Chat"]

    Sign up for regular
    updates and resources

      Telin Telin is a white label hosted VOIP communications solutions provider with a unique distribution model; we are your one source for all things unified communications.
      579 Harris Street Ultimo, NSW 2007, Australia
      159 King Street Peterborough ON K9J 2R8, Canada
      Suite 300, 4503 Brisbois Drive NW Calgary AB, T2L 2G3, Canada
      101 Eisenhower Parkway Roseland, NJ, 07068, United States
      180 Montgomery St San Francisco, CA 94104, United States
      401 East Jackson Street Tampa, FL 33602, United States
      Telin Phone: 1-844-673-5945