How to Prevent Toll Fraud

    What is Toll Fraud and How Can it Be Stopped?

    Toll or Phone Fraud is theft.  It happens when an attacker gains unauthorized access to your phone system and make long distance calls with your account. According to the Communication Fraud Control Association in 2011, worldwide phone fraud caused by compromising phone systems cost consumers approximately five billion dollars.


    Although phone system providers, like ShoreTel, take measures at the system level to reduce this risk, customers control access to the phone system and preform configuration changes, so they are ultimately responsible for the cost of fraudulent calls.  Fortunately, there are a number of things you can do to ensure the security of your  phone system and protect your company from fraud.

    6 Ways to Defeat Phone Fraud

    1. Control Account Access

    The first step to preventing fraud is controlling access to the account.  Only authorized individuals should be able to contact your phone system vendor and make changes to your account.  Make sure your vendor maintains and adheres to the list of contacts and that one person in your company is authorized to change that list.  We also recommend auditing that list every ninety days to ensure that only the people you want can make changes to your account.

    2. Restricted Class of Service

    Many IP phone system platforms, including ShoreTel Sky, can be configured to restrict international and directory assistance or require an Authorization Code before making calls.We recommend using one of these additional precautions to prevent Toll Fraud.

    3. Strong Passwords

    It is necessary to use strong passwords to make it harder for attackers to compromise your account, especially if you have enabled international calling. Here are some tactics to ensure that the password policy is as strong as possible:

    • Update passwords every 90 days
    • Do not use the same password for all phones or voicemail boxes
    • Use passwords longer than 4 digits
    • Vary the number of digits between phones

    Also, never publish the remote voicemail access phone number or default voicemail password for your company, and proactively reset the voice mailbox passwords of departed employees.

    4. Firewall Protection

    Never operate your IP phone on a public or untrusted network. If you are operating on a 3rd party network, make sure your phones are behind a firewall.  (If your organization utilizes a ShoreTel provided network connection, you are already protected.)

    5. Subscribe to Usage Reports

    Schedule daily usage reports to monitor usage charges. The ShoreTel Sky Portal allows users to subscribe to Call Detail Reports on an hourly, daily, weekly, or monthly basis.

    6. Invoice Reviews

    Review each monthly invoice to ensure that you have closed or deleted unnecessary profiles that may be associated with terminated employees and that there are no unusual or unauthorized charges.

    What Does ShoreTel do to Prevent Fraud?

    The best prevention against fraud is strong passwords. As such, ShoreTel requires passwords that meet the following criteria:

    • Contain at least four non-repeating digits
    • Must not match the last digits of your phone number
    • Must not be sequenced numbers such as "1234" or "1111"

    In addition:

    • The system is programmed to terminate access after the third invalid attempt to log into the voicemail account;
    • ShoreTel monitors for Toll Fraud 24x7x365
    • ShoreTel carrier partners also monitor for Toll Fraud 24x7x365

    Working together, we can reduce the risk and limit the impact of toll fraud substantially.

    Related Posts

    Join thousands of subscribers & get great content like this once a week