While many users may not know exactly what Toll Fraud is, it is important to be cautious of it. While ‘fraud’ has a negative connotation built in, users should not approach Toll Fraud with a caviler attitude.
Define: Toll Fraud is a term that applies to the unauthorized breach of security, which results in unauthorized users having access to the functionality of a user’s account and all their information. This can cause a number of problems for users. From here, the unauthorized party can abuse the account or even sell its information. Either way, fraud can end up costing users a lot. For example, in many instances, offenders will rack up a huge bill. Since providers have rightly provided the service to the account, users are therefore responsible for paying. That being said, a bad case of toll fraud can cripple users, especially business users. Yet, while Toll Fraud is extremely hazardous, how does one know if their account has been breached? Are there precautions? Additionally, if an account is breached, how can fraud be eliminated?
Detect: While fraud can be hard to defend against and detect, neither are impossible. Many systems are most vulnerable at three main areas: PBX/Voicemail/Application Servers, PSTN Connectivity, and User/Device Authentication. In knowing this, it would be wise to review these areas to maintain security. Though users can prepare and monitor constantly, systems are always susceptible to breach (to some degree). Toll Fraud is discreet as it typically occurs after (or before) business hours—i.e. activity is unlikely to be noticed then. While it can be hard to detect, there are a number of symptoms users can look for. Some common indicators include: Single Ring Calls—if single ring calls are a reoccurring incident it could mean that ‘fraudsters’ are testing your system (i.e. extensions, active DDIs in range, voicemail entry, etc.); Irrelevant Voicemail recordings (with foreign speech)—occurs when voicemail access sequence is entered wrong and a message is left—users should note the time and check against business hours; additionally, users can monitor their fax transmissions to extensions by transferring calls to fax machine to print and analyze information. Separate from these methods, there are also more in depth symptoms to look for—i.e. Accounting Anomalies, Internal Control Symptoms, Analytical Symptoms, Lifestyle Symptoms, and Behavioral Symptoms.
Prevent/Eliminate: Though the symptoms above can be extremely helpful in diagnosing a security breach, they are not one hundred percent effective. Many fraud cases occur and are not noticed until it is too late—i.e. users receive their bill. That said, users should seek a means to prevent and/or eliminate fraud as soon as possible. That being said, many preventive tactics can be used double as elimination tactics—meaning users can setup these practices before, during, or after they suspect/identified an attack. While there are various ways to eliminate fraud, some are easier and more accessible than others—for example, the stressed use of secure passwords. Many times, users will set passwords that are easy to remember (i.e. birthdays, 1234, 111, etc.). While it’s important to know your password, users should strive to make a personal password with various characters and capitalizations—i.e. MomSept89. By splicing personal information with various characters and capitalized letters, the password is much more secure. Aside from individual user passwords, administrative passwords should follow suit as well. While passwords are effective tools, fear and paranoia can cause some users to go overboard with password security. That said, elect quality over quantity—better passwords over more of them.
In addition to passwords, users should frequently check their firewalls and network equipment. Firewalls help keep out a number of threats and external connections; therefore, they should be regularly maintained and monitored. Additionally, users should make sure that all equipment is set up properly. If a device is not set up properly, i.e. ports left open, the device is much more susceptible to breach. This is often due to user inexperience in installing their systems and security. That being said, inexperienced users may want to seek more experienced help.
Another good method of eliminating and/or preventing fraud is by limiting or shutting off remote/external access. With mobile use on the rise, security breaches are much more likely. Additionally, while the number of mobile users with access grows, open access can weaken security considerably. Though this may greatly inhibit users on the go, it may be necessary, especially if the system is known to be breached. While shutting off remote access may be a bit too extreme, users can avoid external access. Typically, both phone and voicemail systems have options for external calling (i.e. external notification, call forwarding, etc.). If users don’t use these features often, turn them off. Even if they’re used frequently, a temporary pause in usage may help rid your system of fraud.
Fraud is a real threat and it can be terrifying. That being said, some users may want to seek external help. Users can work with their service carriers to eliminate unauthorized use. Users can ask their carriers to adjust their account—i.e. turn off certain features/services and/or add an Account Code that’s both verified and required. For example, if a company doesn’t use International calling, shut it off. If they do use International calling, bloc countries your business doesn’t work with.Users should be cautious of toll fraud, as it can end up putting a heavy strain on their system via finance and function.
Even if users don’t fully understand what fraud is, it’d be wise to implore preemptive measures. As stated above, many prevention techniques are similar to elimination techniques; therefore, why even wait? Sure, not all safeguards can be enacted as service needs to perform fully on a daily basis; however, it may be wise to enact some of these tactics.