Toll fraud is one of the most underappreciated threats in modern business telephony. While many organisations are familiar with email scams and phishing, few realise that the same kind of financial exploitation can happen through their phone system.
Understanding the Basics
For those used to traditional landlines, it’s helpful to understand the shift in technology.
- PSTN (Public Switched Telephone Network): This is the older system of copper lines and exchanges, used for decades for local and international calls.
- VoIP (Voice over IP): This system uses the internet to make and receive phone calls, offering more flexibility, lower cost—especially internationally—and scalable features for businesses.
However, with new technology comes new vulnerabilities.
What is Toll Fraud?
Toll fraud occurs when someone gains access to your SIP account or Phone System—usually a VoIP-based one—and uses it to make unauthorised calls, often to expensive international or premium-rate numbers.
The goal isn’t personal communication. It’s revenue generation. Often, the destination number is under the control of a fraudster or a complicit service, and your business pays the bill.
🔐 At Approved Systems, we implement extensive security controls to protect against toll fraud.
While no system is entirely foolproof, our Managed Voice Services incorporate call restrictions, real-time monitoring, secure provisioning, and lockout thresholds to reduce the risk significantly.
How Does It Happen?
Toll fraud can occur through various attack vectors, many of which take advantage of misconfigurations, unattended devices, or poor credential hygiene. Below are the most common scenarios:
- Weak or Default Credentials
Attackers scan the internet for VoIP devices or PBX servers with default or easily guessable passwords. - Exposed SIP Trunks or PBXs
If a phone system is accessible from the public internet without proper access controls, it can be used to place calls. - Unattended VoIP Phones in the Wrong Hands
Fraudsters or “mules” may get physical access to VoIP handsets (e.g., at a job site or unmonitored location). These phones often store SIP credentials in plain text or within the device interface. If extracted, they can be handed over to a third party who exploits them remotely. - Leaked Softphone Credentials
Softphone login details stored in unencrypted emails, shared drives, or user desktops can be discovered and used if an employee’s email account is hacked. - Voicemail Boxes That Dial Out
Some legacy voicemail systems allow outbound dialling. If these aren’t locked down, attackers can trick the system into making toll calls.
What You Might Hear During a Fraudulent Call
Fraudulent calls often stay connected for as long as possible to maximise charges. To prevent being automatically disconnected, many play looping or misleading audio to simulate conversation or activity:
🎙️ Live sports commentary (e.g., football matches with crowd noise)
🎵 Overlapping hold music tracks to confuse the listener or system
📚 Audiobooks or synthetic voices reading random content
📞 Silent voicemail greetings or tones to trick PBX logic into staying connected
These aren’t accidents. They’re engineered distractions to help keep the line open.
Who’s at Risk?
Any business or home user using a VoIP Phone System, IP Based Desk Phone, Software Phone, Home and Business Internet Routers with VoIP Voice Lines/ports activated, Wi-Fi Cordless IP Phones, VoIP Dect Phones — particularly any one accessible from the internet, or accessible from within a Network which has been compromised — is a potential target.
You’re especially at risk if:
- You allow international or premium-rate calling
- You do not monitor or limit after-hours activity
- You leave phones in public or unsupervised areas
- You send or Store SIP login credentials by email
🔎 Approved Systems regularly audits clients’ PBX configurations to detect potential entry points. We also monitor billing anomalies and provide security alerts for suspicious patterns.
What Are the Costs?
The financial impact can be severe. We’ve seen toll fraud run up thousands of dollars in a single weekend, often before anyone even notices.
- Damage your relationship with your Voice Telecommunications provider
- Raise flags with regulators if international traffic is suspicious
- Termination of your Phone account by your Telco’s Fraud Policies.
- Interrupt legitimate business communications while systems are being investigated
How Can You Protect Your Business?
Here are the best practices we recommend:
- 🔐 Use Strong, Unique Credentials
Set strong passwords for each device and SIP account. Avoid reusing passwords or leaving them in emails. - 🌍 Restrict International Dialling
Block all outbound international calls unless explicitly needed. - 🕒 Limit After-Hours Calling
Restrict calls outside business hours. Many attacks happen on weekends and public holidays. - 📡 Geo-block and IP Whitelist
Limit access to trusted IPs or networks. Block SIP registrations from foreign IPs. - 📈 Monitor Call Traffic
Watch for volume spikes or long-duration calls to unusual destinations. Approved Systems does this on your behalf as part of our managed VoIP services. - 🔄 Rotate and Reissue Credentials
If a device is lost, repurposed, or assigned to a new user, wipe and reset credentials before reissuing.
Final Thoughts
Toll fraud is real, it’s evolving, and it doesn’t discriminate. Even small and medium-sized businesses are being targeted by automated scanning bots and organised fraud networks.
At Approved Systems, we’re committed to reducing the risk. While no phone system can ever be 100% immune, we build layers of protection that significantly reduce the chance of financial damage.
If you’re unsure whether your system is secure, or if you’ve experienced unexpected international call charges, get in touch with our team. We’re here to help you build a safer, smarter phone environment.
🛡️ Talk to Us About VoIP Security and Compliance Audits
Visit our Contact Page or email us at helpdesk@approvedsystems.com.au.