1 min read

Fraudulent Calling: How to Minimize Your Risk.

Picture of CallTower Blog Team CallTower Blog Team : Jul 21, 2016 10:19:44 AM

Blog

Hackers cost companies millions:

Hackers continue to find new ways to hijack phone systems to make fraudulent calls. They attack companies and organizations of all sizes, and the losses, while not known precisely, are likely to be in the millions of dollars.

While hackers are continually finding new strategies, there are steps you can take to minimize their likelihood of success with your phone system.

Steps to minimize risk:

First, check with your phone system vendor to see if they have built fraud prevention into your phone system and if so, what steps you need to take to make the best use of it. Next, check with your insurance provider to make sure you will be covered in the event of fraud.

Additional Phone System Protections:

  • Set your phone system so that it accepts connections only from on‐site phones and specific, known IP addresses.
  • Check on phones where call forwarding has been set up. A common technique is for a hacker to set an extension so that it forwards calls to a fraudulent destination.
  • Use complex passwords and/or MD5 authentication or public/private keys.
    • Set passwords to at least eight characters in length, with at least one capital letter, at least one number, and at least one special character as allowed by your phone system.
  • Ensure that users are not allowed to use their extensions or other trivial PINs as the password on their voicemail accounts (e.g., 1111, 1234, etc.)
  • Configure SIP proxies and firewalls with access lists to prevent access from unauthorized IP address blocks.
  • Configure your phone system to reject calls to international destinations if you do not need to call them. If you do need to make international calls, set up only the destinations you need to call, if your phone system allows.
  • Change usernames and passwords for connected devices when a user leaves or becomes de-authorized. Ensure that all access is removed from a user upon departure.
  • Change passwords routinely on remote connected accounts.
  • Review call records regularly to be sure that traffic is what is expected from normal business use.
  • Do not share SIP account passwords and device configuration passwords with anyone.
  • Do not allow external users to redial from the phone system.
  • Prevent external access to the phone system management portal.
  • Secure other services on the phone system. HTTP, FTP, and SSH are commonly exploited and should be tightly restricted.
  • Phone systems should be behind firewalls, and SIP proxy services should be used to pass traffic between external and internal systems.
  • Ensure that no default passwords have been left on your phone system and network devices.

Global UC Systems: Transforming Communication for Modern Businesses

Picture of Evan Lewis Evan Lewis : Apr 2, 2026 11:00:01 AM

In our globally connected modern world, expanding a business internationally brings a host of exciting opportunities, but also introduces complex...

UCaaS unified communications calltower connect UC mobile Microsoft Teams Cloud Solutions Webex Calling
Read More

1 min read

Why Training Must Be Built into Your Deployment Plan (Not Added on Later)

Picture of Joseph Koltis Joseph Koltis : Mar 30, 2026 11:00:02 AM

Deployment.That magical, stressful period of an implementation where the rubber hits the road.You’ve done all you can to make this moment as smooth...

Blog CallTower Training & Webinars Customer Success
Read More

Unlocking the Power of Conversational and Agentic AI in Contact Centers

Picture of Evan Lewis Evan Lewis : Mar 26, 2026 11:00:00 AM

Artificial intelligence (AI) is rapidly changing the game for contact centers. Fromvirtual agents handling routine customer questions and agent...

cost savings Contact Center ccaas business communications ai artificial intelligence Conversational AI Agentic AI
Read More