1 min read

Fraudulent Calling: How to Minimize Your Risk.

Picture of CallTower Blog Team CallTower Blog Team : Jul 21, 2016 10:19:44 AM

Blog

Hackers cost companies millions:

Hackers continue to find new ways to hijack phone systems to make fraudulent calls. They attack companies and organizations of all sizes, and the losses, while not known precisely, are likely to be in the millions of dollars.

While hackers are continually finding new strategies, there are steps you can take to minimize their likelihood of success with your phone system.

Steps to minimize risk:

First, check with your phone system vendor to see if they have built fraud prevention into your phone system and if so, what steps you need to take to make the best use of it. Next, check with your insurance provider to make sure you will be covered in the event of fraud.

Additional Phone System Protections:

  • Set your phone system so that it accepts connections only from on‐site phones and specific, known IP addresses.
  • Check on phones where call forwarding has been set up. A common technique is for a hacker to set an extension so that it forwards calls to a fraudulent destination.
  • Use complex passwords and/or MD5 authentication or public/private keys.
    • Set passwords to at least eight characters in length, with at least one capital letter, at least one number, and at least one special character as allowed by your phone system.
  • Ensure that users are not allowed to use their extensions or other trivial PINs as the password on their voicemail accounts (e.g., 1111, 1234, etc.)
  • Configure SIP proxies and firewalls with access lists to prevent access from unauthorized IP address blocks.
  • Configure your phone system to reject calls to international destinations if you do not need to call them. If you do need to make international calls, set up only the destinations you need to call, if your phone system allows.
  • Change usernames and passwords for connected devices when a user leaves or becomes de-authorized. Ensure that all access is removed from a user upon departure.
  • Change passwords routinely on remote connected accounts.
  • Review call records regularly to be sure that traffic is what is expected from normal business use.
  • Do not share SIP account passwords and device configuration passwords with anyone.
  • Do not allow external users to redial from the phone system.
  • Prevent external access to the phone system management portal.
  • Secure other services on the phone system. HTTP, FTP, and SSH are commonly exploited and should be tightly restricted.
  • Phone systems should be behind firewalls, and SIP proxy services should be used to pass traffic between external and internal systems.
  • Ensure that no default passwords have been left on your phone system and network devices.

Evolving Direct-to-Carrier Calling with Operator Connect

Picture of Tonya Andrea Tonya Andrea : May 29, 2025 9:15:00 AM

The Operator Connect Evolution: What’s Next in Direct-to-Carrier Microsoft Teams Integration?

The world of unified communications is moving faster...

UCaaS Microsoft Teams Blog operator connect CallTower
Read More

Understanding CMMC & How CallTower Supports Contractors with GCC High

Picture of Evan Lewis Evan Lewis : May 28, 2025 11:15:00 AM

Cybersecurity threats are growing more sophisticated every day, creating challenges for organizations handling sensitive data. For companies working...

Microsoft voice enabled Microsoft Teams gcc high direct routing CallTower Microsoft 365
Read More

Remote Work and BYOD in UCaaS: Transforming How Businesses Work

Picture of Evan Lewis Evan Lewis : May 22, 2025 11:15:00 AM

The landscape of work has transformed dramatically, with businesses increasingly adopting remote work models and modern communication solutions. ...

cost savings Microsoft mobile Zoom remote work Webex Calling zoom phone CallTower Phonism
Read More