Toll fraud, otherwise known as phone phreaking, call phreaking or dial-through fraud is on the rise in the UK. It’s costing businesses thousands and in some cases tens of thousands of pounds. The reason: it can go completely undetected until the time of your next phone bill – and suddenly you’re stung with a huge bill that you might not be able to afford.
Small and Medium Enterprises are finding toll fraud particularly difficult to deal with as it can become such a damaging cost and in some cases can put them out of business.
What is Toll Fraud?
Toll fraud, or phone phreaking, is where a cyber criminal hacks into your telephone system and uses it to make calls, usually international or premium calls at your expense, the end result being a huge bill.
Are you good at maths?
Imagine the following scenario:
All of your employees leave the office on a Friday at 17:30 and come back on Monday at 09.00. During this time someone is hacking your phone system and is making international calls at a premium rate (over £1 a minute!), for example at £1.15 per minute.
In essence this may not seem like very much, but when you think how many minutes that call is lasting, up to 63 and a half hours if the line is kept open the entire time, so a staggering 3,810 minutes. Now multiply this by the premium £1.15 per minute and you’re already looking at a £4,381.50 bill on top of your usual monthly cost.
It’s get worse still – whilst this is based on the assumption they stay on the line for the entire time, it is also based on the assumption they only use one line. What if you have 5 lines and the same happens to each? That’s now £21,907.50.
And to add to the blow, what if this happens every time the phone lines are available – you can begin to see why toll fraud can be such an expensive and damaging form of cyber crime.
You might now be thinking that the chance of it happening to you are slim, and sure, that might be true, but can you afford to take the chance at all?
Whilst toll fraud can truly happen to anyone, it can sting some industries worse than others, these tend to be companies that commonly use multiple phone lines such as law firms, accountancy firms and call centres.
How bad is toll fraud in the UK?
The UK is actually one of the top 5 countries in the world for toll fraud taking place.
Phone hacking and telecommunications fraud is thought to cost the UK as much as £1.5 billion a year with some individual business seeing bills as large as £ 35,000 where hackers have used their phone service to make thousands of calls, many to premium numbers.
In today’s connected world, every business is at risk of toll fraud.
It doesn’t help that a staggering number of organisations, large and small, have neither the knowledge nor the resources to ensure that their systems, information processes and people are protected in the face of this ever changing digital environment.
Whilst toll fraud is often something you find out about after the damage has occurred, mainly because it remains difficult to stop it completely, it’s important for companies to learn to prevent it or understand how it happens to try and reduce the risk.
Is there any good news?
Sort of – there are some ways that you can try and prevent toll fraud.
A few suggestions on how to protect your phone system:
Security – have an annual review – maintain strong physical security. Keep an eye out for new vulnerabilities to your phone system.
Restrict International calls – outside working hours, restrict international calls, these being the major destinations for toll fraud. If your company needs to make International calls, set up a password for them.
Passwords – first thing to do after you purchase a phone system is to change the default password provided and make a habit of changing them regularly, preferably on a monthly basis.
Employees – when employees are leaving the company delete their accounts and create new ones for the new people who are coming on board with your company. Also train your employees to understand when a toll fraud may occur and to report immediately.
Phone audit – probe your phone systems for any vulnerabilities that may have been overlooked or neglected.
Find out more in our Guide to Combating Telephone Fraud
You can contact us to find out more about protecting your company from cyber criminals.
Editor note: The post was originally published in March 2015.