Call fraud can be to any destination, but it usually involves toll fraud: a situation in which your VoIP system is hacked and used to make lots of unauthorized international calls to locations that cost alot of money at a very rapid rate.
"In 2021, total global telecom revenues are estimated to be approximately $1.8 Trillion USD. The total amount
of telecom revenue loss due to fraud is estimated to be 2.22% of revenues or $39.89 Billion USD.
Compared to 2019, fraud losses increased 28%, or approximately $11.6 Billion USD. To put that increase into
perspective, it is the market value of US companies such as: TD Ameritrade Holding, Hartford Financial Services,
O’Reilly Automotive and ADT."
Here are some key ways to protect your VoIP system from call fraud:
Secure your outbound rules: Define specific prefixes or number lengths, and which extensions or which extension groups will be allowed to dial out. Not leaving them open to someone guessing how to dial out. You can use things like PIN protect on an extension that's built for international calls.
Only allow the country codes you need: One thing we see a lot is people having all country's open, but they are only calling in USA, 3CX has a great list of " Allowed Country Codes" that you can set to only allow your PBX to dial what locations you need.
Regularly update!: Not updating your system or devices is one of the number one-way hackers get into your system, most upgrades and updates have security fixes in them to patch venerability's that hackers use to access your system.
Passwords: Using a strong password seems like a very silly thing to even mention as we have been hearing this for many years now, but as our technology evolves so do the tools hackers use. Using a password checker such as Password Check | Kaspersky is strongly recommended to prevent yourself being victim to using a password like "Password123". This should be done on your admin login and all extensions.
Anti Hacking: 3CX has a built in "Anti-Hacking" section that offers many tools to prevent hacking which include:
- Automatic Global 3CX IP Blacklist
- Failed Authentication Protection
- Failed Challenge Requests (407)
- Blacklist time interval
- Security Barrier (Green)
- Security Barrier (Amber)
- Security Barrier (Red)
- Live Chat Requests Protection
- SSL/SecureSIP Transport and Ciphers
- Enable Provisioning Secret Key