Avoid long-distance fraud

Updated 1/15/2019 6:16:40 PM by Comcast Expert


Theft of long-distance voice services (“Toll-Fraud”) can occur for small and large businesses alike. Whether your business uses line services attached to phones or a PBX (Private Branch Exchange), it is still vulnerable to Toll-Fraud. Hundreds of thousands of dollars of Toll-Fraud can occur in just days and sometimes hours depending on the size of your company’s telephone system. Businesses that take precautions against it will most often deter the perpetrators, thereby avoiding the cost and hassle of dealing with unauthorized phone system access.

You can download a PDF version of this article here (Adobe Reader required).

Common types of toll fraud

Unauthorized Voicemail Access
This occurs when perpetrators access your voicemail illegally by determining your access password and placing outbound calls from the system. Some voicemail systems allow this while others do not.
Unauthorized Call Forward/ Transfer
Similarly, if your PBX voicemail system is breached, often Call Forward or Call Transfer can be invoked by the perpetrator to send inbound calls to an unauthorized destination. In some cases, transferred calls can take place for several hours or days before detection.
Direct Inward System Access (DISA)
This telephone system feature allows an outside caller to dial directly into the telephone system and to access all of the system’s features and functions. DISA is typically used by company employees to make long-distance and international calls over their company’s phone lines, which may be published. It is also the most common way perpetrators commit Toll-Fraud. Often DISA port access is provided by way of a Toll Free number. If this Toll Free number gets into the wrong hands, Toll-Fraud can occur.
Social Engineering
A perpetrator persuades a company employee to provide dial tone access — e.g. the perpetrator pretends to be calling from a telephone company and asks an employee for help in getting an outside line (e.g. dialing a 1-900 number or transferring to 9011, which is often set up to get to an international number). The perpetrator may also seek sensitive information such as PINs, passwords, social security numbers, credit card numbers, etc. Perpetrators may even attempt to convince company employees to accept chargeable (3rd party billed, collect) calls.


Fraud prevention techniques

Businesses that take precautions against toll fraud will most often deter the perpetrators, and thereby avoid the cost and hassle of dealing with unauthorized phone system access.

  • Change all of your phone system factory default passwords, including voicemail and system access. This should be done often. Every 60-120 days is recommended.

  • Ask Comcast or your PBX maintenance provider to turn off international calling functionality if your company does not need it. If you have a PBX and require some form of international calling, your system often will allow you to block certain country and city code combinations. Ask your PBX maintenance manager for further details about this functionality.

  • Comcast Business representatives are instructed to authenticate that a caller is an authorized user before sharing customer proprietary network information. You will receive a Security PIN in the mail within two weeks from installation of your service. The PIN is required to establish Comcast Business My Account access. To diminish the chances for unauthorized access to your account, this PIN should be stored securely and shared only with the employees who are authorized users for your account.

  • Educate your employees. If they receive suspicious calls requesting transfers or passwords, they should redirect the call to the phone system administrator or other knowledgeable individual.

  • Be sure your phone system's voicemail Call Forward functionality has not been involuntarily activated. If it has, turn it off and change your passwords.

  • Review your voice service bills each month. Does the call detail show normal calling patterns? If not, be sure to contact your phone system administrator and Comcast.

  • Review the Call Detail Records from your phone system daily or weekly and look for unauthorized calls. Call Detail Records may be accessed through My Account.

  • Consider having a phone system security audit done by an independent third party to identify potential vulnerabilities.

  • Be sure that former employees do not have access to the phone system - either block their service access or change the password settings on the phone system.

  • If your company needs international calling capabilities and your PBX supports access codes, require them for international calling purposes. If your company doesn’t require international calling capabilities, ask Comcast to remove that functionality from your service.

  • If the voicemail on your phone system allows out-dialing functionality and your company doesn’t need it, turn it off.

  • Do a PBX audit with your PBX vendor if you haven’t done so recently.

  • If you suspect unauthorized activity, restrict access to your PBX to authorized administrators and call Comcast immediately.

  • Consider PBX lock-down activities such as:

    • Placing the PBX in a secure room for both business and after hours

    • Installing intrusion-detection alarms for the PBX room

    • Storing critical information and passwords securely; avoid displaying them publicly

    • Providing remote access only to those who need it

    • Keeping anti-virus protection activated with encryption of voice packets activated

    • Disabling or restricting unnecessary services or ports


Customer responsibility

Comcast Business recognizes the potential for Toll-Fraud and strives to minimize the impact to customers should it occur. Nonetheless, as detailed in Comcast Business Terms and Conditions, Comcast Business does not bear responsibility for Toll-Fraud. Your company is responsible for securing its phone system and paying for any usage charges that may occur through fraudulent activity.


Links to informative sources

Links where you can better educate yourself or report an incident are provided below.

For additional Comcast Business Help & Support, please visit business.comcast.com/help.

Was This Article Helpful?

Rate this article on a scale of 1-5

Didn't find what you're looking for?

Related Articles

» More about Business Voice