V
    VoIP Help Page
    Security & Fraud

    Toll Fraud Prevention Checklist

    The VoIP Help Page Team·4 min read·Last updated: March 15, 2026

    ## What Is Toll Fraud? Toll fraud occurs when unauthorized individuals gain access to your phone system and place expensive calls — typically to international or premium-rate numbers. These attacks often happen overnight or on weekends when no one is monitoring the system, and the resulting charges can reach **thousands of dollars** before anyone notices. The good news: a few straightforward precautions can dramatically reduce your risk.

    Step 1

    Restrict International and Premium Calling

    Most users don't need international dialing. Use Dial Permissions in your Manager Portal to disable international and premium-rate calling for every extension that doesn't explicitly require it.

    Best Practice: Start with international calling disabled for all users by default, then enable it only for specific extensions on a case-by-case basis. Document every exception.

    Step 2

    Set Outbound Call Limits

    Configure per-user outbound call limits to cap the number of simultaneous calls each extension can make. This limits the damage if credentials are compromised.

    1. 1
      Log in to the Manager Portal
    2. 2
      Navigate to the user or extension settings
    3. 3
      Set a reasonable simultaneous call limit (typically 1–3 for most users)
    4. 4
      Save your changes
    Step 3

    Use Strong, Unique Passwords

    Every portal account and SIP credential should have a strong, unique password. Avoid reusing passwords across extensions or accounts.

    Tip: Use a password manager to generate and store complex passwords. SIP credentials should be at least 16 characters with a mix of uppercase, lowercase, numbers, and symbols.

    Step 4

    Enable Multi-Factor Authentication (MFA)

    Enable MFA on all Manager Portal accounts. This adds a critical second layer of protection — even if a password is compromised, the attacker still can't log in without the second factor.

    1. 1
      Go to your portal account settings
    2. 2
      Enable Multi-Factor Authentication
    3. 3
      Register your authenticator app or phone number
    4. 4
      Verify it works by logging out and back in
    Step 5

    Audit Call History Regularly

    Review your Call Detail Records (CDRs) at least weekly. Look for anything unusual — especially calls to unfamiliar international numbers, calls placed outside of business hours, or sudden spikes in volume.

    Best Practice: Set a recurring calendar reminder to review CDRs every Monday morning. Even a quick 5-minute scan can catch fraud early and save thousands.

    Step 6

    Disable Unused Extensions and Devices

    Any extension or device that isn't actively in use is a potential attack vector. Deactivate or remove unused extensions from your system promptly when employees leave or devices are retired.

    1. 1
      Identify all active extensions in the Manager Portal
    2. 2
      Cross-reference with your current employee roster
    3. 3
      Disable or delete any extensions no longer in use
    4. 4
      Remove old device registrations
    Step 7

    Never Share SIP Credentials Insecurely

    SIP usernames and passwords should never be sent via email, stored in shared spreadsheets, or written on sticky notes. Treat SIP credentials with the same care as banking passwords.

    Warning: If you suspect SIP credentials have been exposed, change them immediately and audit recent call activity for that extension.

    Step 8

    Set Up Emergency Notifications

    Configure E911 and system alert notifications so that administrators are immediately notified of suspicious activity, such as calls from unexpected locations or after-hours usage.

    Warning Signs of Toll Fraud

    Watch for these red flags that may indicate your system has been compromised:

    • Calls to unusual international destinations — especially countries you don't do business with (e.g., Cuba, Somalia, Latvia, Sierra Leone)
    • High call volumes late at night or on weekends — when your office is closed
    • Sudden spike in CDR activity — a dramatic increase in the number or duration of outbound calls
    • Unfamiliar numbers in call logs — premium-rate or toll numbers you don't recognize
    • Multiple simultaneous calls from a single extension — especially one assigned to a single user
    • Complaints from your provider about unusual traffic patterns

    Tip: If you notice any of these warning signs, don't wait — take action immediately by following the steps below.

    Final Thoughts

    If you suspect toll fraud is occurring on your system, act immediately:

    1. 1
      Disable the compromised extension(s) right away
    2. 2
      Change all SIP credentials and portal passwords
    3. 3
      Contact your VoIP provider — they can help block suspicious traffic and investigate
    4. 4
      Review your CDRs to understand the scope of the fraud
    5. 5
      File a report with your provider and, if appropriate, with law enforcement

    Toll fraud is preventable. By following this checklist and staying vigilant, you can protect your business from unexpected charges and keep your phone system secure.

    Related Articles

    International Toll Fraud / IRSF

    Security & Fraud

    Domestic Toll Fraud / Traffic Pumping

    Security & Fraud

    Recommended Fraud Mitigation Best Practices

    Security & Fraud

    Was this article helpful?