What is SMS toll fraud?

Toll or telecommunications fraud is when unauthorized individuals access a company’s phone system and exploit it to make long-distance calls, often to premium international numbers that suffer high costs. This scammy activity can leave devastating financial consequences for businesses.

Simply suppose someone hacks into your office’s phone system and uses it to make many expensive calls to overseas lines, resulting in a huge phone bill for the company while the fraudsters take a share of the money earned.

Attackers generally target systems with network connectivity that are frequently used for two-factor authentication (2FA).

Toll fraud can be undetected until it becomes financially significant, at which point the harm is done.

Businesses must take preventative measures and set security standards to secure their phone systems from unauthorized access and malicious activities.

How does it work?

Toll fraud is a cybercrime involving unauthorized access to phone systems, leading to costly international calls.

This activity has been on the rise lately, increasing by about 15% annually and resulting in approximately $30 billion in global telephone call charges.

Here’s how toll fraud works:

• Unauthorized Access: Hackers break into your phone system, gaining control over it, usually during weekends or holidays when monitoring and security measures may be reduced.
• Costly international calls: Once inside your phone system, the hackers initiate international calls to destinations such as Cuba or Somalia with high call charges per minute.
• Accumulating charges: These fake calls can quickly rack up large expenses and may continue for a lengthy period, possibly costing your business thousands of dollars.The primary motivation behind toll fraud is financial gain. Hackers use your compromised phone system to make calls and profit from the charges caused by these calls.Toll fraud attacks are sometimes carried out simply for the thrill or to prove a point, with automated processes handling the fraudulent calls.The following are the specific tactics used by toll fraudsters:
• SMS verification code spamming: Similar to voice spamming, fraudsters create many fake verification texts using SMS.While this activity is typically less profitable, they may direct the fake traffic to high-cost SMS destinations to generate revenue.Check out this post on What is SMS vs. MMS for more information about SMS and how it differs from MMS.
• Account abuse: Fraudsters often target companies that provide services with free trials and create numerous fake accounts to make calls to premium rate numbers, generating fraudulent traffic and costs.
• Voice verification code spamming: Some businesses offer two-factor authentication (2FA) via phone calls as an option for users without SMS access or on landlines.Fraudsters exploit this by launching scripted attacks to generate large calls through the voice verification feature, often making calls worldwide.

What is SMS pumping?

In SMS pumping, cybercriminals, often working in coordinated groups, target online forms or web applications that send SMS messages automatically in response to specific requests, such as one-time passwords or authentication codes, flooding these forms with a high volume of requests.

To carry out this scheme, the cybercriminals need extremely diligent planning and the cooperation of a mobile service provider.

They approach a provider with a proposal to send a massive amount of SMS messages using numbers owned by that provider. These messages are often sent to high-cost destinations, sometimes in distant countries, further inflating the attack’s cost.

When the targeted business pays the inflated SMS bill to the provider, the provider shares some of the profits with the cybercriminals. Because they respect their reputation and network integrity, reputable providers usually avoid such operations.

One problematic aspect is that companies sometimes gain traffic from various providers, resulting in a complex network of message delivery channels. While this improves connection, it can mask unscrupulous participants working with fraudsters.

Assume you own a retail store that sells high-end haircare products and offers customers a discount in return for their phone numbers. Customers expect to get a text message with a discount code, making this scenario vulnerable to SMS pumping.

A fraudster could use automated bots to submit thousands of mobile numbers, causing each message to be routed to high-cost SMS destinations. Your business would accumulate an inflated bill even though you thought you were gaining legitimate customers.

Legal and fraudulent messages may be routed across many networks before reaching their intended receivers. Some of these networks may pay kickbacks to fraudsters, but determining the specific source of the fraud can be difficult because only a few people inside a network organization may be aware of it.

Preventing Toll Fraud: Choosing the Best Defense with Secure Equipment

Criminals have long targeted the mobile communications business, and their schemes have evolved in tandem with the industry’s achievements.

Mobile texting has played an important role in improving security and efficiency in recent years, especially during the COVID-19 epidemic.

These improvements led to new weaknesses that are extensively exploited, so implementing some of the following practices can help prevent and safeguard against toll fraud:

• Firewalls and Security Appliance
• Call Detail Records (CDRs)
• Access Controls
• Password Policies
• Vendor Support
• Monitoring and Anomaly Detection
• Call Routing Rules
• Third-Party Fraud Detection
• Education and Training
• Encryption
• Regular Audits
• VoIP Security

Why Toll Fraud Prevention is necessary

The main point here is that it is necessary to prevent toll fraud before it happens since once you become a victim, you can’t undo the harm. Simply said, prevention is the priority.

Financial impact

Toll fraud is a severe problem that costs an enormous amount of money. According to the CFCA, it’s estimated that this issue causes about $27 billion in phone bills every year worldwide.

Increasing trend

With a 15% increase yearly, it’s clear that toll fraud is becoming a more severe problem, and businesses are becoming increasingly vulnerable to these attacks without appropriate security measures.

Lack of awareness

Many firms are either ignorant of the problem of toll fraud or lack the necessary safety measures. 84% of US companies are vulnerable to cybercrime in 2023, including various types of fraud, noting the importance of training and prevention actions.

Advanced attacks

Toll fraud attacks are well-organized and automated, making them somewhat impossible to detect. They frequently happen outside normal business hours, making identification considerably more difficult.

This highlights the significance of effective security systems monitoring and responding to suspicious behavior.

More on how to prevent it

Toll fraud prevention and detection are vital since this practice can impact a company’s finances, reputation, and relationships with workers, customers, and the general public.

In today’s world, it’s quite challenging to stop it since hackers are always trying to develop more advanced methods, making it paramount to stay informed and vigilant about potential business vulnerabilities.

Here are the most important toll fraud protection measures you can implement:

1. Restrict international calling: If your company doesn’t need international calls, limit international calling on your phone system and through your phone carrier to avoid unwanted foreign calls.
2. Block Caribbean countries: Some Caribbean countries don’t use the 011 international dialing code but follow the North American dialing plan. To prevent toll fraud, block calls to these Caribbean countries.There are 18 area codes to consider, including 242, 649, 345, 876, 809, 787, 340, 264, 284, 869, 268, 664, 767, 758, 784, 473, 246, and 868. Block these area codes unless your business genuinely needs to call them
3. Network segmentation: Ensure your company telephone system is hosted on a separate white network from your data network. This isolation makes it harder for hackers to exploit vulnerabilities.
4. Limit information sharing: Never give technical details about your PDX (Private Branch Exchange) system to anybody outside the company, as this information is often used maliciously.
5. Password management: Use strong and unique passwords instead of using factory or default passwords on your system. Verify your system frequently to check for no unauthorized or extra passwords.
6. International call blocking: To prevent fraudulent international calls, set international call blocking on your system if it isn’t necessary for your business operations.
7. Mailbox security: Regularly lock or disable unused mailboxes in your system to reduce potential entry points for hackers.
8. Avoid predictable PINs: Instruct employees not to use predictable PINs for voicemail access, such as the final digits of their direct dial numbers, sequential numbers like “111,” or incremental numbers like “1234”.
9. Privacy practices: Never publish employees’ names and phone numbers online since attackers can exploit this information to target your system.
10. Voicemail lockout: To add extra protection, set your system to lock a voicemail box after three failed login attempts.

In addition to the previously stated safety measures, companies can improve communication security by using SMS API providers such as Textgrid, recognized for their strict security features based on HIPAA.

This helps protect your company’s communications, such as SMS and messaging services and guarantees that only authorized individuals may access their systems.

SMS toll fraud examples

Freecall Number Fraud – Attackers can make illegal calls using freecall numbers connected to the telephone system.

Unsecured Remote Access Fraud – Hackers can access the telephone system if remote access, whether via modems or the internet, is not well protected.

Voice Mail System Fraud – Toll fraud can be performed via voice mail systems, especially if they allow for dialing.

Large Number of Trunks Fraud – Telephone systems include many trunks, such as ISDN or SIP trunks.

Direct Inward System Access (DISA) Fraud – Hackers may exploit Direct Inward System Access features if not properly secured with PINs or other measures.

Default Passwords Fraud – Systems, voicemail, or management portals with default passwords.

Call Forwarding Fraud – Attackers that can route phones to external numbers may use this feature for toll fraud.

Wide Access to Long-Distance and International Dialing Fraud – Systems having wide access to long-distance and international dialing can be used to make fraudulent calls, especially if they are not fully monitored and secured.

Premium Telephone Number Fraud – Businesses that use premium phone numbers, especially for services such as adult chat lines, tech help, voting, weather forecasts, or emergency calls, are vulnerable to toll theft.

Legacy Phone System Fraud – Legacy phone systems can be prone to toll fraud if complex features such as Direct Inward Dial (DID) numbers are used without safety measures such as PINs.

VoIP-Related Toll Fraud – Fraudsters can target vulnerabilities in VoIP systems via port scanning, exploiting password weaknesses, or getting unauthorized access to SIP servers.