Protecting Against Phone Fraud

Phone Fraud is a widespread problem in North America and across the globe, and as technology advances, so do the opportunities for fraud. No matter where your business is located or who your phone provider is, Phone Fraud is a concern for your business.

What is Phone Fraud?

Phone Fraud (also known as "Telecommunications Fraud" or "Toll Fraud") occurs whenever an unauthorized user gains access to and/or places fraudulent charges to your telephone system. It can take many forms from unwanted collect calls to voicemail hacking. Whatever method a fraudster may use, your business's best defence is knowledge.

How to Protect your Business Against Phone Fraud

  • Monitor Remote Access and Administration
  • Remote Access allows an inbound caller to access your business's phone system and make outbound calls through it by using an access code. This is one of the most common modes of illegal entry into a phone system. To limit the risk to your business, use passwords and authorization codes to access these features. If your business does not use these features, contact your system administrator or provider to ensure that these features are turned off.

Use Strong Passwords and Authorization Codes

Your phone system's security is only as strong as the passwords used to access it. Follow these tips to make sure your passwords and authorization codes are not easily guessed:

  • Use the pound sign (#) and asterisk (*) in your password if your system allows it.
  • Use passwords that are at least 7 characters long. For maximum protection, you should use the maximum number of characters that your system allows.
  • Do not use predictable patterns such as repeating characters (55555) or ascending or descending characters (54321).
  • Do not use your extension number (or it's reverse), your office number, or any other information that identifies a system owner or user (such as an employee number or social insurance number).
  • Do not write down your password or store it on your hard drive or network. If a record is kept, it should stored in a secure location.

Frequently Change Passwords and Authorization Codes

It is a good idea to change your passwords and authorization codes at least four times a year. It's also recommended that you change access/authorization codes whenever an employee (such as a network technician) leaves the company.

Control Long Distance Calling

  • As the potential for long distance fraud is possible through methods other than just your phone system, Wightman has implemented an outbound calling blacklist to specific areas of known fraud activity. This blacklist is created by our telephone switch vendor and is based on the frequency of long distance fraud to the countries on the list, and is as follows:
Afghanistan Diego Garcia Korea Nicaragua South Sudan
Albania Djibouti Kyrgyzstan Niger Sri Lanka
Algeria DR Congo Laos Nigeria St. Helena
Andorra East Timor Latvia Niue Islands St. Pierre and Miquelon
Ascension Islands Ecuador Lebanon Norfolk Islands Sudan
Azerbaijan El Salvador Liberia North Korea Swaziland
Belarus Eritrea Libya Oman Togo
Benin Estonia Lichtenstein Palau Tonga Island
Bosnia-Herzegovina Ethiopia Lithuania Palestine Tunisia
Brunei Falkland Islands Macedonia Papua New Guinea Tuvalu
Bulgaria Fiji Madagascar Peru Uganda
Burkina Faso French Polynesia Malawi Philippines Ukraine
Burma Gabon Malaysia Poland Uzbekistan
Burundi Gambia Maldives Qatar Vanuatu
Cambodia Ghana Mali Romania Vietnam
Cameroon Guatemala Marshall Islands Samoa Wallis Fortuna
Cape Verde Guinea Mauritania San Marino Zambia
Central African Republic Guinea Bissau Moldova Sao Tome and Principe Zimbabwe
Chad Guyana Monaco Senegal  
Chile Haiti Montenegro Serbia  
Colombia Honduras Morocco Seychelles  
Comoros Inmarsat Mozambique Sierra Leone  
Cook Islands Iridium Namibia Slovenia  
Cuba Ivory Coast Nauru Solomon Islands  
Cyprus Kiribati Nepal Somalia  

By implementing this feature, the default is that no long distance calls can be placed to the countries on the list. Should you require access to place calls to any of the restricted countries, please contact our technical support team at 1.877.327.4440 to have the restriction removed from your line.

  • We have the ability to block all International long distance calls. This broadens the list of restricted countries that your Wightman phone lines would be unable to place calls to.
  • We have the ability to add long distance account codes to your Wightman phone lines. This business feature intercepts all 011+ and/or 1+ long distance calls and prompts the caller for an authorization code. When a valid code is entered, the call proceeds. One or more validation codes may be added to your line. This feature has an additional benefit in that it identifies the long distance calls by account code on your bill so you may use this to track your long distance billing by the individual staff member, job number etc.

Please contact our Customer Care team at 1-888-477-2177 to discuss these options.

Restrict Automated Attendant Access

Automated attendants are another common entry point for unauthorized third parties. When the automated attendant "picks up," fraudsters can dial 91XX or 9011. On many phone systems (if the dial-out feature is active), this extension connects the caller to an outside long distance line. The best defence is to block 9XXX or 8XXX access codes and/or require an additional authorization code.

Monitor Your System

Closely monitoring your phone system will help you to catch suspicious activity early. Watch for unusual patterns or usage spikes in your PBX, voicemail, automated attendant, and toll-free systems. These may be indicators that someone is attempting to gain access to your phone system.

Please take the precautions listed above. Ultimately, any unauthorized calls made to or from your phone system equipment — whether by someone in your company or by a third party — are your responsibility. It is essential that you take steps to protect your business from phone fraud.