Businesses that use Voice over Internet Protocol (VoIP) phone systems are at risk of theft of service, one of the most common types of VoIP fraud. Theft of service can impact an organization's VoIP network in several ways, including decreased call quality and increased costs. Here’s what businesses should know about VoIP theft of service and how to prevent or reduce the risks associated with it.
What is theft of service?
VoIP theft of service is the most common type of VoIP fraud. It involves the theft of your organization’s VoIP account credentials, including usernames and passwords, either by eavesdropping or by introducing malware into your system. Once cybercriminals gain access to your accounts, they can freely make phone calls or change your call plans and run up your VoIP bill, which is why this attack is referred to as “subscription fraud.”
In addition, cybercriminals may use the stolen data to carry out other fraudulent activities. They can also use theft of service to flood your VoIP network with promotional calls similar to junk email via an attack called Spam over Internet Telephony, or SPIT. Once they infiltrate your communications network, they might broadcast unsolicited messages or advertisements over your VoIP system. This keeps users from making or receiving calls, which can have a significant impact on your business operations.
How can you avoid theft of service?
Preventing VoIP theft of service simply requires using a little common sense and implementing the following technical preventive measures:
- Make your passwords as secure as possible. Passwords must be at least 10–12 characters long, consisting of a combination of upper- and lowercase letters, numbers, and symbols. For added security, use passphrases, which are sentence-like strings of words. They’re usually longer than passwords, easier to remember, and more difficult to crack.
- Install firmware patches for your VoIP phones and infrastructure regularly, and keep your antivirus software up to date.
- Use fraudulent call routing detection and encryption software.
- Set up an enterprise-grade virtual private network (VPN) for employees working from home/remotely. A VPN encrypts incoming and outgoing traffic without compromising call quality.
- Review your organization’s call logs for any unusual trends or behavior, such as higher-than-usual call volumes or calls made during off-hours.
VoIP is an essential business communication tool, so it pays to learn about and set safeguards against theft of service to avoid its impacts on your company’s operations. For more information and useful tips on how to keep your VoIP system secure, drop us a line today.