Toll fraudsters prefer monthly recurring revenue from your business

Posted On 15 Feb, 2023

I once received a frantic call from a new customer with whom we had just begun working.

They received a 250K excess bill from their telecom service provider and are obligated to pay it.

This is not a customer whose monthly telecom bill is in the hundreds of thousands of dollars.

It was an obvious case of toll fraud.

It turned out that their Cisco Expressway edge was wide open, and fraudsters took full advantage of it.

Most customers lose thousands of dollars each year and are unaware of it. Toll-fraud is real, and fraudsters use a variety of creative methods to steal money from you, which you may not realize for a long time.

Intriguing Stories About Fraud

There was an interesting story about a man who stole small amounts of money (pennies) from each person’s bank account and made a fortune until he was caught.

Smart fraudsters do the same thing; they do not make a large number of fraudulent calls that result in a large bill from the provider, as my customer did.

Instead, they continue to make small amounts of fraudulent calls in the hope that you will not notice.

Why slaughter a goose that lays golden eggs?

Toll fraud is a well-organized crime that is carried out remotely.

When your SBCs, edge devices, or IVRs are left unattended, fraudsters use them to make toll calls through your system and split the revenue with the service providers. This occurs in countries where service providers collaborate with fraudsters.


The goal is to make premium calls or calls to international destinations with extremely high rates. The fraudsters profit from these service providers who collaborate with the fraudsters.

To accomplish this, they exploit every possible gap in your telephony edge. IVR, direct SIP registration, or DMZ devices such as Expressway, SBCs, or devices with SIP registrar functionality are common techniques. You can be certain that if you keep an unprotected SIP peering device, you will be attacked within a few minutes.

Here’s an illustration

Assume your IVR provides the option to dial an external number. This is quite common in many phone systems.

If you do not put restrictions in place to prevent fraudsters from dialing premium numbers or expensive international numbers, the fraudster will dial your IVR and figure out how to dial these numbers. Once they find an open number, they will call it repeatedly and receive a cut from the service provider.

Another example would be if you have a SIP device connected to the public internet. This could be an SBC or a SIP device with SIP registrar functionality; fraudsters will begin probing to see if they can register a device or fork a call through the SBC.

In either case, the goal is to make a high-cost call to a premium number or an international destination. If you do not have any advanced security tools, the only way to determine if someone is abusing your system is to examine the call records.

The majority of customers never use a CDR system

Even if they have one, reviewing the records to see if there is anything suspicious takes time and effort.

When was the last time you went through your phone bill and looked up who you called? Smart fraudsters will initially add small increments to your bill so that it does not stand out. These scams can go on for years without anyone noticing.

If you have not secured your edge devices, such as SBCs, Expressways, or IVRs, the chances are that someone is profiting from your circuit.

Connect an SBC or an edge device to the public network and see how quickly SIP registration or INVITE messages from all over the world start arriving.

Some of these issues can be avoided with proper configuration.

However, fraudsters are constantly devising new methods of evasion.

Manual intervention takes too much time. To keep these fraudsters at bay, you need a tool that will dynamically prevent and regularly update its database.

A ransomware attack will almost certainly land you in the news, on top of losing money and business.

A toll fraud is similar to a leaking bucket. You continue to lose money without even realizing it.


In conclusion, toll fraud is a serious problem that can cost businesses thousands or even hundreds of thousands of dollars if left unchecked.

Fraudsters use a variety of techniques to steal money from unsuspecting victims, including exploiting vulnerabilities in SBCs, Expressways, and IVRs.

Their goal is to make premium or international calls with high rates and split the revenue with collaborating service providers.

Many customers never notice the small increments added to their bill, and this can go on for years.

Preventing toll fraud requires proper configuration and tools that can dynamically prevent and regularly update their databases.

Just like a leaking bucket, toll fraud can cost businesses money without them even realizing it, making it important to stay vigilant and protect against this type of fraud.

Other articles in this series


    Article by:

    Rajesh Haridas

    Rajesh Haridas is the founder and CEO of Consltek. He brings in 20+ years of experience working in the technology industry.

    Boost IT Growth In Healthcare

    Set up a no-obligation consulting session

    Case Studies

    Managed Security

    Enterprise grade security for mid-size businesses.

    Managed Infrastructure

    Infrastructure enabling you or holding you back?

    Managed Compliance

    Let Consltek help you with your compliance needs.