How to Recognize and Defend Against 5 Common VoIP Fraud Tactics

How to Recognize and Defend Against 5 Common VoIP Fraud Tactics

Today's Eggspert Avatar
Today's Eggspert Avatar

Disclosure: Our content is reader-supported, which means we earn commissions from links on Crazy Egg. Commissions do not affect our editorial evaluations or opinions.

As Voice over Internet Protocol (VoIP) systems continue to grow in popularity, so too do the exploits that criminals are using to defraud these networks.

This is because VoIP technology leverages the internet to make calls, and that opens many more vulnerabilities for fraudsters to penetrate compared to legacy telecom infrastructure. Without proper security protocols in place, for example, businesses can easily leave themselves exposed to scammers who rack up hundreds of thousands of dollars in toll fraud each year.

However, by learning the techniques that attackers use to infiltrate VoIP systems, IT staff and call center managers can safeguard their organizations against these threats. The first step, of course, is to recognize if and when your systems are being targeted.

Nextiva landing page for their network security and reliability information.

5 Common VoIP Fraud Tactics and How To Stop Them

If you want to protect your telecom systems, you need to put yourself in the shoes of the fraudsters looking to infiltrate your VoIP devices. Even the best VoIP providers have weaknesses that can be exploited. Here are the most common tactics being used to infiltrate VoIP systems today.

1. Port Scanning

Port scanning represents one of the foremost tactics fraudsters will leverage to infiltrate vulnerable spots within a VoIP network. It is a method of reconnaissance that checks for unguarded communication pathways in your system. Specifically, hackers will use programs to scan thousands of ports in a matter of moments, looking for openings among common channels like SIP (Session Initiation Protocol) and RTP (Real-time Transport Protocol).

If the cybercriminals in question discover an unprotected port, they can then use it to penetrate the network, reconfigure settings, and compromise security. After that, they can most likely gain access to more sensitive components.

Often, the end goal of port scanning is to compromise the call routing tools. By rerouting calls through their own fraudulent services, for example, large volumes of expensive international calls can be conducted out of sight. This means that legitimate businesses can be spending a staggering amount of money due to unauthorized charges.

When protecting your organization from port scanning, it’s important to have full visibility into which ports may be inadvertently left open on your VoIP phones, gateways, routers, switches, and other critical infrastructure. You should conduct routine port scans and ensure your firewalls are on to detect rogue traffic that may be trying to access vulnerabilities in your system.

2. Password Cracking

Beyond scanning for open technical vulnerabilities, fraudsters can also leverage brute force to overwhelm the weakest link found in most security systems—aka human-created access credentials. In this case, the login portals of IP PBX phone systems represent prime targets. While vendors have hardened equipment against traditional digital infiltration methods, weak usernames and passwords still remain extremely common.

To make matters worse, password cracking isn’t even a slow, methodical process. Hacking tools armed with giant dictionaries and computational power can run hundreds or even thousands of login attempts per minute to guess credentials.

These tools exploit the human tendency to reuse old or easy passcodes. Of course, once successfully broken, a world of options opens up to attackers seeking financial gain. From rerouting international calls and burdening them with fees to configuring backdoors for deeper network access, control of the IP PBX gives hackers countless options for committing fraud.

IT administrators must prevent password cracking by implementing strict password policies that result in extra layers of protection company-wide. IT admins can also require regular password changes among employees to bolster system security. Once these password policies are in place, IT teams should enable two-factor authentication, as it provides one of the strongest barriers against password cracking.

3. SIP Server Impersonation

Another prime target for hackers sits at the very foundation of call routing—the SIP server. By setting up counterfeit servers and leveraging SIP redirection, fraudsters can register devices through their platforms instead of the real ITSP network. If successful, this establishes a man-in-the-middle vantage point of your system.

SIP server impersonation is a devious tactic that allows attackers to bypass firewalls and corporate defenses by routing calls through hacker-controlled equipment. The fake SIP server essentially proxies everything, hiding abnormal usage patterns better than typical direct LAN attacks against PBXs.

Fortunately, several purpose-built solutions exist to counteract SIP server impersonation threats. For instance, session border controllers (SBCs) placed between VoIP equipment and external networks act like intelligent guard dogs, authenticating SIP servers belonging to your phone provider. These SBCs block foreign registration redirection attempts that do not match your legitimate ITSP’s domain credentials.

4. RTP Injection

Many hackers are also adept at reverse engineering the inner workings of a VoIP environment to the point where trying to access credentials through brute force becomes unnecessary.

An alternative method is to target media streams transported by the Real-time Transport Protocol (RTP) that’s used to carry all call voice, video, and other data. By cracking VoIP encryption, criminals can essentially flood your phone lines with completely bogus usage data instead.

The impacts of this RTP injection can escalate quickly as the PBX attempts to route more and more fake calls, overloading the capacity of the system in question.

Eventually, this kind of hack begins to resemble a distributed denial of service (DDoS) attack that can crush servers under the strain of these fake calls—and without quick intervention from an IT team, massive fees can start to accumulate whenever the fake calls connect to premium international destinations.

Fortunately, IT teams can protect against RTP injection attacks by implementing the secure RTP (SRTP) standard to encrypt their system’s usage streams. However, your IT team should also make a habit of monitoring traffic patterns to detect abnormal spikes in usage and verify caller identities on both ends via SBCs.

5. Protocol Exploits

The very protocols that enable next-generation phone solutions also open inherent risks. This is because VoIP systems rely on layers of complex signaling (think SIP), transportation (think RTP), and other supporting protocols. However, bugs and vulnerabilities regularly emerge as hackers find ways to exploit system weaknesses—usually by manipulating these open frameworks against themselves.

Much like operating systems and software, keeping VoIP infrastructure updated lies at the root of security hygiene. Naturally, bad practices like skipping patches or failing to upgrade your endpoints, servers, and gateways are things that can ultimately give hackers an opening in your system.

To avoid unwarranted security breaches, IT teams should test patches in staging environments before updating their production systems. By introducing advanced prevention capabilities like intrusion detection and prevention systems armed with signatures specific to VoIP protocols, IT teams can automatically flag and stop manipulation attempts before any permanent damage is done.

Assessing Security Readiness to Bolster Your VoIP Security

Since criminals will inevitably probe networks for weaknesses to exploit, businesses can’t afford to be caught off guard. At a minimum, your IT security team should be making regular assessments of your VoIP infrastructure by using scanning tools and shoring up any potential vulnerabilities before they become real risks.

To start, you can conduct an audit to identify every phone system entry and exit point, taking inventory of your hardware and installed software. Then, you can document how your devices are interconnected and configured to manage call flows.

Once you’ve completed an audit of your VoIP system, your team should start penetration testing. This involves testing security policies like passwords, authentication schemes, and protocol filtering against common attack tools to reveal blindspots in your system.

By using the insights from these readiness exercises, your IT team can implement multilayered controls like SBCs for verifying identities, integrity monitoring to catch anomalies, and routine patches for avoiding newly discovered vulnerabilities. Of course, your team should regularly revisit these security assessments as new threats emerge.

Keeping Your VoIP Systems Safe

By understanding the latest VoIP fraud tactics and taking proactive security measures, businesses can safely benefit from upgrading their phone systems while avoiding substantial risk and loss.


Scroll to Top