The world witnessed more than 445 million cyber-attacks in Q1, 2020 alone. Digital activities increased due to the COVID-19 pandemic, so did cyber fraud operations. And like other internet-connected devices, even VoIP business phones remain easy targets for hackers. Thus, appropriate security measures need to be in place to avoid VoIP fraud.
Ensure adherence to primary security practices
Change the default password for softphone/hard phone after installation or repairs. Users should update login passcodes as per the company’s password related policies. In the case of voicemail, it is advisable to delete them after listening once.
One should never ignore anomalies like new location login alerts, missing voicemail messages, or unusual numbers in the outgoing call registry.
Network Address Translation (NAT) should remain enabled at all times
NAT feature in the router assigns a private IP address to computers, VoIP phones, and other devices on the network. The phone system becomes safe as only the firm’s LAN can read the IP address assigned to devices. It works as a barrier between phone data and open internet traffic. Hackers find it challenging to target devices with masked IP from a remote location. Thus, the system faces lesser chances of manipulation. Hackers often target VoIP phones with ghost calls to detect device type. They even use automated programs for detecting endpoints that work without NAT. So, Network Address Translation plays a crucial role in VoIP fraud detection.
Disabling the phone web interface can be a good idea
VoIP phone’s web interface allows administrators to adjust call settings, codecs, SIP settings, and integrate VoIP accounts with phones. Put simply; the portal saves a copy of all the usernames and passwords for users. Thus, it often remains the prime target for hackers. They can gain control over the same and use phones for fraudulent activities.
Remember, hackers can easily access the phone’s web interface once they manage to enter the LAN via open internet. They can use key cracking software and even crack the web interface password. Thus, never keep the default or simple password for the web interface.
Disabling or turning off the phone web interface is the best solution for the problem. You can enable it whenever you wish to change system settings.
Ensure your hosted VoIP service provider has security protocols in place
Cybersecurity experts advise clients to evaluate their hosted VoIP service provider’s VLAN configuration, security features in signaling methods, user authentication, and encryption. Most importantly, it is crucial to ensure the system complies with HIPAA, SOX, PCI, or other compliance-related regulations applicable in the country.
Configuring dial plans and user-profiles
A VoIP system can be programmed to enable voice network access to devices based on username and password verification or digital device certificate. System administrators can restrict call types based on time, user, device, and network type used for connecting to the server.
Protecting voice systems with physical and logical measures
Administrators can use IPS (Intrusion Prevention System) for filtering authorized and unauthorized VoIP traffic and detect unusual voice activities.
Always make sure there’s a two-factor authentication in place, even for admin members who need access to configuration files, signaling data, and other user credentials.
Firms that allow employees to access their softphone via mobile devices should ask the workforce to install OS updates. They should also avoid downloading unnecessary software.
Encrypting sensitive voice traffic
Encrypting voice traffic is critical. However, too much encryption can cause operational complexity and excessive network latency. So, applying encryption based on user, device, or segment can prove better.
Firms handling confidential financial sector data also use VoIP service providers’ switch fabric to encrypt the internet gateway signaling with SIP over TLS.
In the absence of SRTP or HTTPS, remote phone users should utilize VPNs for networking connections.
Use software programs for FAS detection
One of the most common VoIP frauds is FAS-False Answer Supervision. Some notorious service providers fraudulently add incorrect charges for calls. VoIP wholesalers earn a significant amount of revenue with additionally billed seconds.
Remember, saving is equal to earning in this era of coronavirus pandemic. Tracing and combating FAS is a complicated task. Thankfully, there are software programs with built-in call fraud detection measures. They work with an Active Testing test call generator to eliminate FAS.