What is VoIP Fraud?

Posted by Cherie L. Steffen on January 22, 2015 at 1:41 PM
Cherie L. Steffen
Find me on:

Take a moment to listen to the news on any given day and you’ll hear about check fraud, credit card fraud, voter fraud, etc. So at this point, you probably have a good idea of what fraud is. But what is VoIP fraud? Have you heard of it before? Do you know what it is and how it could potentially affect your business? Here we’ll explain what is VoIP fraud, how big of a problem it is, and break down the anatomy of an attack.


VoIP fraud can be defined as the unauthorized use of paid communication services charged to someone who isn't expecting it, whether that be the service provider or the customer. Simply put, this can cost your business, which is most times your entire livelihood, a fortune from which it may be difficult to recover. You or your customer will pay the price; the hacker will get the profits.What is VoIP Fraud?

Let’s take a look at just how big the problem is. Numbers don’t lie so it’s time to bring some scary stats to your attention. In June 2009, the breakup of a $55 million dollar toll fraud ring that was operating internationally and targeting enterprise PBXs was announced {Network World}. December 2010 brought the announcement of another sting—11 million Euros on fraud which were calling premium telephone numbers in Somalia and Sierra Leone {SipVicious Blog}. And projected for 2015, toll fraud and dial through fraud is expected to reach $46 billion {Simwood}. You certainly don’t want any part of that coming out of your profits this year, do you?

So how does the fraud happen? What does a simple attack look like? We’ll break it down for you in three steps inside the motions of a fraudster.

Step 1: The fraudster looks for a vulnerable VoIP device, which is also known as an endpoint (IP phone or switch) to use to send calls. Typically, this is done by scanning the Internet for vulnerable endpoints, which are easiest to access by using the default username and password. And why does that happen? Because many times users don’t change the default user name and password information when they purchase the device. Note to self: Always change the user name and password information when you purchase the device.

Step 2: Now the floodgates are open! The fraudster has breached your device and can begin sending expensive calls through the exposed endpoint.  Notice, we said “calls.” It is not solely one call at a time, it could be hundreds of expensive-per-minute international calls running for hours or even days.

Step 3: The fraudster sells the expensive free route at a much lower rate than the industry average. Your hacked VoIP device incurs all the costs for those calls and the fraudster gets all the profits. The easiest way to break it down in everyday scenarios is this: Let’s say you hack into your neighbor’s cable TV service and sell it to renters living in your house. This would be an absolute profit for you. But what if your neighbor finds out what you’ve been doing and he cuts the line? You as the cable-stealing-thief simply tap into another neighbor’s cable service and use that until it’s cut. It is similar with the fraud of the VoIP services. The only difference is the real VoIP fraudsters steal from another country so it is very difficult to find or apprehend them.

Now that you know what VoIP fraud is, be sure to keep checking back with us! Next we will continue this discussion with 5 Common Ways of Being Attacked—that’s something you definitely won’t want to miss.

Subscribe to Our Blog!

Tags: VoIP

New Call-to-action

Subscribe to Email Updates

Recent Posts