Toll fraud is a form of attack that involves the unauthorized use of an individual’s or a business’s telephony services and equipment to make long-distance, international, or premium-rate number phone calls that are charged to the owner of the targeted system. The most common toll fraud is international toll fraud whereby hackers obtain access to passwords and accounts in order to exploit them for international calls. Intermedia VoIP services use the public internet to connect the Intermedia Network to your customers PBX or Phone. This can create new opportunities for fraud that can be prevented.

How do they do it?

Cybercriminals can scan the public internet for applications that make phone calls. Once they detect these applications they then attempt to crack the authentication credentials. Once they have pirated the device or authentication credentials they have the ability to make phone calls, which the customer will be charged for.

Requirement on How to Protect the Phone System

SIP-based phones or PBX connected to Intermedia servers via our SIP trunking service must be installed in a secure trusted zone behind a Firewall and not exposed to the public internet. This means the PBX or SIP phones should never be put into a router's DMZ (which allows untrusted access).

The firewall must block all inbound internet (untrusted) traffic to the PBX or SIP phones. The firewall can be configured to allow inbound traffic from trusted devices from remote (satellite) locations. Filtering based on source or destination address is useful because it enables you to allow or deny traffic based on the computers or networks that are sending or receiving the traffic.

You do not have to block outbound traffic from your private network to the internet, but Network-Address-Translation, or "NAT" must be enabled. NAT allows the Intermedia Service to send calls to the PBX or SIP Phones. If the firewall has multiple NAT settings, you must select the NAT setting that "Address Restricted" and not "Endpoint Independent". If you do want to limit outbound internet traffic on the firewall, then you need to open SIP related ports on the firewall to allow Intermedia's Service to function properly.

Review the following articles for more details:

Obligations: T&Cs

Intermedia Terms and Conditions state the following: Customer understands that the use of the Services requires a network firewall at the Customer premises. Customers must deploy firewalls designed to enhance security for SIP-based VoIP applications and services. Any fraudulent use of Customer's Services due to a lack of acceptable firewall security is solely the responsibility of Customer, and Intermedia will not credit the customer for these charges.

Customer hereby indemnifies Intermedia against any responsibility for damages, consequential or otherwise that arise from an unprotected network. The customer also acknowledges that Intermedia may block without notice traffic reported by its carriers as potentially fraudulent.

International Calling Must Be Requested

To further protect your business, when you order services you have the option to enable or disable international and high-cost areas (see the North American High-Cost Areas table below). If you opt to disable international calling, this feature can be enabled at a later time.

North American High-Cost Areas

NPA Country NPA Country
684 American Samoa 671 Guam
264 Anguilla 876 Jamaica
268 Antigua and Barbuda 664 Montserrat
242 Bahamas 787 Puerto Rico
246 Bahamas 939 Puerto Rico
441 Barbados 670 Saipan
284 British Virgin Island 721 Saint Maarten
345 Cayman Islands 869 St. Kitts/Nevis
767 Dominica 758 St. Lucia
809 Dominican Republic 784 St. Vincent
829 Dominican Republic 868 Trinidad & Tobago
849 Dominican Republic 649 Turks & Caicos Island
473 Grenada 340 US Virgin Islands

Fraud Monitoring

The Intermedia NOC monitors call patterns to international (and high-cost) locations on an hourly basis. If any customer exceeds the call thresholds for any international areas, Intermedia will disable international calling, and send an email notification to the customer informing them that international calling has been disabled based on possible fraudulent activity. To protect the customer, we will not enable International calling until the account holder has given Intermedia authorization. In addition, Intermedia scans the network of connected devices to determine if any of our SIP endpoints are open to the public internet. If an endpoint (phone, phone system or gateway) is determined to be open to the public Internet, a notification will be sent to the customer and CIP informing them they are not in compliance with Intermedia T&C's and are required to secure the SIP endpoints behind a firewall.