Fraud in the VoIP World: How to Protect Yourself
Learn about the main types of fraud in VoIP telephony and the 10 most important measures to protect your operator and company.
Fraud in the VoIP World: How to Protect Yourself
The internet world is loaded with fraud threats. In the VoIP world, this is no different. In this article, we will specifically explore the problems of telephony fraud, responsible for massive losses that can lead to the bankruptcy of VoIP operators.
How fraud works
A malicious agent acquires abroad a Premium Rate Number (PRN) — an international number that pays callers 50% of the revenue. The hacker, upon breaking the security of a system and gaining access to a VoIP number, generates numerous calls to this PRN, receiving between 10 to 20 euro cents per call.
Using in most cases an attack called SIP Bruteforce, the hacker obtains the access password to the extension. The fraud can easily reach 30 to 40 thousand reais per day in international tariffs. If it persists for 30 days, it can range from R$900,000 to R$1,200,000.
How to prevent: Operators
- Use strong passwords of at least 8 digits with special characters
- Use prepaid accounts with credit limits instead of postpaid
- Do not enable all international destinations — enable only what is necessary
- Block IPs from blacklists and those that fail authentication more than 5 times (fail2ban)
- Monitor, Monitor, and Monitor — check the CDR daily
How to prevent: Companies
- Use a Session Border Controller to protect the PBX
- Use strong passwords of at least 8 digits with special characters
- Enable only necessary international destinations with double authentication
- Do not expose the IP PBX to the internet — use VPNs
- Block IPs from blacklists (fail2ban)
- Monitor the CDR daily to check for strange calls
The false security of firewalls
Just because the IP PBX is behind a firewall does not mean it is secure. In both cases of defrauded clients, the firewall underwent a configuration change that exposed the IP PBX. Hackers try every day — in a single day it is possible to see dozens of scan attempts.
Conclusion
Fraud is not new and will continue to occur. Take care of the security of your IP PBX or softswitch. There is no way to block all hackers — what we are obligated to do is reduce the chances and limit the losses.
Related Articles
Verified Origin: How STIR/SHAKEN Fights Phone Fraud in Brazil
Resolution 777/2025 established the Verified Origin program in Brazil, using STIR/SHAKEN to combat phone fraud and spoofing.
Redundancy and High Availability in Voice Platforms
Understand redundancy and high availability strategies for voice platforms and how SipPulse SoftSwitch and SBC implement carrier-grade architectures with transparent failover.
How to Choose an SBC for Your Voice Operation
Understand the role of a Session Border Controller in your voice network and learn how to choose the right SBC based on capacity, protocol support and deployment model.