4433 52 Ave, Bonnyville
(780) 826-4599

Toll Fraud Prevention

Guidelines on how to avoid toll fraud from happening to your company.

How to prevent toll fraud.

What is toll fraud?

Toll fraud is the theft or unauthorized use of long distance phone service. Toll fraud takes many forms but is especially prevalent to phone systems that have not been secured, or where lax security measures are in place. Toll fraud is a problem worldwide, and fraudsters can easily rack up tens of thousands of dollars in long distance charges before the phone’s administrator is even aware of a problem.

How does it occur?

Fraudsters generally infiltrate your telephone system, whether it be analogue, digital or IP based, Leo Hamel’s by using by using software designed to determine usernames and passwords, and crack pass codes. This is typically done outside of normal office hours.  Once the system is accessed, hackers use it to route unauthorized calls to any location in the world.  It is imperative that telephone system operators change all default passwords, implement complex pass codes and passwords that are not easy to guess, and maintain a good password management policy.

Your responsibilities

Costs associated with calls placed on your phone lines are your responsibility, regardless of whether you authorized those calls or not. For this reason, it is imperative that you take steps to protect your company against toll fraud.

How can you protect your voice system?

It is important to take steps against toll fraud. If you do not, it is only a matter of time before your company is victimized. This document will outline some general guidelines to protect your company against toll fraud, but we strongly encourage you to take any measures possible above and beyond what is listed here.

Toll Restriction

International locations are the major destination for toll fraud calls. It is recommended that your company blocks all international numbers and only enable calls to those places that you need to call. Some systems allow for passwords to be required for long distance calls. If this is a possibility, we recommend you change the passwords regularly, and especially when an employee has left the company.

Unused Mailboxes & Phones

Proactively disable mailboxes and remove all access to outgoing employees immediately. This is not only to protect against retaliation from disgruntled former employees, but also against anyone who may obtain that person’s security information.


Monitor calling patterns and usage on a regular, scheduled basis. High costs can be generated in a very short period of time and will continue until action is taken to stop it.

Invalid Access Attempts

Identify invalid access attempts to your DISA and route them to an operator. Implement DISA ports that drop the line when an invalid code is entered and program your PBX to generate an alarm when an unusual number of invalid attempts are made, and to disable the port after a set number of invalid attempts.

General Security

Follow best practices for all security, including monitoring resources for vulnerability, maintaining patches and reviewing logs. Consider utilizing standards-based security add-ons where possible.

After-Hours Calls

Restrict all outbound after-hours calling.

External Transfer

Restrict call forwarding and call transfer features, especially to external numbers. Program your phone system so that extensions can forward only to known numbers, and restrict all others. Never forward a caller to 901 or 90#.

Block Collect Calls

Block the system from accepting revers charges on telephone calls – opt for a toll-free number instead.


Restricting access to your SIP port(s) on your PBX at an IP address or subnet level is an effective way of reducing your exposure to indiscriminate port scanning bot networks.

Limit Access

Limit system access to authorized personnel only, even during company business hours.


Immediately change the default passwords provided with your phone systems, and include password changes as part of your regular maintenance, and when personnel leave your company. Require complex passwords.

DISA Numbers

Never publish any phone numbers that could provide direct access to your system (DISA).Change your DISA numbers periodically, and issue a different DISA authorization code for all users. Warn users to never write down their authorization codes.


Eliminate three-way calling on all extensions that use modems. Physically disconnect modems that are not in use.

Software Patches

Make sure your phone and voicemail systems are up-to-date and that all current patches have been installed.

If you have any questions, please contact Customer Service at 780.826.4599. We’d be happy to help.

HereWith Answers

Have a question about any of our GPS Services?
Just let us know – We have over 25 years experience to help you out!

Talk to a real person at


Your Name*

Your Phone*

Your Email*

Your Website

Your Company

Number of Employees

Fleet Size

Time Frame

Vehicle Information

Additional Information

Why are you considering GPS Tracking?