Toll Fraud: How to protect your business

WTC News

WTC is warning its business customers to be on the lookout for unusual activity on their business phone lines, as the occurrence of illegal toll fraud is on the rise.

Toll fraud occurs when hackers are able to access your phone system, and invisibly use your phone lines to make long distance calls, usually to international destinations. Often, the first time the illegal activity is noticed is when you receive a whopping long distance bill at the end of the month.

Business phone systems such as a PBX or Key System are the most common target for toll fraud hackers, and they are frequently used to route calls internationally. As a result, to protect our business customers, WTC has disabled outgoing international calling on most of our customers' business lines. While our records indicate that only a small fraction of our business customers make outbound international calls, all business customers are vulnerable to toll fraud. This action affects only outgoing international calls: Incoming calls from around the world will continue to be routed through to your business.

If your company requires the ability to make calls outside of North America, please contact WTC's Business Support Solutions team at or call 613-507-9222 and we will remove the blocking of outbound international calls immediately at no charge.

How can you protect your business against toll fraud?

A few simple steps can significantly reduce your risk of becoming a target for phone hackers:

  • Change default passwords on all voicemail accounts immediately and regularly. Passwords should be at least six characters in length, and difficult to guess. Do not use the phone number or any other easy-to-guess password. Change passwords every 3 months.  Disable any Remote Access features of your phone system such as a DISA (Direct Inward System Access) unless you explicitly need this feature, in which case it should be secured with a complex password rotated at regular intervals.
  • Do not share your password with anyone else. Insist that your employees keep their phone passwords private.
  • Determine what level of long distance calling your company requires. If your employees do not need to call long distance, have access disabled.
  • If your company has an inbound 800 number, consider blocking unnecessary access to it. For example, if your 800 number accepts calls from anywhere in the world—but you only do business in North America—consider having international access blocked.
  • Check your phone bill diligently, and ensure that all long distance calls were made by someone in your company.

You can further enhance the security of your phone system by subscribing to our Mandatory Account Codes service.  This service requires users to enter a PIN code before completing a certain call type, such as Long Distance or International. Please contact your Business Support specialist for more information, or to subscribe to this service.

It is important for businesses to understand that you are responsible for any charges on your bill resulting from toll fraud even if you have done everything possible to secure your phone system. Since we do not own, maintain or otherwise support the customer-owned hardware and equipment used to gain unlawful access, WTC cannot be held liable for charges resulting from toll fraud. This is outlined in our Terms of Service (section 2.f)

If you have any other questions about protecting your business from toll fraud, please contact WTC's Business Support Solutions team at or call 613-507-9222.