Telecommunications fraud continues to evolve, and for businesses managing voice services, the financial impact can be significant. One of the most common and costly forms is Toll fraud, where attackers exploit compromised systems to place unauthorised calls, often to expensive international destinations.
For businesses relying on SIP trunks, PBXs, softphones or cloud telephony platforms, understanding how Toll fraud works and how to reduce your exposure is an important part of maintaining a secure communications environment.
With the launch of the new Enfonica Console, businesses now have access to built-in Toll Fraud Prevention tools designed to help detect suspicious activity faster and reduce the risk of unexpected costs.
What is Toll fraud?
Toll fraud occurs when an attacker gains access to your telecommunications environment and uses it to place unauthorised outbound calls. In many cases, these calls are directed to high-cost international destinations connected to International Revenue Share Fraud (IRSF) schemes.
Attackers commonly target:
- Compromised SIP credentials
- Poorly secured PBXs
- Vulnerable desk phones or softphones
- Misconfigured outbound dial plans
- Re-used or weak passwords
Once access is obtained, attackers often automate large volumes of outbound calls in a very short period of time… sometimes before businesses realise anything is wrong.
The result can be thousands of dollars in unexpected charges, service disruption, and operational headaches.
Why Toll fraud is still a major risk?
As telephony services become increasingly internet-connected, attackers continue to look for exposed devices and poorly secured systems. Businesses that manage multiple locations, remote users, or third-party integrations can be particularly vulnerable if security controls are inconsistent.
Toll fraud is also becoming more sophisticated. Rather than only targeting obviously high-risk destinations, attackers may attempt smaller bursts of traffic to countries that appear more legitimate, making unusual activity harder to identify manually.
That’s why proactive monitoring and automated fraud prevention tools are becoming essential for modern communications environments.
How Enfonica’s Toll fraud prevention works
The new Enfonica Console includes built-in safeguards to help protect projects against IRSF and other suspicious outbound calling activity. Protection is enabled by default and does not require additional setup or opt-in.
With a refreshed interface, powerful new tools and deeper visibility into your services, the new Console is designed to give businesses even more control over their communications.
Risk-based country blocking
Every country is assigned a risk tier based on fraud exposure:
- Trusted
- Standard
- Elevated
- High Risk
- Blocked
By default, projects can place calls to Trusted, Standard and Elevated destinations, while High Risk and Blocked destinations are automatically restricted. Any destination that has not been explicitly classified is treated as High Risk.
Businesses can also customise these settings per project depending on their operational requirements.
Anomaly detection
In addition to static country blocking, Enfonica continuously monitors outbound traffic patterns for unusual activity.
If the system detects a sudden spike in outbound calls to monitored destinations (behaviour commonly associated with compromised SIP credentials or devices) it automatically escalates protection measures.
When an escalation occurs:
- Calls to the affected risk tier and higher tiers are blocked
- Lower-risk traffic continues operating normally
- Whitelisted numbers remain accessible
- A support ticket is automatically opened for visibility and investigation
This layered approach helps stop both obvious fraud attempts and more subtle attacks targeting normally permitted destinations.
Practical steps to reduce Toll fraud risk
While automated protection tools are important, securing your own environment remains critical. No fraud prevention system can eliminate every risk entirely.
Businesses should also:
Use strong SIP credentials
Avoid weak or re-used passwords for SIP registrations, PBXs and user devices. Rotate credentials regularly and immediately replace any credentials that may have been exposed.
Restrict access by IP address
Where possible, limit SIP trunk access to known IP ranges rather than allowing registrations from any location.
Keep devices updated
Regularly patch and update PBXs, desk phones, softphones and network infrastructure to reduce exposure to known vulnerabilities.
Monitor call activity
Review outbound call patterns regularly, especially international traffic or unusual spikes outside business hours.
Enable two-factor authentication
Enfonica requires Project Owners to have two-factor authentication enabled before modifying Toll Fraud Prevention settings or resetting escalations. This helps reduce the risk of unauthorised changes during a security incident.
Greater visibility and control in the new Enfonica Console
The new Enfonica Console gives businesses more visibility into their outbound traffic and fraud prevention settings than ever before.
You can now:
- Block calls to high-risk international destinations
- Detect anomalous traffic patterns faster
- Reduce exposure to unexpected fraud-related costs
- Configure country-specific overrides
- Whitelist trusted international numbers
- Review recently blocked calls during escalations
These tools help businesses maintain secure communications while keeping costs predictable.
Takeaway
Toll fraud remains a persistent risk for businesses using voice services, particularly as attackers continue to target internet-connected telephony environments.
A combination of strong operational security, proactive monitoring and automated fraud prevention tools is the best defence against unexpected fraud-related costs.
With built-in Toll Fraud Prevention now available in the new Enfonica Console, businesses can gain greater visibility into outbound traffic, respond faster to suspicious activity, and better protect their communications infrastructure.
