The intent of toll fraud is to gain unauthorized access to your phone system and make long distance calls from your account. RingCentral is working hard to mitigate this risk on behalf our customers. This article is tailored for users of the MiCloud and Sky phone systems. Also see the Avoiding Fake Emails article.
Table of Contents
What is Toll Fraud?
What Can You Do to Prevent Fraud
What RingCentral is Doing to Prevent Fraud
What is Toll Fraud?
Toll fraud, also known as phone fraud, is when an attacker gains unauthorized access to your phone system and make long distance calls using your account. According to the Communication Fraud Control Association several years ago, worldwide phone fraud caused by compromising phone systems cost consumers approximately 46 billion dollars.
Because MiCloud/Sky customers control access to their phone system and perform configurations to manage it, there are a number of things customers must do to prevent fraud. RingCentral has taken a number of measures to protect customers from this risk, but it is ultimately the customer's responsibility to ensure the security of their account.
According to MiCloud/Sky terms of service, customers are responsible for all fraudulent calls made on the account. Charges for fraudulent activity may be substantial and RingCentral has no choice but to hold customers responsible for charges on their accounts.
What Can You Do to Prevent Fraud?
There are multiple ways customers can protect themselves from toll fraud:
See each of the sections below for more information on how to prevent or identify toll fraud.
Control Account Access
The first step to preventing fraud is controlling access to a customer's account. Every customer designates at least one Decision Maker for their account. The Decision Maker is responsible for maintaining a current list of Authorized Contacts for the account. RingCentral recommends auditing Authorized Contacts every ninety (90) days to ensure that only current authorized personnel are able to make changes to the phone system. To learn more about Authorized Contacts:
Restrict Outbound Calls
MiCloud/Sky phone systems can be configured to restrict international and directory assistance calls, or require callers to enter a code before placing outbound calls. RingCentral strongly recommends using one of these additional precautions to prevent toll fraud. To learn more about restricting calls:
Use Strong Passwords
RingCentral requires that you utilize strong passwords to make it much more difficult for hackers to compromise your account. If you have enabled international calling, here are some tactics to ensure that the password policy is as strong as possible:
- Update phone/voicemail passwords every ninety (90) days
- Do not use the same password for all profiles
- Use longer passwords
- Vary the length of the passwords between phones
Make sure to never publish your organization's remote voicemail access phone number or default voicemail password, and proactively reset the voice mailbox passwords of former employees and contractors. To learn more about passwords:
Setup Firewall Protection
Never operate your phone on a public or untrusted network. If you are operating on a 3rd party (non-MiCloud/Sky ) network, make sure your phones are secured behind a firewall. If you are a Sky customer who needs instructions for configuring your firewall, see the Remote Phone article.
If you are not sure if your phone is protected, contact your Account Manager or create a Support Case to communicate your request to our Support team. If your organization utilizes a RingCentral provided network connection, you are already protected.
Subscribe to Call Log Reports
Create Report Subscriptions to schedule one or more "Call Log" reports to monitor outbound usage. The online Portal, which is accessed at https://portal.shoretelsky.com/, enables Authorized Contacts (Decision Makers and Phone Managers) and Team Managers to subscribe to the "Call Log" report on an hourly, daily, weekly, or monthly basis. To learn more about subscribing to reports:
NOTE: The "Call Log" report, only when accessed via a report subscription, includes a "Charge" column that is useful in identifying fraudulent calls that incur charges. Charges are normally incurred only for calls that are not included with the associated phone profile type, such as international calls and 900 numbers.
Monitor Usage Reports
Regularly review a variety of usage reports to monitor outbound usage. The online Portal, which is accessed at https://portal.shoretelsky.com/, enables Authorized Contacts (Decision Makers and Phone Managers) to access the usage reports listed below for their phone system:
NOTE: The Usage Log report, only when exported to a .csv file, includes a "Charge" column that is useful in identifying fraudulent calls that incur charges. Charges are normally incurred only for calls that are not included with the associated phone profile type, such as international calls and 900 numbers.
Review Monthly Invoices
Review each monthly invoice to ensure that you have closed or deleted unnecessary profiles that may be associated with terminated employees. To learn more about monthly invoices, see the Account Invoices, Payments, and Billing Policies article.
What RingCentral is Doing to Prevent Fraud?
One way to prevent fraud is to use of a strong phone/voicemail PIN. As such, RingCentral requires phone PINs that meet the following criteria:
- Contain at least five non-repeating digits
- Must not match the last five digits of your phone number
- Must not be sequenced numbers such as "54321" or "22222"
Additionally:
- MiCloud/Sky phone systems are programmed to terminate access after the third invalid attempt to log into a voicemail account
- MiCloud/Sky monitors for toll fraud 24x7x365
- MiCloud/Sky carrier partners also monitor for toll fraud 24x7x365
