28th April 2026

VoIP fraud costs UK businesses millions of pounds every year. Unlike many cyber threats, it can result in direct, immediate financial loss — attackers make thousands of premium-rate calls on your account over a weekend, and by Monday you’re facing a bill for tens of thousands of pounds.

How VoIP Systems Get Attacked

Toll Fraud

The most common and costly attack. Criminals scan the internet for exposed SIP ports (typically 5060), find poorly secured systems, and use them to call premium-rate numbers they control. The calls are billed to your account — often over weekends when nobody is monitoring.

Vishing

Attackers spoof your business number to call your customers, impersonating your staff to request payments or account details. The reputational damage can be severe.

Eavesdropping

On systems not using encryption, call audio can be intercepted by anyone with access to the network path — particularly a risk on public WiFi or poorly segmented networks.

How to Secure Your VoIP System

  • Never expose SIP ports directly to the internet — use a properly configured firewall, whitelist your SIP provider’s IPs only
  • Use strong, unique credentials — default SIP extension passwords are the primary toll fraud attack vector
  • Enable TLS and SRTP encryption — encrypts both call signalling and audio, preventing eavesdropping
  • Disable SIP ALG on your router — it frequently causes security and call quality issues
  • Set call limits and geo-blocking — block routes to destinations you never call; set maximum concurrent call limits
  • Monitor call records in real time — alert on unusual patterns, off-hours calls, or unexpected destinations
  • Keep your PBX software updated — VoIP vulnerabilities are regularly discovered and patched

Signs You May Have Been Compromised

  • Unexpectedly high telecoms bills
  • Calls in your logs to numbers you don’t recognise
  • Customer complaints about calls from your number that your staff didn’t make

At Just Business Phones, security is part of every phone system we deploy — firewalls, strong credentials, encryption, and monitoring configured from day one.

Ready to upgrade your business phone system? Get in touch with Just Business Phones today for a free consultation — we’ll help you find the right solution at the right price.

'