Simply put, toll fraud is the fraudulent, illegal use of a company telecommunications system by a third party from a remote or internal location, otherwise defined as the unauthorized use of long distance or other telephony services. There are several steps a business owner can take to help protect his or her account from unauthorized charges. There is nothing new about toll fraud, it has been around for decades.

History
In the 1950's and 60's toll fraud consisted mainly of fraudsters bypassing the telephone company's billing system, the costs then became the telephone company's responsibility.
In the 1970's, 80's and 90's, remote access, voice mail and automated attendants, lured a new breed of high-tech villain whose chief target became access to customers' on premises telecommunications equipment. Mainly because the telephone companies were learning and introducing security measures to prevent fraud, leaving enterprise, private business and some unlucky householders the target of fraud.

Effects
At best the cost is measured in excessive phone charges but this alone does not adequately illustrate the damage toll fraud can inflict on a business. Toll fraud robs a business of productivity and profits, in many cases in ways that may be hard to detect.
Employee productivity may suffer as workers experience difficulty and frustration trying to obtain outside lines which have been taken over by unauthorized callers. And in today's business world, where seconds count, the inability to make a call when necessary can mean a lost customer.
At the same time, toll fraud can result in lost orders, as prospective customers encounter busy signals when dialling in to order your company's products or services. 

Prevention
Here is a run down of some of the common recognised methods of preventing toll fraud. Any serious business or individual should implement all the steps below as far as practically possible.

Physical Security
Ensure you have strong security around your switch room and wiring closets. Change the locks on occasion and ensure they are used. Don't store the associated documentation which may reveal trunk access codes or password information with the equipment, instead entrust it to a designated IT Infrastructure owner. Replace vendor / manufacturer- supplied "default" passwords with passwords of your own creation and change administrative passwords often. In most cases a user with little knowledge can follow manufacturers instructions and perform password recovery without physical access this can be virtually impossible.
Secure your Private Automated Branch Exchange (PABX) remote maintenance port. That allows a technician to perform a repair from a remote location. But it also lets clever crooks take control of your telephone system. For additional security, consider installing an optional Remote Port Security Device (RPSD).
When installing or upgrading a PABX, ask your technician to configure your system to afford you maximum protection. Example: set it to allow only pre-programmed international telephone numbers to be called. It also makes sense to make sure your equipment vendor has a program to change its maintenance access passwords and make sure these passwords are changed regularly.

Account Codes
An account code is a feature designed to provide you with added security, control and means to track telephone usage. The codes allow you to assign a numerical code to any business, department or individual. This code must be entered each time a telephone call is placed which may help reduce your risk for unauthorized use of your long distance service. Account codes cannot provide complete toll fraud protection because an unauthorized user may try numbers sequentially until he/she finds a code that works. However, account codes are highly recommended to help prevent toll fraud. Account codes can additionally benefit a business by allowing departmental billing, this simple measure is used in many legal firms today.
It is recommended that like any password or code that you change this frequently. At least once per quarter and especially after a change of employee.

Voicemail Passwords
Make sure that every subscriber on your voicemail system has a password. It's important that passwords are not obvious, such as "1234" or "0000" because these passwords may be guessed easily and used without authorization. When an employee leaves the company, be sure to change the former employee's voicemail password immediately. In addition, the System Administrator password on your system should be changed every six months. By changing the password on your voicemail system regularly, you make it more difficult for unauthorized users to obtain your password. 

Delete Unused Voice Mailboxes
Many cases of voicemail toll fraud occur when an unauthorized user obtains access to an unused mailbox. To help prevent this type of toll fraud, please delete all unused mailboxes on your voicemail system.

Monitor and Review Your Telephone System and Billing
Thoroughly review your telephone bill regularly. In some cases, toll fraud can go on for months before someone looks at the detail of the phone bill and notices there are unauthorized charges. Use call accounting software with fraud detection capabilities to establish normal calling patterns and identify abnormal ones create reports, sound alarms, page employees in case of emergency, etc.

Record and log your outgoing calls
This concept is really taking hold and we can provide services through our partners which will enable you to record all your outbound calls, and access them automatically, whilst the predominent use is to ensure a high quality customer service, it can also quickly identify who is making fraudulent calls.

Warning Signs : What to look out for...
repeated calls of short duration.
changes in after-hours calling patterns
Sudden increases in certain prefix number usage
Unexplained increases in incoming or outgoing calls.

Toll Restriction and Trunk-to-Trunk Transfer Restriction
It is highly recommended to use Toll Restricted telephones in areas where long distance calling is not required, such as a lobby or dining room. Ensure that only phones that require the trunk-to-trunk transfer capability have it available. By only having this capability on required phones, it may help prevent an employee from transferring a friend to a long distance number at the company's expense. 
A common trick by fraudsters is to assign an extension transfer to trunk at an international code, by default many PABX exchanges will not allow a short transfer to a number such as 0, but what about 00441 or 01441, if this is not blocked in the dialling plan. 
Then potentially someone can dial locally to the extension and then enter the remaining digits, in this example the fraudster is getting free calls to the bulk of the United Kingdom.
Restrict remote access user features, especially at night. Restrict outbound calling from tie trunks connecting your system to others. Always use pass codes and change them often.

Education
Educate your family, friends or employees to NEVER give their calling card numbers, or PIN numbers, to anyone who calls them. If someone calls to verify a card or PIN number, it is more than likely a scam since legitimate companies would not use this approach.
Beware of any unusual requests. It was reported that a customer was recently asked to leave the phone off hook for 15 minutes for "testing". Because the customer had 3-way conference calling, the criminal was able to use the line to make long distance calls which were charged to the victim. The phone company would never ask you to do this!
Don't accept collect calls from people you don't know. When you accept, you have agreed to pay the charges. Block third-number billing to your phone number. Third number billing allows you to bill calls you make from other phones to your phone number. This can be a useful feature, but third-number billing is also a potential source of phone fraud. If you have a calling card, it's a good idea to block all third-number calls. Watch out for individuals claiming to be law enforcement or telephone companies who ask you to accept collect calls or third-party calls as part of an investigation or telephone repair/analysis project. Legitimate law enforcement and telephone officials will never ask you to accept collect calls or third-number charges. If anyone asks for sensitive information as part of an "investigation," be very wary. If you doubt the caller's identification, insist on a call-back number.

What to do next?
If you believe you have been a victim of telephone fraud, be aware that most fraud occurs internally from employees. Your first step should be to issue an official notice that you are taking steps to stop and prevent toll fraud through your PABX. Make sure that all employees see it. If you see an unexplainable drop in long distance usage in the next month or two, you probably have had an internal hacker stealing it. Alternatively if you wish to take disciplinary or legal actions then you should contact your long distance or local telephone company and ask to speak to the fraud control department. A general contact number should normally be displayed on your telephone bill.

Finally the latest twist - rogue Internet Diallers...
Internet dialer fraud occurs when someone downloads a "Dialer" software program, without your knowledge, from and Internet site to your computer. Such a dialer is designed to disconnect your current Internet connection and dial out to a different, pre-programmed number. Often the numbers dialled from your computer are expensive long distance, international, premium rate or 900 numbers.

How can I prevent dialer fraud?
Remove your telephone line from your modem when you are not actively using your computer. Shut off your computer when it is not in use.
Increase the security settings on your operating system software and install a firewall.
Be cautious when surfing the Internet or closing pop up boxes especially if it indicates "no credit card is needed" or a product or services is "free".
Install and run up-to-date Anti-Virus software and spy-ware removal tools.
Consider using a hardware call blocker as a final line of defence, these units effectively intercept and block unauthorised calls, they can be customised to order or generically programmed with known number ranges and prefixes. We sell such devices on this site, so check out our home page and product pages for more information. Security is paramount, these devices can also route via DDI if you use a recording service.

It is important to note:-

Whilst some recovery actions can be made against producers of software dialers which are unknowingly installed, the process for recovery of the expenses can be very long winded and arduous, in some countries there is local legislation to assist victims but this has only caused a knee jerk reaction by the unscrupulous companies to shift from premium rate numbers to lower cost non-geographic numbers for which there is no recovery options. 

Finally. - Audit your call records, it cannot be stressed enough that checking your call records will help go a long way to detect and prevent fraudulent usage, indeed simply asking your staff to verify their own caller records will reduce the number of personal calls - (fraudulent calls need not be from outside hacks).