VoIP Hacking: How to Protect Your Phones from Cybercrime


January 22, 2022

Your Voice over Internet Phone is Just as Vulnerable to Hackers as any other Internet-Enabled Device. Here’s How to Stop VOIP Hacking in its Tracks.

More and more companies are getting rid of their landlines in favor of convenient and portable Voice over Internet Protocol (VoIP) phone systems. While these systems come with tremendous advantages in video, audio and messaging capabilities, they also come at a cost: being vulnerable to hackers. If you’ve got a VoIP system, you need the right protections. Do you know how to prevent VoIP hacking at your company?

What is VoIP Hacking?

VoIP hacking, as you might have guessed, is whenever a cyber criminal targets your VoIP system, using its internet connectivity to infiltrate your phone systems. From there, they can often hitch a ride into your network overall. And they can use it to listen in on calls, make charges on your accounts, impersonate executive text messages, and steal valuable business information about you, and your customers.

With VoIP Hacking, the opportunities for fraud are endless.

VoIP Hacking Tactics: How They Work

While this type of hacking is really only limited to the ingenuity of the hacker, there are several types of VoIP hacking that are common. And they have common pitfalls, too.

1. Toll Fraud

One of the most basic and obvious VoIP hacking tactics, toll fraud occurs when hackers send phishing emails to get administration passwords and access to your phone system. Then they make as many international calls as they please, and charge the bill to your company.

2. Unauthorized User Attacks

Similar to the toll fraud hack, bad actors gain access to your system. But instead of making personal calls, they actually hijack your company’s bandwidth to make illegal robo calls. Worse yet, your name and number will come up when they make those calls, leading the person on the other end of the call believing they are being contacted by your business. To stop this from happening, regularly check your call logs to make sure only legitimate users are on your network.

3. Progressive Caller Spoofing

Once a hacker gets into your system, they can call other people in your network, impersonating extensions within your network. Maybe that new employee thinks they are talking to the CEO, or the head of IT for their company. They turn over passwords or other vital information. And the damage that can be done with that is tremendous.

4. Eavesdropping for Corporate Espionage, Theft, or More

VoIP Hackers don’t necessarily have to get people to give them passwords to unlock things. Sometimes they can simply glean information about that upcoming merger, or a new product announcement, or that important new hire or firing. They can sell your customer’s private information, sell proprietary information to competitors, or bribe businesses and customers by threatening to expose their sensitive information.

This is only a sample of what VoIP hacking can cost your business. So, now that you know—what can you do? Let’s take a closer look at some of the tactics we recommend.

How to Stop VoIP Hacking Before It Starts

Luckily, there are tools to address the threats that VoIP hacking poses to your business. Some of them are cybersecurity products, others are simply a matter of training and proper protocol. Here’s some of our favorites:

Choose the Right VoIP provider

Your best defense is a VoIP vendor that has good internal built in security. As them to provide you with documentation on the security processes they have in place. If you are in an industry with data handling regulations such as HIPAA, ensure that their systems are compliant. Discuss how vulnerabilities get reported, how they respond when hacks happen. Don’t settle for less.

Choose Your Administrators Wisely

Be careful about which employees have access to the network. Consider gating off functions, having an employee that’s in charge of billing, for instance, and others responsible for access for conference calls, setting up new lines, etc. Perhaps another who monitors for incursions. And maybe only two employees that have access to everything. This alone will help keep down attacks.

Use a VPN for Remote Access and Endpoint Filtering

VoIP networks allow cell phones to be part of the company’s network. As such, you should be sure that they are on a Virtual Private Network (VPN) to encrypt those phone calls. That secure connection ensures that workers aren’t leaking information, or inadvertently logging into the unsecured wifi at their favorite coffee shop. This one step will make it nearly impossible for a hacker to eavesdrop. Back all that up with an endpoint filtering tool on your virtual private network that makes it impossible for those phones to connect to unsecured or suspicious websites.

Regularly Check Your Network

Don’t be a company that sets up a network, and never checks it again. Your VoIP system needs to be checked periodically to ensure the integrity of your data. Check every few months to be sure that staff who’ve left have been removed from the system. Make sure you frequently change your admin passwords. And check the connection gateway to make sure it’s still properly filtering incoming calls. If your company is doing hacker simulations through a formal penetration test, be sure your it is tested for VoIP hacking as well.

Watch Your Call and Access Log

Your system should automatically be recording the calls coming in and going out of your system, who they are going to, and how long they last. If you see suspicious numbers or usage patterns that are out of the ordinary, this can be a red flag that malicious activity is taking place on your network. Nip it in the bud with vigilance.

Passwords, Protocols and Cybersecurity Training

Set your system so it requires employees to create longer (20 character) passwords with capitals, numbers and special characters. Require them to store their passwords in a password vault you authorize. Once you’ve done this, install two-factor authentication apps like Duo Mobile that ensure no one is spoofing their credentials. Once that’s done, conduct cybersecurity training that goes beyond just phishing awareness, and includes their cell phones. VoIP hackers thrive on the ignorance and distractedness of your employees. Don’t give them an advantage.

Create a Mobile Phone Use Policy

Having the convenience of a VoIP cell phone is a privilege, and should be treated as such. Setting a clear mobile phone use policy is one of your best defenses against VoIP phone hacking. As part of the policy, require all phones to have fingerprint ID to unlock the device, and require employees to keep all their apps and programs as up to date as possible.

How to Stop VoIP Hacking: Where to Learn More

Want to learn more about how to secure your VoIP system, and enable a more remote, cyber secure workforce? Iconic IT has the resources you need. Check out our list of VoIP Pros and Cons, before you sign up for your VoIP service. Check out the money that VoIP phones can save for your company in our latest blog. And get a look at the bigger picture with our recent missive on how new technologies like VoIP are affecting the modern workplace.

If you’re looking to assess the cybersecurity of your business as a whole, we can help with that too! Download our FREE Cybersecurity Essentials Kit, with all the assessments, buying guides and background materials you need to get you started on a new cybersecurity program. Check it out!

Susan Gosselin is a Senior Content Writer for Integris. A career communicator and business journalist, she's written extensively on IT topics and trends for IT service providers like Iconic IT and ProCoders Ukraine, as well as business publications such as Technologyadvice.com, Datamation.com, The Lane Report and many others. Connect with her on LinkedIn.

Keep reading

Small Business Cybersecurity Guide: Tips from Top Consultants

Small Business Cybersecurity Guide: Tips from Top Consultants

If you've been putting off cybersecurity investments for your small company, the time to invest is now. There's never been a more critical time to address your small business cybersecurity. Consider these facts: The average cost for a data breach for a US company in...

Four Social Engineering Hacks You Need to Prevent in 2024

Four Social Engineering Hacks You Need to Prevent in 2024

In the first quarter of 2024, Statista reports over 963,000 unique phishing sites worldwide were detected, collectively sending out billions of spam emails a day. Is this number scary? You bet. But it's the growing sophistication of these social engineering attempts...

Updating Your Bank’s Security Training for the Age of AI

Updating Your Bank’s Security Training for the Age of AI

How much could AI-driven models like Copilot for M365, Google Gemini, or Apple Intelligence improve the productivity at your bank? The jury is still out on that one, but initial experiments place the overall AI-driven productivity gains for the US economy at between 8...