Stay Cyber Safe: Ten Tips to Hack-Proof Your VoIP Account

Profile picture of Alex Botheim
Alex Botheim
21 Jun 2023
Clock 5 min

“Hacking” conjures dramatic scenarios involving leaked nuclear secrets, sinister scams, unscrupulous sociopaths in Guy Fawkes masks and the kind of malware, spyware and ransomware attacks that expose the sensitive data of governments and global corporations.

Billion Dollar Industry

However a large proportion of hacking – simply defined as gaining unauthorised access to data in a system or computer – is far from glamorous and involves an international army of black-market, tech-savvy geeks relentlessly scouring the internet for any vulnerabilities to exploit for criminal purposes. 

One of the items high on the shopping list of cyber-scoundrels is VoIP accounts. When global syndicates of swindlers call their unsuspecting victims, they don’t use their phone. They use yours. This is called “VoIP fraud” and is a multi-billion (yes, billion) dollar global “business” that impacts hundreds of thousands of commercial enterprises and individuals in every country on the planet.

This article briefly examines this particular niche of criminal activity as well as the ways and means whereby you can prevent yourself from becoming a victim. 

The Art of Self Defence

Hacking is nothing less than theft. And the same laws that apply to theft of the physical kind apply to those of the digital variety: if it’s of value and hasn’t been locked securely and afforded a robust degree of protection, somebody will to try to steal it. There is no difference between someone filching thousands in hard cash out of your wallet and someone running up thousands of rands’ worth of calls on your account.

A recent article on the subject quotes an Interpol report stating “South Africa tops Africa in cyber threats and is third in the world, with 230 million threats detected in 2021.” Whilst a large slice of this illicit activity involves “impersonation fraud” – where criminals clone your identity to open bank accounts and obtain credit in your name – a significant amount includes crimes such as stealing VoIP login credentials to make bulk international calls on your dime.

E-mail: The Achilles Heel

Many of us are familiar with the standard phishing scam where someone calls out of the blue and says “Hi! I’m from [insert name of bank, internet service provider, credit provider, software company etc here] and we just need to verify your account.” When that happens, it’s a safe bet that they’re calling from a hacked VoIP account. 

The problem, in the context of this article, is not that you might fall for the scam but that your VoIP account is being used to perpetrate it. These miscreants have illicitly obtained the usernames and passwords of an immense number of VoIP accounts from around the world. How have they – or whoever they bought them from – done so? In the vast majority of cases, it’s by hacking emails. 

As the article mentioned above goes on to say, “of the 230 million cyber threats detected in SA in 2021, 219 million were related to e-mails.” So there’s our number 1 culprit: most unauthorised access to sensitive data is gained by hacking emails that haven’t been properly secured. As the Voys in-house cyber-security expert Todd Ellwood puts it: “These bad actors are essentially thieves looking for the lowest fence to jump over. So do whatever you can to ensure yours is prohibitively high.”

High Fences

So, how do you build the highest fence humanly possible to deter the online outlaws casting ravenous eyes upon your VoIP account? These ten tips ought to give you a decent edge over the digital desperados.

  1. Ensure you use a premium business telephony platform like Freedom from Voys. Freedom contains a feature which automatically detects unusual call behaviour and notifies you before your phone bill spirals out of control. 
  2. Don’t share sensitive data such as access credentials over e-mail. These are notoriously easy to hack as the information is transmitted across networks whose security cannot be guaranteed. 
  3. Use an encrypted digital vault such as 1Password or KeyHub to store the sensitive stuff. Colleagues can access logins without having to communicate across a network. If possible, use an encrypted communications tool such as Slack for intra-organisational comms.
  4. If you do have to share confidential information over unsecured networks, use images instead of text. Algorithms hunt for common ciphers such as the @ sign so send a screenshot of an email address instead.
  5. Use different username/s and password/s across platforms and change them often. If you use the same password – or variations of the same password – on multiple platforms, you are making yourself vulnerable on various fronts as a hacker will invariably try the same password in as many places as possible.
  6. Change factory presets. Routers come with default usernames and passwords; hardphones come with set SIP credentials. Many of these can be easily obtained on the internet so make a point of manually reconfiguring them.
  7. Use two-factor authentication (2FA), aka multi-factor authentication (MFA). There are several free authenticator apps out there, with Google Authenticator probably the most popular. This affords you an extra layer of protection and makes unauthorised access to your accounts that much more difficult. 
  8. Disable international calling. The lion’s share of unauthorised VoIP use is for the purpose of making as many international calls as possible. To make life even more irksome, most of these illicit calls take place between midnight and 5am. Check if your system allows international calling as a default. If you don’t call overseas, disable it. If you do, consider making only one user/extension capable of international calls and equip it with 2FA. 
  9. Have a data management strategy in place. (The 3-2-1 backup strategy is a simple but effective measure.) If you store sensitive information in the cloud, ensure it is encrypted, equipped with 2FA and only trusted colleagues have access.
  10. If you’re very serious about security – especially if you have concerns around malware, spyware and ransomware above and beyond unauthorised use of your VoIP account – consider using a specialist data management company such as Veritas.

Forewarned is Forearmed

Service providers can generally be counted upon to do their part to ensure the integrity of the accounts of their clients and customers. However, securing sensitive data is ultimately the onus of the end-user, so do everything in your power to protect it from predators. 

We’re most certainly not trying to make you paranoid, but in principle it is always wise to err on the side of caution to ensure peace of mind. Since the egg is notoriously averse to being unscrambled, don’t provide anyone with the opportunity to crack your shell in the first place.

If you’d like to speak to any of the gifted Voys tech-savants with regards to security – or any other VoIP-related matter – don’t hesitate to drop us a line anytime. 

Keen on a quarterly slice of succinct insights from the inside track? Sign up to our newsletter.

Sign Up!