Prevent Ghost Calls
Prevent ghost calls
Ghost calls, also known as phantom calls, are a common occurrence and can be quite a nuisance for those on the receiving end. The term ghost call describes a call that has nobody on the other end. When the receiving party answers the call, they're met with silence.
Why do ghost calls happen?
Some ghost calls are caused by poorly configured auto dialers. Others, however, come from a more nefarious source. Ghost calls to business phone systems are often the result of malicious port scanning.
Would-be hackers use automated systems to scan for vulnerable phone systems. One common tool used by attackers is SIPVicious, which scans for Session Initiation Protocol (SIP) ports that the attacker may be able to break into to take over the phone system.
Once a malicious party has control of a phone system, they can use it to make calls that the owner has to pay for. Some attackers use vulnerable systems to make scam calls or for harassment.
Ghost calls often come from numbers with nonexistent area codes. For example, ghost caller IDs start often with 100, 1001, or 1000. If your IT team sees such numbers in the incoming call log, this should be taken as a warning that your systems may have been under attack.
Stop ghost calls
As a business owner, it's important to properly secure your VoIP system to stop ghost calls. A good business communications provider will implement a variety of measures to stop ghost calls, but there are things you can do as a user to make your system more secure.
The simplest change you can make to reduce the risk of phantom calls is to change the port that VoIP calls take place on. The IANA registered ports for SIP VoIP calls are 5060 and 5061. Changing the port your VoIP system operates on is very much security through obscurity and will not stop aggressive port scanners. It will, however, reduce the number of hacking attempts your system is exposed to.
More effective ways of securing your SIP system include:
- Enabling validation for all incoming SIP traffic
- Forcing checking of all user IDs for SIP invites
- Restricting incoming SIP messages to a proxy
- Setting the SIP contact register to use LAN, rather than WAN, addresses
- Using the default privacy headers and P-Preferred-Identity headers
- Blocking direct IP calls
- Configuring VoIP phones to accept SIP messages from trusted sources only
Setting up, and maintaining, a secure VoIP system is not a one-off task. Your IT team should regularly read the system's log files, install security updates and perform penetration testing to ensure common vulnerabilities have been properly guarded against.
If you're worried about keeping your communication systems safe, consider contact center outsourcing your VoIP and conferencing systems. Using cloud-based business communication systems means you and your IT team are free from the hassle of having to maintain and update the systems, which gives you more time to focus on the day-to-day aspects of running your business. We handle the telephony for you.
Contact 8x8 today to request a demo of our cloud communication systems or to get a no-obligation quote.