If you assume only celebrities suffer phone hacks, think again. In November, managers at Oxford-based farming charity RABI were shocked to receive a phone bill of around £2,000. The reason: someone had compromised their telephone system and used it to place calls to premium-rate numbers.
The telephone system provider detected suspicious activity almost immediately, but resolving the breach still took three days of downtime. This type of attack is far more common and financially damaging than voicemail-only intrusions. Attackers routinely target business telephone systems for profit, and the costs can be substantial: an October report from the Communications Fraud Control Association estimated global annual PBX hacking losses at a staggering $4.4 billion (about £2.7 billion).
It’s not just legacy telephony that’s at risk. The same report indicates potential losses from IP phone system hijacking approach $3.6 billion (approximately £2.2 billion), with total telecom fraud rising to $46.3 billion (roughly £28.8 billion).
Phones — surprisingly easy to exploit
Consider the recent revelations from the News of the World trial: experts described at least three methods to hack a mobile phone, including interrupting the voicemail sequence to exploit the Unique Voicemail Number (UVN) or tricking a provider’s voicemail platform via its Generic Platform Number. If celebrities’ phones can be compromised so readily, it’s reasonable to ask whether your business phone system is any safer.
The uncomfortable truth is that voice communications are more vulnerable than many organisations realise. Although fraud is often detected, it isn’t always caught quickly, which can result in budget leakage, direct financial loss and potential reputational harm — especially if calls are routed to questionable premium services.
The good news is that modern business telephone systems can incorporate stronger protections than earlier setups. If you use an IP-based system from a reputable provider that implements robust SIP trunking, you can expect comprehensive monitoring, real-time alerts and portal controls that flag unusual activity promptly.
With those safeguards in place, your provider can instantly lock down a compromised account, preventing large unexpected charges. That capability can save you from scenarios like the company that discovered a weekend’s worth of calls to Somalia had generated about £3,000 in charges — calls the organisation had no legitimate reason to place. Don’t let your team face that risk: ensure only authorised users have access to company phone accounts and verify your provider offers the necessary security and oversight.
If you’re considering an upgrade, look for guidance on assessing your telephony infrastructure and deciding whether a hosted solution is right for your organisation. Updating systems and choosing a provider with strong anti-fraud controls can significantly reduce the chance of costly breaches and keep your communications secure.