Introduction
With the rise of cloud communication platforms, fraudsters have found new ways to exploit vulnerabilities in business phone systems. One of the most common types of fraudulent activity impacting contact centers today is toll fraud, where attackers misuse compromised accounts to make unauthorized international calls, leading to inflated bills and financial losses.
Attackers may leverage Talkdesk to commit toll fraud. In this article, we will explain the fraudsters’ motivations, the process they use, and the security measures you can take to protect your organization.
How Attackers Exploit Talkdesk
Fraudsters typically gain access to Talkdesk accounts through compromised credentials. Once inside, they initiate a large number of unauthorized outbound calls, often routing them through high-cost international carriers.
Common Attack Methods:
- Brute Force Attacks – Automated bots attempt to log in using commonly used passwords.
- Credential Stuffing – Attackers use leaked username and password combinations from other breaches.
- Phishing – Fraudsters trick employees into revealing login details.
-
Social Engineering – Attackers impersonate IT support to gain access to user accounts.
Why Toll Fraud Occurs
Attackers engage in toll fraud for financial gain. They often target high-cost international destinations, particularly in regions where fraudsters have revenue-sharing agreements with local carriers. Each unauthorized call generates income for these parties, leaving Talkdesk users to bear the cost. Some attackers also exploit telecom carrier partnerships to inflate call traffic artificially and collect inbound call termination fees.
How Talkdesk is Addressing Fraud
At Talkdesk, ensuring the security of our platform and protecting our customers from fraudulent activity is a top priority. We continuously assess emerging threats and implement measures to safeguard user accounts from unauthorized call activity.
To reduce the risk of toll fraud, Talkdesk has implemented restrictions on outbound calls to locations with a high incidence of fraudulent activity. This measure prevents unauthorized calls from being placed to known fraudulent carriers, helping to protect customers from unnecessary financial exposure.
What You Can Do to Protect Your Account
Enable Two-Factor Authentication (2FA) (Highly Recommended)
Our investigations have shown that unauthorized call activity only occurred in accounts without Two-Factor Authentication (2FA) enabled. In contrast, accounts with 2FA remained secure and were not affected by fraudulent incidents. Enabling 2FA is one of the most effective safeguards against unauthorized access and is strongly recommended for all users.
- For Admins: Follow the Admin 2FA Configuration Guide.
-
For Agents: Follow the Agent 2FA Setup Guide.
Use Strong, Unique Passwords
- Avoid reusing passwords across different platforms.
- Change your Talkdesk password regularly.
- Use a password manager to store credentials securely.
Regularly Review Call Logs & Account Activity
Regularly review your Call Logs in Talkdesk for unusual call patterns, such as unexpected international calls or activity outside business hours. Report any suspicious activity immediately.
Train Employees on Security Best Practices
Educate your team on phishing awareness, social engineering risks, and secure password practices.
Conclusion
Toll fraud is a growing threat, but you can take action to prevent it. By enabling Two-Factor Authentication (2FA), monitoring account activity, and staying vigilant, you significantly reduce the risk of fraudulent activity in your Talkdesk account.
If you suspect unauthorized call activity or need assistance with security settings, please reach out to the Talkdesk Support Team via the Support Portal.