How Secure Is Our Business Service?

An overview of VoIP security risks and the steps you and SIPcity can take to protect your account.

Security is essential for any business communications system. This article explains the security measures you should implement to protect your SIPcity account and equipment.

How fraud attempts occur

Fraudsters typically begin by probing for account vulnerabilities, such as default passwords on known devices or unfiltered access to SIP peering ports. Once a vulnerability is found and an account is compromised, they exploit it to route calls through your system to international destinations, often reselling access to calling card operators.

This activity can remain undetected for months before the fraudster monetises the breach. While SIPcity monitors for suspicious calling patterns, it is ultimately your responsibility to ensure your endpoint equipment is secure. SIPcity is not liable for financial loss caused by unauthorised access to your phone equipment.

How to prevent fraud

The most important step is to use a strong password. A strong password includes uppercase letters, lowercase letters, numbers, and special characters. For example, hAv3@nic3day is far more difficult to crack than haveaniceday.

Additional security measures include:

  • Firewall protection: Lock down your router’s port 80 and restrict access to your SIP ports (5060, 5061, 50600) to your SIP service provider only.

  • Network filtering: Use firewall rules to limit access to known SIP service providers and trusted administrators.

  • Regular password updates: Change your password periodically and immediately if your account is compromised.

How we block fraud attempts

When we detect suspicious calling patterns — such as unusual call destinations or calls originating from high-risk IP addresses — we may block international outbound calling from your account. We monitor for patterns consistent with account compromise and take immediate action to protect you.

What happens if your account is blocked

If we detect a suspected fraud attempt, we will:

  1. Notify you by email that international calling has been temporarily blocked.

  2. Immediately prevent international calls from your account.

  3. Re-enable international calling once you have changed your password or hardened your firewall.

Note: Occasionally, staff may misdial a country code prefix, which our system may flag as a potential threat. We quickly identify and resolve such false positives after contacting you directly. Most customers appreciate this proactive monitoring for their protection.