What is a Precautionary Suspension/ Restriction?
Hoiio is committed to maintaining the highest standard of security to reduce the risk of credit fraud through your VoIP service. If we detect suspicious behavior on your SIP account we will suspend the service, and send you an e-mail as soon as possible to notify you of the possible security compromise as we well as the suspension.
*In some cases, we might not suspend the account totally but restrict your call via destination or via your IP only.
What Constitutes a Security Compromise?
We have sophisticated systems in place that automatically detect unexpected patterns of call activity and common techniques used by fraudsters. Once our system has identified your SIP account as being compromised, we will take action to limit any damage if any.
What Should I Do If I Am Suspended or Have my Calls Restricted?
Counter-check the usage history in your Hoiio account to determine whether the calls were legitimate or not. Be on the look out for consecutive calls that overlap each other, a great number of international calls to unfamiliar destinations, and repeated calls to the same number. If you have determined that your call usage history is genuine and that is no suspicious activity,please email firstname.lastname@example.org or call our Support Lines during business hours to request for an un-suspension.
*If you believe that your SIP account or PBX has been compromised, it is important that the cause of the compromise is found and fixed before requesting to resume the SIP service. We have the right to suspend you again should it happen in the future. By requesting to unsuspend your service, you are accepting the risk that there may be further exploitation and you will be liable for any charges as a result of future security compromise.
How Can I prevent Future Security Compromises or Fraud ?
Compromised SIP accounts are the result of either an attacker gaining your SIP credentials (SIP Details and password) or them attacking equipment (PBX) on your network itself. The first step would be to Change your SIP password immediately and reconfgiure your device with the new password.
Some hardware equipment such as PBX used to handle SIP calls may have weak security settings by default.
Malware and Trojan Horse attacks can also compromise SIP services. Ensure that firmware and software is up to date on all machines and devices on your network. Watch out for malware and Trojans hidden in your computers.
Most importantly, contact the provider of your PBX solution and discuss the problem, and ensure that a firewall is used to block all but the essential ports. Change all passwords for machines, your wireless network and other devices.
Besides this, change your Hoiio account password regularly and do not share it freely especially via email.
*The security of your network is your responsibility. Hoiio cannot ensure that your network and the devices attached to it are secured .
How Do I Use the Security Features with Hoiio SIP?
Do take note that this does not solve the root of the compromise (it is still compromised) or hacking which must be solved in consultation with your hardware or network provider and is only used as a last measure to stop the calls from going through.
However, please ensure to activate either the IP Whitelist or the Country Whitelist
1. IP Whitelist
The IP whitelist defines the IP addresses which can make calls via Hoiio. When a SIP call is made, the IP whitelist identifies the IP address of the person making the SIP call. If the IP address is recognised as belonging to the company the IP-PBX is registered to, the call gets through. A hacker would be unable to successfully make his call because his IP address would be recognised as unauthorised, and thus the call gets rejected.
2. Country Whitelist
Every company can select the countries it intends to make calls to, and specify these in their account settings. This list of countries is therefore the country whitelist. Hackers beware, because any attempts to make overseas calls to countries outside the country whitelist will be blocked.