It is relatively common to hear of someone whose companies' phone system was breached and used to place numerous calls at the owner's expense. Most of the time these calls are international with charges that accumulate very rapidly. The whole event can occur very without warning, sometimes overnight in the hours when not much is going on. These "breach and access" fraud events usually happen in the evening when employee use is either low or non-existent. As a normal "good practices" routine, it is suggested to consider someone at the company check call records paying special attention to which countries that are called (if International calling is enabled). Check for any unusual times of calls and if there are occurrences of an unusually excessive number of calls taking place in a short period of time. Keeping tabs on your companies' call records represents just a first step. Here are some tips to help avoid your PBX phone system from being used for these types of uses.
Security is an on going chore for administration, and best practices can evolve as new techniques are uncovered. Most breaches of fraud happen to more easy targets, because those that are looking to gain access are scanning millions of addresses for vulnerable targets. These types of PBX fraud attacks can be lessened substantially from a few good configuration settings and well-known good practices.
NOTE: Here's an additional easy tip that makes good sense. Most searches for PBX systems that can be fraud targets occur looking for access which begins with scans for well known names, ports or protocols. Using well-known search engines for the IoT (Internet of Things) devices can be located quickly if the right information is being advertised. To limit devices and your PBX from known targeted scan searches change the advertised name. This includes your PBX (i.e. version of Asterisk, etc.) so scans that search for specific hardware devices by name will not include your system.