Imagine your phone rings and you answer it to find absolutely nothing on the other end—no voices, background noises, or static of any kind. This is what’s known as a ghost call, and although the name makes it sound like they’re just a Halloween prank, they’re not that funny.
Sometimes referred to as phantom calls, these strange occurrences can happen on both landlines and Voice over Internet Protocol (VoIP) networks. They often look and behave similar to accidental calls and pocket dials, but their origin stems from something far less innocent.
If you find yourself on the receiving end of a ghost call, it’s most likely a sign that your phone system is under some kind of scam or attack. If successful, the consequences can be frustrating and expensive.
Why Do Ghost Calls Happen?
It’s tough to talk about ghost calls without first touching on Session Initiation Protocol (SIP) technology. For VoIP phone systems, SIP plays a key role in the transmission process of voice data. Much like the phone switch operators of old, a series of SIP ports act as gateways in and out of the network, allowing calls to be made or received.
Nearly two decades ago, a program called SIP Vicious was released with the goal of helping information security teams find weak spots in their own online networks. This kind of self-assessment is an essential part of identifying SIP-related security vulnerabilities that might otherwise expose sensitive data to unauthorized parties. In particular, SIP Vicious is a port scanner software that tests available SIP ports and tries to gain access to the system.
Unfortunately, cyber attackers quickly caught on to the potential of exploiting port scanning for their own malicious purposes—because once a weak port is identified, hackers can completely take over a phone line. At best, this interrupts your service and your ability to make calls. At worst, the attacker can use your number to make very expensive international calls on your dime.
Furthermore, port scanning also presents the possibility for hackers to dig their way into your larger network. If so, they would gain access to other phone lines and devices within your shared system—potentially leading them to private data such as passwords and financial information.
Identifying Ghost Calls
Sometimes, ghost calls can be confused with silent calls. These are usually the result of a contact center or collections agency using an automatic dialer—a standard tool offered through most hosted VoIP providers.
If the phone rings too many times before you’re able to pick it up, automatic dialing software can time out and cut off the call before you answer, thus resulting in silence on the other end.
Likewise, the same kind of experience can occur if a contact calls you unintentionally—though that usually comes with a bit of background noise.
One good way to differentiate between ghost calls, silent calls, and accidental pocket dials is to take a look at the originating phone number. These should be stored in your phone’s call log even if the caller doesn’t leave a voicemail.
A great deal of ghost calls come from numbers with a prefix of 100, 1000, or 1001. This gives them an especially fake or scammy appearance. An example of this might be 1-000-432-4343 or something similar. If you receive calls from numbers fitting this description, there’s a good chance that a cyber attacker is testing your system for weaknesses.
How to Stop Ghost Calls
Should you receive a call from a ghost number, it’s not a good idea to call it back. Instead, get in touch with your phone provider immediately to ask about setting up protection measures for your network. (Or better yet, do it before you receive any ghost calls.)
If you run your own Private Branch Exchange (PBX) system, you can coordinate some of the following approaches with your provider.
Use an Alternate SIP Port
Any unencrypted SIP signals sent across an online network will default to port 5060. Since this is the industry standard, you can be sure that hackers are aware of it, too. To exploit it, all they have to do is get through this main port in order to access not only your phone system but also the unencrypted data being transferred through the SIP gateway.
You can bypass this issue by configuring your PBX or hosted VoIP phone system to use non-standard ports. By opening up an alternate port within your online phone network, you can turn the tables on hackers who would have to sift through thousands of potential options to find your specific ports.
Enable Call Filters
Whether your system runs via a hosted VoIP network or an in-house PBX, you should be able to adjust the settings that determine which callers can gain entry to your SIP ports. By default, VoIP systems allow all calls through to your users, no matter the source.
To add an extra layer of protection, you can turn off your Allow IP Calls setting to eliminate communications from unknown Internet Protocol (IP) addresses. Depending on your specific software, you can also toggle Accept SIP Trust Server Only or Accept Incoming SIP from Proxy Only settings, typically found under your Features tab.
Keep in mind that you can take these precautions one step further by permitting data exchanges with recognized IP addresses only.
Maintain Firewall Protections
Hackers are always improving their approaches, so you’ll have to do the same if you want to stay ahead. This means ensuring that your system is up to date with the latest security measures and firewall protections.
With regular maintenance, these programs can monitor incoming transmissions and block most bad actors—including ghost calls. Periodic updates to all hardware and firmware are also important, as they ensure your system is in top shape.
Change Your IP Address
In the midst of a cyberattack, changing your IP address can be a good way to hide your device or network. This is a relatively easy (and legal) step to interrupt the assault, but be aware that it may only work temporarily—because if your network is successfully targeted once, it will likely be targeted again.
That said, altering your network information can still buy you some time until you set up more adequate security protections. You should be able to update your IP address through your device settings or by resetting your router.
Similarly, installing a Virtual Private Network (VPN) or proxy server will automatically replace your existing IP. Just remember that certain websites may not work with an IP address change, and you may also be logged out of any active programs.
Use a Call Blocker
For ghost calls that come through a landline, a call blocker is the most recommended method of protection. Many phones already have call blockers built in thanks to software that pre-screens all incoming calls, ultimately dropping silent and ghost calls before they can ring.
Just as with hosted VoIP or PBX systems, you can also create a safelist of authorized numbers you know and recognize to ensure that you never miss an important call.
If your business manages its own phone system, you may want to talk to your IT team about using a port scanner program to test your SIP system security periodically. The aforementioned SIP Vicious has a pro version that is engineered to find vulnerabilities before the attackers do.
Why You Should Report Ghost Calls
Although they may seem like harmless nuisances, ghost calls are actual threats that should be taken seriously. If an attacker manages to find vulnerable SIP ports in your VoIP system, they can disrupt your phone communications and wreak havoc on your entire network.
It’s a good practice to report ghost calls to your hosted or landline provider whenever possible. You will likely need to work together to effect strong, multi-tiered protections, including any SIP port changes, firewall updates, and call filters.
Keep in mind that you can also choose to report the attack to the Federal Communications Commission (FCC). Although the organization isn’t a direct resource for stopping ghost calls on your network, it does keep track of them to inform and protect consumers.