Ghost calls often occur as a result of unauthorized attempts by "hackers" to exploit phone systems, typically aiming to make calls to premium-rate numbers. The process usually begins with these attackers scanning the internet for devices that respond on port 5060, which is the standard port used by PBX systems and IP phones. Once they identify a responsive device, they experiment with various call formats. If they manage to successfully place a call, they can hijack by initiating hundreds of calls to premium-rate numbers, generating revenue through kickbacks from other third-party phone companies.
To mitigate this risk, you can enhance security by placing the phone behind a firewall or a NAT router, which restricts access so that only VoiceCloud can connect. Another effective measure is configuring the phone to accept calls exclusively from a registered server. The specific name for this setting may vary depending on the phone brand, but it serves to ensure that only authorized connections are permitted.