Here is a link to a good article in a national publication, the New York Times, on the growing issue of toll fraud. Toll fraud has been around for many years, but continues to get worse for a number of reasons. Attackers set up premium (think 1-900) numbers and are incented to drive traffic to these numbers. They look for ways to generate the traffic and leave a victim with the bill. Small businesses are an attractive target. They often deploy new VoIP systems, but do not spend the time to secure them, and address issues such as default open ports and passwords. The attackers scan for these systems and when found, use them to launch 100's, 1000's, or 10,000's of calls to their premium numbers. Or they hire attackers to do this for them and share the revenue.
The issue doesn't have a lot to do with VoIP, it can occur with legacy TDM PBXs and trunking, but is often associated with VoIP, because it is often the new low-end VoIP systems that are being attacked. Also, the attackers often use low-cost VoIP and SIP services to generate inbound calls to the compromised PBXs, which "hairpin" out to the premium numbers.
http://www.nytimes.com/2014/10/20/technology/dial-and-redial-phone-hackers-stealing-billions-.html
Since these calls cost the service provider money to deliver, they can't usually credit the victim.
There are a number of solutions to this issue, including the SecureLogix (www.securelogix.com) voice security/firewall application. Using a cloud-based delivery option makes this solution very attractive for small businesses, who don't have the expertise or budget to deploy and manage a premises based solution.