There are many possibilities. Thieves or hackers can:

• Break into your PBX using Direct Inward System Access (DISA), remote access and maintenance ports or modems, and place calls as though they originated from your system
• Break into your voice-mail system and take over mailboxes, and/or steal long distance by obtaining an outside line or by programming mailboxes to accept third-party billed calls
• Use your toll-free numbers (800, 888, 877) and make calls that you didn't intend to or want to pay for
• Go through your trash, commonly known as 'dumpster diving,' searching for codes
• Use your printed internal telephone directory to try and 'recruit' your employees
• Con your switchboard and reception staff into accepting collect calls or connecting them to long distance trunks, a technique known as 'social engineering'
• Bill international calls to your telephone number by employing a third number billing scam
• 'Shoulder surf' in airports or other public locations to obtain authorization codes by looking over callers' shoulders as they use them