Long-distance fraud is often accomplished by compromising the security of a VoIP phone or phone system. Call functions such as call forwarding are used by an attacker to place calls using your phone number(s), incurring charges on your account. General security best practices, such as changing passwords of phones and other Hosted PBX equipment regularly, employee training and education of proper system usage and best practices, and regulating remote access are good steps to take to prevent long-distance fraud.
Notes: While fraud can always occur due to social engineering, the more significant threat is usually a compromised phone system or VoIP phone. If it’s HPBX, it’s controlled by Metronet end-to-end, and not the customer’s responsibility. The most likely scenario, that can be influenced by customers, would be if Metronet is providing a SIP trunk in some form, and the customer’s equipment was infiltrated/compromised.