Yealink “ghost” phone calls

Occasionally we get support calls from people reporting “ghost” calls on a Yealink phone.

Fortunately the problem is easier to fix than calling the Ghostbusters in.

It’s caused by potential hackers trying to gain access to public SIP phone systems by scanning IP addresses for anything that responds to SIP calls. Usually using a tool called sipvicious.

Whilst they can’t really do anything bad with your Yealink phone, these calls are a nuisance.

To stop them, make sure you are on a fairly recent firmware version. v73 from or newer is recommended.

Then change two settings in the web interface:

    • Allow Direct IP Call – this means the phone will respond to calls coming in to it from any IP address, to any number. Sometimes used for internal intercom systems or basic phone testing without using a PBX. Set it to disabled. This setting is found in the “Features” setting tab, “General Information” page.


    • Accept SIP Trust Server Only – this is whether the phone accepts calls to the correct phone number but from a different place than it is Registered to. Sometimes needed for certain SIP providers but you want to set this to enabled wherever possible so the phone only accepts calls from your service provider. This setting is found either in the “Features” tab, “General Information” page or the “Account” tab depending on the phone model or firmware version.


On v80 firmware these are both in the same place:

Features > General Information