Two or three diferent scenarios ,and none of them looks nice.
1)Someone is breaking into your phone switch, and making long distance calls via your switch and using the conference feature.
If you have a PBX at the office, disable the maintenance modem,or if it is a Nortel Switch look for a RAD unit (remote access device), that allows a technician to remotely configure your switch (very dandy also for hackers).
2)Someone is breaking into your voice mail.Calls could be going to a empty mail box, that hackers got into and they are using the “back door” to enter the system.
Make a inventory of unused mailboxes, specially the ones that have still default password.
Disable any mailbox that you are not sure about. Force everyone to change passwords.
3)And the worse case:You have service from a CLEC company that uses a channel bank and a T1 service to deliver phone lines and broadband internet to your location.
The channel bank have a public I.P. address exposed to the NET.
By breaking into the channel bank, you intercept the phone lines BEFORE they reach your phone equipment and restrictions.
You never will see this kind of activity on the normal reports.
I will check every phone call on your bill very closely. I almost guaranty long calls to places that you have no idea what they are.
This kind of calls are ALWAYS indications of hackers into your phone lines and equipment.
If you need help, post you e-mail and I will send you my contact info.