Phone Systems

Previous Thread
Next Thread
Print Thread
Rate Thread
Toll fraud on my meridian
#128999 07/17/06 10:49 AM
Joined: May 2005
Posts: 137
Jordan Offline OP
Member
OP Offline
Member
Joined: May 2005
Posts: 137
This morning we had a voice mail from someone that said they were with AT&T fraud. They were calling to inform us that they detected steady calls to the Philippines from Saturday July 15th at 12:20 AM for the whole day and that we needed to secure our PBX system. I called the number 800 xxx-xxxx that they left and referenced the case number ####### and they said that they were now blocking the calls and we needed to contact our vendor to secure the system.

We already have blocks on our PBX to prevent 1010xxx calls and usually everyone has left the building by this time so I am uncertain how these calls might have been made. During the conversation with the person at the 800 number above, they asked what type of system we had which I found to be odd ( I did not say the type ). I suspect that some type of fraud is going on however we don’t know if we had already been a victim of toll fraud as the caller said or if the caller was trying to attempt call fraud when I returned their call.

Is there a list of items I need to check to be sure that my Meridian system with 6.1 software and NAM with 4.0 software will not be used to make calls for theives?

Nortel Equipment and Telephones
Re: Toll fraud on my meridian
#129000 07/17/06 11:57 AM
Joined: Oct 2005
Posts: 4,681
Member
Offline
Member
Joined: Oct 2005
Posts: 4,681
Typically toll fraud is a result of the voice mail system not being properly secured.

Toll Fraud prevention 101:
Only those mail boxes that actually use outdialing be allowed to.

Easy passwords should be avoided (1111, 1234 etc) especially in the GD and the Admin mailboxes and passwords should changed periodically.

Toll restrict all voice mail ports. Or better yet toll restrict lines and provide COS passwords to override restrictions to those who must call long distance (a pain but could save you $$$).

If anyone call you about fraud or any other thing that makes you suspicious, ask for a phone number and call them back.


Marv CCNA, CTUB
TeleMarv Services
Providing telecommunication solutions in Ottawa Canada since 1990
http://www.telemarv.ca
Specializing in Nortel Norstar, BCM and Allworx VoIP Servers
Re: Toll fraud on my meridian
#129001 07/17/06 06:43 PM
Joined: May 2005
Posts: 137
Jordan Offline OP
Member
OP Offline
Member
Joined: May 2005
Posts: 137
I believe I tracked it down to the GD mailbox. It seems the receptionist favored 1111 for the password. AHHHHH!!!!

Also, the system installer during the last upgrade seemed to have turned on the outbound transfer for that mailbox. Double AAAAHHHH!!!

OK, so I did the following:

1. Changed the password on the GD mailbox (100) to something tough.
2. Changed the password on the System Manager mailbox (102) to something tough.
3. Checked all known mailboxes including 100 and 102 to be sure the outbound transfer was changed from POOL to NONE if it was set.

A couple of questions:

1. I don't have a RAD hooked up to the system (Norstar Meridian with 6.1 software and 4.0 NAM) so could any other part of the system be vunerable to remote programming?

2. If I set up a restriction to stop 1010 just as I have a filter for 900 will this also apply to the voice mail ports?

3. If the hackers just went and dialed through via my regular carrier I might have some leverage in getting these calls squashed but they setup the transers to dial 10-10-ATT and Verison and probably other carriers. When something happens like this, what is the liability for these charges?

4. One thing that the AT&T said when they were informing me of the fraud is that the hackers may have setup more mailboxes. Is this possible to do remotely on the Meridian system without having a RAD hooked up?

5. Lastly, is there a way to just see each mailbox that exists without having to do F983 and try each mailbox number?

Re: Toll fraud on my meridian
#129002 07/17/06 07:01 PM
Joined: Nov 2003
Posts: 1,310
Member
Offline
Member
Joined: Nov 2003
Posts: 1,310
There is a way to view a voicemail list in a NAM via laptop. Check in the Nortel FAQ's section for the procedure to connect to a NAM


D. Ocean
Miami, FL
Re: Toll fraud on my meridian
#129003 07/17/06 07:08 PM
Joined: Mar 2001
Posts: 3,869
Member
****
Offline
Member
****
Joined: Mar 2001
Posts: 3,869
If you had SMDR hooked up to the system, you would pinpoint the extension (vm port) making the calls.


THE Bracha, old blond specialist in Rube Goldberg solutions.
Re: Toll fraud on my meridian
#129004 07/18/06 07:06 PM
Joined: May 2005
Posts: 137
Jordan Offline OP
Member
OP Offline
Member
Joined: May 2005
Posts: 137
I guess the details of where they were calling or where they were dialing in from to hack does not matter any longer because I doubt that anyone I call is going to do anything about it. I just have to make sure that I have everything setup so it cannot happen again.

Things done:

1. Turned off outbound transfer on all mailboxes.
2. Placed restriction on set 280 and 281 to prevent all 4 ports of the NAM from being able to dial anything by restricting 0,1,2,3,4,5,6,7,8,9.
3. Also added dial restriction for 00 for the filter that is on all the other phones to prevent contacting the International Operator.
4. Got everyone to change their mailbox passwords to 6 digits just incase.
5. Changed all password listed in Feature **CONFIG from the defaults to new (I wrote them down and secured them)

Since I have no RAD hooked up is there anything else I need to do to secure the system?

Also, is there a way to list all the mailboxes that are on the system. I tried to use Feature 983 an use the directory to cycle through them however I noticed that in one of my tests I created a mailbox with out entering a name and it did not show up as I cycled through the directory. I am worried about the possibility of there being a mailbox where the only way I can find it is to go through all possible numbers.

Re: Toll fraud on my meridian
#129005 07/19/06 11:01 AM
Joined: Nov 2004
Posts: 222
Member
Offline
Member
Joined: Nov 2004
Posts: 222
Also build a Filter blocking 1010 and put that Filter on the lines. One more step I do here is if you are not using 1010 codes let your carrier know and they can block it.


Moderated by  MooreTel, NTlayoff, Z-man 

Link Copied to Clipboard
Forum Search
Most Recent 5 Post
IP Office 500 vers. 9.0
by Telesystems - 07/03/20 05:27 PM
Merlin Legebd
by hitechcomm - 07/03/20 08:35 AM
SIP phone Interoperability
by Bushmills - 07/02/20 11:48 PM
Private Message/ PM
by Professor Shadow - 07/02/20 09:26 PM
Who's Online Now
21 members (Curlycord, Professor Shadow, Ruben, justbill, nortelvoip, jeffmoss26, Edward_, Yoda, newtecky, Bob-o, JBean3329, BobRobert, Silversam, Carl Navarro, gelehu, RM SYSTEMS, metelcom, dexman, John807, Bob3470, hbiss), 87 guests, and 57 robots.
Key: Admin, Global Mod, Mod
Popular Topics (Views)
Forum Statistics
Forums94
Topics93,795
Posts636,274
Members49,308
Most Online5,661
May 23rd, 2018
Today's Birthdays
Dale C, dzuroff, Jevnick, legionosh, Redswine
Newest Members
Real Estating, ForestHillChurch, Rick95, Byron Stewart, chad1003
49307 Registered Users
Get Tech Support Now! Click the banner below
Get Tech Support Now!
EMP & Lightning Home Surge Protection
EMP - Click Here!
Top Posters (30 Days)
dexman 26
dans 10
Ruben 9
Bluewater Sailing
https://www.patreon.com/bePatron?u=5256033
EMP Shield for Commercial - Home & Vehicle
Use Coupon code SAVE - Click Here!
Servpro Ventura 24-Hour Emergency Service
Free Estimates call us now 24Hours
Contact Us | Telephone System Tech Support | Terms of Service

Sundance Communications is not affiliated with any of the above manufacturers.
©Copyright Sundance Communications 1998-2020
Trusted Partners