|
Joined: May 2005
Posts: 137
Member
|
OP
Member
Joined: May 2005
Posts: 137 |
This morning we had a voice mail from someone that said they were with AT&T fraud. They were calling to inform us that they detected steady calls to the Philippines from Saturday July 15th at 12:20 AM for the whole day and that we needed to secure our PBX system. I called the number 800 xxx-xxxx that they left and referenced the case number ####### and they said that they were now blocking the calls and we needed to contact our vendor to secure the system.
We already have blocks on our PBX to prevent 1010xxx calls and usually everyone has left the building by this time so I am uncertain how these calls might have been made. During the conversation with the person at the 800 number above, they asked what type of system we had which I found to be odd ( I did not say the type ). I suspect that some type of fraud is going on however we don’t know if we had already been a victim of toll fraud as the caller said or if the caller was trying to attempt call fraud when I returned their call.
Is there a list of items I need to check to be sure that my Meridian system with 6.1 software and NAM with 4.0 software will not be used to make calls for theives?
|
|
|
Nortel Phone System Service in Canada
Do you need a Nortel Phone System technician or specific Nortel parts?
Atcom to the rescue! Our telephone techs have qualified experience servicing and troubleshooting Nortel CICS, MICS, & BCM telephone systems.
Service in Canada from sea to sea.
|
|
|
Joined: Oct 2005
Posts: 4,685 Likes: 4
Member
|
Member
Joined: Oct 2005
Posts: 4,685 Likes: 4 |
Typically toll fraud is a result of the voice mail system not being properly secured.
Toll Fraud prevention 101: Only those mail boxes that actually use outdialing be allowed to.
Easy passwords should be avoided (1111, 1234 etc) especially in the GD and the Admin mailboxes and passwords should changed periodically.
Toll restrict all voice mail ports. Or better yet toll restrict lines and provide COS passwords to override restrictions to those who must call long distance (a pain but could save you $$$).
If anyone call you about fraud or any other thing that makes you suspicious, ask for a phone number and call them back.
Marv CCNA, CTUB TeleMarv Services (Retired) Providing telecommunication solutions in Ottawa Canada since 1990
|
|
|
|
Joined: May 2005
Posts: 137
Member
|
OP
Member
Joined: May 2005
Posts: 137 |
I believe I tracked it down to the GD mailbox. It seems the receptionist favored 1111 for the password. AHHHHH!!!!
Also, the system installer during the last upgrade seemed to have turned on the outbound transfer for that mailbox. Double AAAAHHHH!!!
OK, so I did the following:
1. Changed the password on the GD mailbox (100) to something tough. 2. Changed the password on the System Manager mailbox (102) to something tough. 3. Checked all known mailboxes including 100 and 102 to be sure the outbound transfer was changed from POOL to NONE if it was set.
A couple of questions:
1. I don't have a RAD hooked up to the system (Norstar Meridian with 6.1 software and 4.0 NAM) so could any other part of the system be vunerable to remote programming?
2. If I set up a restriction to stop 1010 just as I have a filter for 900 will this also apply to the voice mail ports?
3. If the hackers just went and dialed through via my regular carrier I might have some leverage in getting these calls squashed but they setup the transers to dial 10-10-ATT and Verison and probably other carriers. When something happens like this, what is the liability for these charges?
4. One thing that the AT&T said when they were informing me of the fraud is that the hackers may have setup more mailboxes. Is this possible to do remotely on the Meridian system without having a RAD hooked up?
5. Lastly, is there a way to just see each mailbox that exists without having to do F983 and try each mailbox number?
|
|
|
|
Joined: Nov 2003
Posts: 1,310
Member
|
Member
Joined: Nov 2003
Posts: 1,310 |
There is a way to view a voicemail list in a NAM via laptop. Check in the Nortel FAQ's section for the procedure to connect to a NAM
D. Ocean Miami, FL
|
|
|
|
Joined: Mar 2001
Posts: 3,869
Member
|
Member
Joined: Mar 2001
Posts: 3,869 |
If you had SMDR hooked up to the system, you would pinpoint the extension (vm port) making the calls.
THE Bracha, old blond specialist in Rube Goldberg solutions.
|
|
|
|
Joined: May 2005
Posts: 137
Member
|
OP
Member
Joined: May 2005
Posts: 137 |
I guess the details of where they were calling or where they were dialing in from to hack does not matter any longer because I doubt that anyone I call is going to do anything about it. I just have to make sure that I have everything setup so it cannot happen again.
Things done:
1. Turned off outbound transfer on all mailboxes. 2. Placed restriction on set 280 and 281 to prevent all 4 ports of the NAM from being able to dial anything by restricting 0,1,2,3,4,5,6,7,8,9. 3. Also added dial restriction for 00 for the filter that is on all the other phones to prevent contacting the International Operator. 4. Got everyone to change their mailbox passwords to 6 digits just incase. 5. Changed all password listed in Feature **CONFIG from the defaults to new (I wrote them down and secured them)
Since I have no RAD hooked up is there anything else I need to do to secure the system?
Also, is there a way to list all the mailboxes that are on the system. I tried to use Feature 983 an use the directory to cycle through them however I noticed that in one of my tests I created a mailbox with out entering a name and it did not show up as I cycled through the directory. I am worried about the possibility of there being a mailbox where the only way I can find it is to go through all possible numbers.
|
|
|
|
Joined: Nov 2004
Posts: 222
Member
|
Member
Joined: Nov 2004
Posts: 222 |
Also build a Filter blocking 1010 and put that Filter on the lines. One more step I do here is if you are not using 1010 codes let your carrier know and they can block it.
|
|
|
Forums84
Topics94,262
Posts638,697
Members49,757
|
Most Online5,661 May 23rd, 2018
|
|
1 members (OBT),
69
guests, and
417
robots. |
Key:
Admin,
Global Mod,
Mod
|
|
|
|