web statisticsweb stats Business Phone Systems Tech Talk Forum - VOIP & Cloud Phone Help

Business Phone Systems

Previous Thread
Next Thread
Print Thread
Rate Thread
#128999 07/17/06 06:49 AM
Joined: May 2005
Posts: 137
Jordan Offline OP
Member
OP Offline
Member
Joined: May 2005
Posts: 137
This morning we had a voice mail from someone that said they were with AT&T fraud. They were calling to inform us that they detected steady calls to the Philippines from Saturday July 15th at 12:20 AM for the whole day and that we needed to secure our PBX system. I called the number 800 xxx-xxxx that they left and referenced the case number ####### and they said that they were now blocking the calls and we needed to contact our vendor to secure the system.

We already have blocks on our PBX to prevent 1010xxx calls and usually everyone has left the building by this time so I am uncertain how these calls might have been made. During the conversation with the person at the 800 number above, they asked what type of system we had which I found to be odd ( I did not say the type ). I suspect that some type of fraud is going on however we don’t know if we had already been a victim of toll fraud as the caller said or if the caller was trying to attempt call fraud when I returned their call.

Is there a list of items I need to check to be sure that my Meridian system with 6.1 software and NAM with 4.0 software will not be used to make calls for theives?

Nortel Phone System Service
VoIP Demo

Nortel Phone System Service in Canada


Do you need a Nortel Phone System technician or specific Nortel parts?
Atcom to the rescue! Our telephone techs have qualified experience servicing and troubleshooting Nortel CICS, MICS, & BCM telephone systems.
Service in Canada from sea to sea.

Joined: Oct 2005
Posts: 4,685
Likes: 4
Member
Offline
Member
Joined: Oct 2005
Posts: 4,685
Likes: 4
Typically toll fraud is a result of the voice mail system not being properly secured.

Toll Fraud prevention 101:
Only those mail boxes that actually use outdialing be allowed to.

Easy passwords should be avoided (1111, 1234 etc) especially in the GD and the Admin mailboxes and passwords should changed periodically.

Toll restrict all voice mail ports. Or better yet toll restrict lines and provide COS passwords to override restrictions to those who must call long distance (a pain but could save you $$$).

If anyone call you about fraud or any other thing that makes you suspicious, ask for a phone number and call them back.


Marv CCNA, CTUB
TeleMarv Services (Retired)
Providing telecommunication solutions in Ottawa Canada since 1990
Joined: May 2005
Posts: 137
Jordan Offline OP
Member
OP Offline
Member
Joined: May 2005
Posts: 137
I believe I tracked it down to the GD mailbox. It seems the receptionist favored 1111 for the password. AHHHHH!!!!

Also, the system installer during the last upgrade seemed to have turned on the outbound transfer for that mailbox. Double AAAAHHHH!!!

OK, so I did the following:

1. Changed the password on the GD mailbox (100) to something tough.
2. Changed the password on the System Manager mailbox (102) to something tough.
3. Checked all known mailboxes including 100 and 102 to be sure the outbound transfer was changed from POOL to NONE if it was set.

A couple of questions:

1. I don't have a RAD hooked up to the system (Norstar Meridian with 6.1 software and 4.0 NAM) so could any other part of the system be vunerable to remote programming?

2. If I set up a restriction to stop 1010 just as I have a filter for 900 will this also apply to the voice mail ports?

3. If the hackers just went and dialed through via my regular carrier I might have some leverage in getting these calls squashed but they setup the transers to dial 10-10-ATT and Verison and probably other carriers. When something happens like this, what is the liability for these charges?

4. One thing that the AT&T said when they were informing me of the fraud is that the hackers may have setup more mailboxes. Is this possible to do remotely on the Meridian system without having a RAD hooked up?

5. Lastly, is there a way to just see each mailbox that exists without having to do F983 and try each mailbox number?

Joined: Nov 2003
Posts: 1,310
Member
Offline
Member
Joined: Nov 2003
Posts: 1,310
There is a way to view a voicemail list in a NAM via laptop. Check in the Nortel FAQ's section for the procedure to connect to a NAM


D. Ocean
Miami, FL
Joined: Mar 2001
Posts: 3,869
Member
****
Offline
Member
****
Joined: Mar 2001
Posts: 3,869
If you had SMDR hooked up to the system, you would pinpoint the extension (vm port) making the calls.


THE Bracha, old blond specialist in Rube Goldberg solutions.
Joined: May 2005
Posts: 137
Jordan Offline OP
Member
OP Offline
Member
Joined: May 2005
Posts: 137
I guess the details of where they were calling or where they were dialing in from to hack does not matter any longer because I doubt that anyone I call is going to do anything about it. I just have to make sure that I have everything setup so it cannot happen again.

Things done:

1. Turned off outbound transfer on all mailboxes.
2. Placed restriction on set 280 and 281 to prevent all 4 ports of the NAM from being able to dial anything by restricting 0,1,2,3,4,5,6,7,8,9.
3. Also added dial restriction for 00 for the filter that is on all the other phones to prevent contacting the International Operator.
4. Got everyone to change their mailbox passwords to 6 digits just incase.
5. Changed all password listed in Feature **CONFIG from the defaults to new (I wrote them down and secured them)

Since I have no RAD hooked up is there anything else I need to do to secure the system?

Also, is there a way to list all the mailboxes that are on the system. I tried to use Feature 983 an use the directory to cycle through them however I noticed that in one of my tests I created a mailbox with out entering a name and it did not show up as I cycled through the directory. I am worried about the possibility of there being a mailbox where the only way I can find it is to go through all possible numbers.

Joined: Nov 2004
Posts: 222
Member
Offline
Member
Joined: Nov 2004
Posts: 222
Also build a Filter blocking 1010 and put that Filter on the lines. One more step I do here is if you are not using 1010 codes let your carrier know and they can block it.


Moderated by  MooreTel 

Link Copied to Clipboard
Forum Statistics
Forums84
Topics94,262
Posts638,697
Members49,757
Most Online5,661
May 23rd, 2018
Popular Topics(Views)
211,110 Shoretel
187,716 CTX100 install
186,809 1a2 system
Newest Members
BPopilek, Rich F, LewisR, TDKs79, Buttinset
49,757 Registered Users
Top Posters(30 Days)
dexman 18
Toner 11
TDKs79 7
pvj 4
jc2it 4
Who's Online Now
1 members (OBT), 69 guests, and 417 robots.
Key: Admin, Global Mod, Mod
Contact Us | Sponsored by Atcom: One of the best VoIP Phone Canada Suppliers for your business telephone system!| Terms of Service

Sundance Communications is not affiliated with any of the above manufacturers. Sundance Phone System Forums - VOIP & Cloud Phone Help
©Copyright Sundance Communications 1998-2024
Powered by UBB.threads™ PHP Forum Software 7.7.5