Business Phone Systems

Previous Thread
Next Thread
Print Thread
Rate Thread
Joined: Oct 2016
Posts: 1
Member
OP Offline
Member
Joined: Oct 2016
Posts: 1
I have a customer that got hit with Toll Fraud recently, but I have not been able to find how it was done. The customer has a Toshiba CIX100 and LVMU voice mail system with PRI and digital phones. It does not have any VoIP devices or even a connection to the Network. They claim during the incident that they observed approximately 4 lines busy with nobody on the phone. They have 7 virtual lines/answer points on the phones, so it points to the vulnerability being in the Voice Mail (4 Ports). I did not find any mailboxes that had the extension changed to an external number or speed dial. I was also not able to find any phones that were forwarded externally.

I am more interested in how it was done, since I know how to fix it. Any help would be appreciated.

Atcom VoIP Demo
VoIP Demo
Joined: Jun 2005
Posts: 2,654
Likes: 4
Member
Offline
Member
Joined: Jun 2005
Posts: 2,654
Likes: 4
The voicemail system is the most common place hackers will use for toll fraud. They may not have set the entire number in the extension field. I would look again for an extension something like 901. The 9 in the extension field will grab an outside line. Also double check your DIDs to make sure that you don't have DISA enabled on a number.

Typically I see hackers getting into the admin mailbox with the default code through the phone rather then using software.

It's good practice to enable destination restrictions for the voicemail extensions . With the IPEdge voicemail system the hackers will login to any user's voicemail box and use the follow-me feature.

Joined: Aug 2012
Posts: 122
Member
Offline
Member
Joined: Aug 2012
Posts: 122
Do they have a toll free numbers associated with the PRI? Typically hackers only want to come in on a toll free numbers. You should always secure the password on mailbox 999, get rid of or change mailbox 993 to another mailbox that can access the voice mails internal modem. You might even consider removing the CIX internal modem. There are many ways to access the outgoing trunks.
If it was truly hacked those would of been international calls made that they don't recognize making and the carrier should adjust the bill for them.


Moderated by  Carlos#1, phonemeister 

Link Copied to Clipboard
Forum Statistics
Forums84
Topics93,833
Posts636,789
Members49,649
Most Online5,661
May 23rd, 2018
Popular Topics(Views)
Today's Birthdays
AWhite, jnimmick, MarkTPN
Newest Members
Lazlo, devben, bubblegum, Carl Arnold, Marjan Shaw
49,649 Registered Users
Top Posters(30 Days)
ramo 13
pvj 11
Toner 9
dans 5
Who's Online Now
0 members (), 135 guests, and 21 robots.
Key: Admin, Global Mod, Mod
Contact Us | Sponsored by Atcom: Business Phone Systems | Terms of Service

Sundance Communications is not affiliated with any of the above manufacturers.
©Copyright Sundance Communications 1998-2023
Powered by UBB.threads™ PHP Forum Software 7.7.5