atcomsystems.ca/forum
Posted By: justingoldberg 3Com 900 fraud - 12/06/11 08:37 PM
We have a customer who's been hit with unauthorized toll charges or fraud. I believe they're getting in via voicemail, and dialing out to the 900 numbers. When this happened a few months ago, they changed all the vpn passwords, we reassigned those physical phones which were associated with the extensions that placed the calls, and changed all of the voicemail pins. But it's happening again, so I believe they must be getting in via voicemail.

900 numbers both 900*, 1900*, 91900* and 9900* are blacklisted in the CoS elements.

How can I know if they're placing the calls via hacking someone's voicemail and getting dial-tone or getting in through the vpn? The extensions that placed the calls have had registrations disabled, so it could possibly be someone spoofing (outpulsing their number) and dialing the 900 numbers.
Posted By: Old blond hippity hopping Bunnie Re: 900 fraud - 12/07/11 10:50 PM
I don't know anything about 3Com but I saw the topic.

Is it possible to change the voicemail passwords to 8 digit instead of maybe 4 that they may be breaking?

Can your carrier block those calls as the hackers are getting out of the 3Com switch?

Would someone like Adtran have a router that would prevent those calls?

Again, not a 3Com person, just throwing out grasping at straws ideas.
Posted By: BillFlippen Re: 900 fraud - 12/08/11 08:31 AM
Also not a 3Com person, but I know how to spell it.
Does the 3Com have any logs? You may want to set up a machine to collect SMDR (if possible) an have ALL extensions output to it (Some systems you can exclude SMDR output on an extension by extension basis)

The Spoofing brings up an interesting point.I wonder how the destination knows how to bill for the calls? I assume the phone company does it, but does the phone company truly know where the call originates. or does it xreference the BTN it recieves.

IS the VM in the same COS the other stations are in?
Posted By: Professor Shadow Re: 900 fraud - 12/12/11 08:37 AM
...again another person who only knows how to spell 3Com giving advice:

I believe if you change the password to 8 digits, that you cannot change it back to 4 digits.

Also Call Reports

After you install NBX Call Detail Reports, you can:
  • Retrieve calling data from the system.
  • Generate formatted reports.
  • Export reports in formats suitable for use with third-party reporting software, spreadsheets, databases, and word processing applications.
  • Export your call data in HTML format for publication on a web server.
  • Export reports to a disk file or directly to a Microsoft mail message or a Microsoft Exchange folder.


A question: Does the 3Com have "Remote Diagnostics" activated? Is this a potential source?

Again, just a rookie offering advice. Keep us updated.
Posted By: NBX_Phone_Guy Re: 900 fraud - 12/14/11 08:18 AM
1. Block 900 calls thru dial plan.
(even if you can do this, the fact that outbound calls from off premises can be made is a breach you need to lock down)

Direct system inward access (DISA) parameter

2. In the system configuration within NETSET, there is a check box field to prevent giving dialtone out.
© Sundance Phone System Forums - VOIP & Cloud Phone Help