Someone hacked into a law firm and made tons of calls to the Phillipeans (however you spell that country).

They were somehow going through the first voicemail port.

Everyone has been asked to change their easily guessed passwords.

Is is possible to specify 8 digit passwords instead of 4?

I haven't seen a field to do this so I doubt it is possible.

What are any of you using to stop toll fraud through the voicemail?

I don't know of a way to change from the default 4 digit password, but if you're using the BCM, you can enable the trivial password checking option. Also, for the BCM or Norstar CallPilot, change your COS tables to disable the outbound transfer option for all extensions not using it.

Sorry, unfortunately I forgot to mention the customer is on a MICS with a NAM that is dying and since they just spent 12 grand on a call recording solution because I didn't know about UCx, they are reluctant to drop a dime until it dies.

They have to be in "compliance," record all collection calls and the NAM can't have a period where customers can bypass the digit dialing and skip hearing the required "compliance message."

Thanks for the advice on Call Pilot, I will change the ones I have out there proactively. Telepacific leaves each new customer with the world wide open and when there is toll fraud they tell the customer to call their vendor instead of having written it up that no 011 needed in the contract.

There is no way to FORCE 8 digit passwords except for their BOSS telling them to do so or get fired.

Passwords for mail boxes are minimum 4 digits - max of 8 digits and just can't start with 0.

Are you using any kind of off premise notification? forward to cell phones out call notification? if not restrict the voicemail ports from dialing out. if they do use out call or whatever build permissions for only those specific numbers for the voicemail ports. Lastly get an smdr box and a 30 day tapit trial to log where when and from whose phone it went in case redirect is turned on. hope this helps,
John 807