TOC Index Search

 

Detecting Voice Mail Fraud

Several reporting mechanisms can assist you in determining voice mail fraud.

Topics include:

Call Detail Recording (or SMDR)

With Call Detail Recording (CDR) activated for the incoming trunk groups, you can find out details about the calls made into your voice mail ports. This feature is known as Station Message Detail Recording (SMDR) on some switches, including MERLIN LEGEND.


 

Note: The optional Call Accounting System (CAS) can be installed on the system, allowing you to create customized reports with your G1, G3, or Intuity MERLIN LEGEND CDR/SMDR data. The optional HackerTracker program works in conjunction with CAS Plus Version 3 to alert you to abnormal calling activities.

Review the CDR data for the following symptoms of voice messaging abuse:

Call Traffic Report

This report provides hourly port usage data and counts the number of calls originated by each port. By tracking normal traffic patterns, you can respond quickly if an unusually high volume of calls begins to appear, especially after business hours or during weekends, which might indicate hacker activity.

For G1, G3, and System 75, traffic data reports are maintained for the last hour and the peak hour. For G2 and System 85, traffic data is available via Monitor I, which can store the data and analyze it over specified periods.

Trunk Group Report

This report tracks call traffic on trunk groups at hourly intervals. Since trunk traffic is fairly predictable, you can easily establish over time what is normal usage for each trunk group. Use this report to watch for abnormal traffic patterns, such as unusually high offhour loading.

SAT, Manager I, and G3MT Reporting

Traffic reporting capabilities are built in and are obtained through the System Administrator Tool (SAT), Manager I, and G3MT terminals. These programs track and record the usage of hardware and software features. The measurements include peg counts (number of times ports are accessed) and call duration. Traffic measurements are maintained constantly and are available on demand. However, reports are not archived and should therefore be printed to monitor a history of traffic patterns.

>ARS Measurement Selection

The ARS Measurement Selection can monitor up to 20 routing patterns (25 for G3) for traffic flow and usage.

Automatic Circuit Assurance

This monitoring technique detects a number of short-holding-time calls or a single long-holding-time call that could indicate hacker activity. Long holding times on trunktotrunk calls can be a warning sign. The ACA feature allows you to set time limit thresholds defining what is considered a short holding time and a long holding time. When a violation occurs, a designated station is visually notified.

When an alarm occurs, determine if the call is still active. If toll fraud is suspected (for example, when a long-holding-time alarm occurs on a trunktotrunk call), you may want to use the Busy Verification feature to monitor the call in progress.

Busy Verification

When toll fraud is suspected, you can interrupt the call on a specified trunk group and monitor the call in progress. Callers then hear a long tone to indicate the call is being monitored.

AUDIX Traffic Reports

The Intuity AUDIX system tracks traffic data over various time spans. Reviewing these reports on a regular basis helps to establish traffic trends. If increased activity or unusual usage patterns occur, such as heavy call volume on ports assigned to outcalling, they can be investigated immediately. In addition, the AUDIX Administration and Data Acquisition Package (ADAP) uses a PC to provide extended storage and analysis capabilities for the traffic data. You can also use the AUDIX Administration Log and Activity Log to monitor usage and investigate possible breakin attempts. See AUDIX Traffic Reports for more information on running and using reports.

Avaya Communication
http://www.avaya.com
Avaya UCS Information Development
TOC Index Search