Telecommunication service thefts

Toll Fraud

Toll fraud is one of the most expensive corporate crimes that poses a major threat to telecommunication systems. Toll frauds can result in huge phone bills, revenue loss in terms of its operational impact, additional expenses, service interruptions, and the most important of them all, loss of customer confidence.

What is Toll Fraud?

Toll Fraud is the unauthorized use of a company's telecommunications service by an unauthorized party (for example, a person who is not a corporate employee, an agent, or a subcontractor). It occurs when people misdirect their own telecommunications charges to another person or business.

How does Toll Fraud occur?

Toll fraud is possible when your system allows the incoming caller to make a network connection with another person. It is therefore important to protect vulnerable areas such as call transfer and bridging to an outbound call. There are numerous ways in which unauthorized users can attempt to breach your system security. These include:

Unauthorized system use. Intruders access one of your messaging systems and creates a mailbox and use the system. Hackers use personal computers, random number generators, and password cracking programs to break into customer premises equipment-based systems. Hackers continuously dial into the PBX or telephone equipment and probe the system for a weakness that will provide access to an outside line. Once an outside line is obtained, long distance calls are made.

Unauthorized use of AMIS Analog Networking call delivery. An intruder uses your system to send an AMIS message or a fax to a distant number or someone who is already in your system is making unauthorized calls. The unauthorized usage could be from an employee, or from someone who has breached your system security and gained access. To minimize the security risk of AMIS Analog Networking, restrict the number ranges that can be used to address messages. Be sure to assign all the appropriate PBX outgoing call restrictions on the voice ports.

Warning! Toll fraud is a theft of long distance service. When toll fraud occurs, your organization is responsible for the charges incurred. Call Avaya's Customer Care Center, 1-800-643-2353 for more information on how to prevent toll fraud.

Detecting Toll Fraud

To detect possible hacker activity on the Message Networking system, you can use system traffic reports to track system traffic data over various time periods. Reviewing these reports on a regular basis helps to establish traffic trends. If increased activity or unusual usage patterns occur, such as heavy call volume on ports assigned to outcalling, they can be investigated immediately. You can also use the Administrator's Log and Activity Log to monitor usage and investigate possible break-in attempts. For more information on running and using reports, see Reports.

Unauthorized system use

To minimize the risk of unauthorized break-ins to the system, strictly follow the compliance guidelines for your voice mail (vm) passwords, system administration (sa) passwords, trusted server passwords, and use the password aging feature.

Modular Messaging comes with administrative password features and options that assist you in securing your system. These include:

Changing default administrator password. When you first get your system, make sure that you change the system administrator login password immediately.

Administrator password standards. You must follow the minimum password standards to comply with the system's standards.

Administrator password aging. Use the password aging feature parameters to enhance the security levels of the system. This will ensure that administration passwords are changed at regular intervals. You can also use the password expiration feature for administrative logins to reduce the danger of unauthorized access.

See Administering passwords for more information on passwords.

You can ensure additional security by using the Avaya Access Security Gateway (ASG) guard which is used to provide secure remote access to the Message Networking system. See Adjuncts for more information on ASG.