Avaya

Modular Messaging Help

Print | Back | Fwd | Close
Home | Search the Help
 Getting Started 
 Administration 
 Maintenance 
 Reference 
Home > Getting started > Modular Messaging and Security > Telecommunication service thefts

Telecommunication service thefts
 

The telecommunication industry faces a growing threat of theft of customer services. No telecommunications system can be totally free from the risk of unauthorized usages. Insuring that your systems are maintained in a secure manner is therefore a prime responsibility of each organization. This section provides information on toll fraud and service theft, and on ways to use the system administration tools to minimize the possibility of such unauthorized activities occurring on your system.

The following topics are included:

Toll fraud

Detecting Toll Fraud

Unauthorized system use

 

Toll Fraud

Toll fraud is one of the most expensive corporate crimes that poses a major threat to telecommunication systems. Toll frauds can result in huge phone bills, revenue loss in terms of its operational impact, additional expenses, service interruptions, and the most important of them all, loss of customer confidence.

What is Toll Fraud?

Toll Fraud is the unauthorized use of a company's telecommunications service by an unauthorized party (for example, a person who is not a corporate employee, an agent, or a subcontractor). It occurs when people misdirect their own telecommunications charges to another person or business.

How does Toll Fraud occur?

Toll fraud is possible when your system allows the incoming caller to make a network connection with another person. It is therefore important to protect vulnerable areas such as call transfer and bridging to an outbound call. There are numerous ways in which unauthorized users can attempt to breach your system security. These include:

  • Unauthorized system use. Intruders access your system and create a mailbox and use the system. Hackers use personal computers, random number generators, and password cracking programs to break into customer premises equipment-based systems. Hackers continuously dial into the PBX or telephone equipment and probe the system for a weakness that will provide access to an outside line. Once an outside line is obtained, long distance calls are made.

  • Unauthorized mailbox use. An intruder discovers how to access a particular mailbox, perhaps by:
    - Finding the password on a subscriber's desk or in a wallet
    - Trying all the common variations of passwords
    - Buying the password from a computer hacker who breached the system security and logged in as an administrator

  • Fraudulent call transfer. An intruder uses the transfer-to-extension feature by transferring to the first few digits of a trunk access code.

 

Warning!
Toll fraud is a theft of long distance service. When toll fraud occurs, your organization is responsible for the charges incurred. Call Avaya's Customer Care Center, 1-800-643-2353 for more information on how to prevent toll fraud.

Voice mail fraud

There are two types of voice mail fraud. The first type, which is responsible for most of the equipment-related toll fraud loss, relies on misuse of the call transfer capabilities of voice mail systems. Once thieves transfer to dial tone, they may dial a Trunk Access Code (TAC), Feature Access Code, Facility Access Code (FAC), or an extension number. If the system is not properly secured, thieves can make fraudulent long distance calls or request a company employee to transfer them to a long distance number.

The second type of voice mail fraud occurs when a hacker accesses a mailbox to either take it over or simply access the information stored within it. In the first situation, a hacker dials either 9 or a TAC that allows the call to be transferred to the outgoing facilities. In the second situation, a hacker typically hacks the mail password and changes it along with the greeting. This gives the hacker access to proprietary corporate information.

Top of page

Automated Attendant

Automated attendant systems is a service that connects to the PBX system to help route calls to the appropriate extension. A menu of options allows callers to choose a predefined destination, such as a department, announcement, or an attendant, or a user-defined destination, such as an extension number. Automated attendant devices are connected to a port on the main system and provide the necessary signaling to the switch when a call is being transferred.

Many automated attendant systems are vulnerable to toll fraud and are easy targets for toll hackers. When hackers connect to an automated attendant system, they try to find a menu choice (even one that is unannounced) that leads to an outside facility. Hackers also may try entering a portion of the toll number they are trying to call to see if the automated attendant system passes the digits directly to the switch. To do this, the hacker matches the length of a valid extension number by dialing only a portion of the long distance telephone number. For example, if extension numbers are four digits long, the hacker enters the first four digits of the long distance number. After the automated attendant sends those numbers to the switch and disconnects from the call, the hacker provides the switch with the remaining digits of the number. Many voice messaging systems incorporate automated attendant features. Although there are some steps you can take to tighten the security of the automated attendant itself, additional steps must be taken on the switch side to reduce the risk of toll fraud.

Before you set up Automated Attendant, ensure that you do the following to minimize unauthorized usage:

  • Never allow a menu choice to transfer to an outgoing trunk without a specific destination.

  • When a digit (1 through 9) is not a menu option, program it to transfer to an attendant, an announcement, a disconnect, or other intercept treatment.

  • When 8 or 9 are Feature Access Codes for the switch, make sure the same numbers on the automated attendant menu are either translated to an extension or, if not a menu option, are programmed to transfer to an attendant, announcement, disconnect, or other intercept treatment.

  • Restrict call transfers to subscribers when Basic Call Transfer is used.

  • Use outcalling restrictions to prohibit users from obtaining an external line when they dial an initial digit of an invalid mailbox number. See the MAS Administration Guide for more information on outcalling restrictions.

Detecting Toll Fraud

To detect possible hacker activity, users and administrators should look for the following signals:

  • Employees cannot get outside lines.

  • Customers have difficulties in getting through to your 800 number. The busy line could even impact local Direct Inward Dial (DID) lines.

  • Unexplained increase in long distance usage.

  • Increase in short duration calls.

  • Significant increase in internal requests for assistance in making outbound calls, particularly international ones.

  • Nights and weekends have heavy call volumes.

  • Sudden increase in wrong numbers.

  • Bills show calls made to strange places.

  • Attendants report frequent "no one there" or "sorry, wrong number" calls.

  • Switchboard operators complain of frequent hang-ups or touch-tone sounds when they answer.

  • Sudden or unexplained inability to access specific administrative functions within the system.

  • Staff or customer complaints of inability to enter the voice mail system.

  • Simultaneous Direct Inward System Access (DISA) authorization code use coming from two different places at the same time.

  • Unusual increase in usage of customer premises equipment-based system memory.

  • Unexplained changes in system software parameters.

You can use monitoring techniques to review and keep track of various activities on your system. Modular Messaging provides a Reporting tool that generates comprehensive reports on subscriber mailbox port usage, subscriber incoming and outcalling activity, planning capacity, and tracking system security. You can view each of these reports for an entire day or for each hour. Reviewing these reports on a regular basis will help you establish traffic trends. Monitor your system on a regular basis by using these reporting and monitoring tools, and take corrective action if you notice any suspicious or unusual patterns.

In addition, you can use the following measures to reduce the possibilities of frauds:

  • Restrict call transfers to the host PBX by not allowing transfers, by using Enhanced Call Transfer, or by allowing Transfer to Subscriber Only.

  • When password protection into voice mailboxes is offered, use the maximum length possible.

  • Deactivate unassigned mailboxes and remove unused mailboxes.

  • Lock out consecutive unsuccessful attempts to enter a voice mailbox.

  • Establish your password as soon as your voice mail system extension is assigned. This will ensure that only you have access to your mailbox.

  • Discourage the practice of writing down passwords, storing them, or sharing them with others. Keep your password in a secure place and never discard it while it is active.

  • Never program passwords on auto dial buttons.

  • Contact Avaya for additional measures that you can take to prevent fraud.

Unauthorized system use

To minimize the risk of unauthorized break-ins to the system, strictly follow the compliance guidelines for your voice mail (vm) passwords, system administration (sa) passwords, trusted server passwords, and use the password aging feature.

Modular Messaging comes with administrative password features and options that assist you in securing your system. These include:

  • Changing default administrator password. When you first get your system, make sure that you change both the system administrator, and the voice mail administrator logins passwords immediately. These logins are used to access the Avaya Message Storage Server (MSS). Access to the Avaya Messaging Application Server (MAS) is restricted to Windows Access Control Lists (ACLs) using the Windows Terminal Services into the MAS.

  • Administrator password standards. You must follow the minimum password standards to comply with the system's standards.

  • Administrator password aging. Use the password aging feature parameters to enhance the security levels of the system. This will ensure that administration passwords are changed at regular intervals. You can also use the password expiration feature for administrative logins to reduce the danger of unauthorized access.

See Mailbox Administration for more information on passwords and mailbox administration.

You can ensure additional security by using the Avaya Access Security Gateway (ASG) guard which is used to provide secure remote access to the MSS. See Adjuncts for more information on ASG.

Top of page

Home | Search the Help | Print | Back | Fwd | Close

©2003 Avaya Inc. All rights reserved. Last modified 24 November, 2003