Avaya

Modular Messaging Help

Home | Search | Site Index
Print | Back | Fwd | Legal | Close

 Getting Started 
 Installation 
 Administration 
 Maintenance 
 Reference 
Home > Getting started > Modular Messaging and security > Telecommunications service thefts

Telecommunications service thefts

The telecommunications industry faces a growing threat of theft of customer services. No telecommunications system can be totally free from the risk of unauthorized usages. Securing the telecommunications system and its networked equipment must be the primary concern of an organization.

This section provides information about toll fraud, service theft, and how to use the system administration tools to minimize the possibility of such unauthorized activities.

Topics in this section include:

Toll fraud

Toll fraud is an expensive corporate crime that poses a major threat to telecommunications systems. Toll frauds can include the following costs:

  • Expensive telephone charges

  • Revenue loss because of its operational impact, additional expenses, and service interruptions

  • Loss of customer confidence

Toll fraud overview

Toll fraud and long distance abuse are the unauthorized use of the company long-distance services. It occurs when people misdirect their own telecommunications charges to another person or business. An unauthorized party can be a person who is not a corporate employee, an agent, or a subcontractor.

When toll fraud occurs

Toll fraud is possible when an incoming caller can make a network connection with another person. Once the outside line is obtained, hackers can make calls to anywhere in the world. Toll fees are charged to the owner of the private branch exchange (PBX). Protect vulnerable areas such as call transfer and bridging to an outbound call.

The following uses are only several in which unauthorized users can attempt to breach your system security:

  • Unauthorized system use. Intruders use your system to create a mailbox and use the system. Hackers use personal computers, random number generators, and password cracking programs to break into customer premises equipment-based systems. Hackers continuously dial into the PBX or telephone equipment and probe the system for a weakness that provides access to an outside line. Once a hacker obtains an outside line, he or she can make long distance calls.

  • Unauthorized mailbox use. An intruder discovers how to use a particular mailbox, perhaps by:

    • Finding the password on a subscriber desk or in a wallet

    • Trying all the common variations of passwords

    • Buying the password from a computer hacker who breached the system security and logged in as an administrator

  • Fraudulent call transfer. An intruder uses the transfer-to-extension feature by transferring to the first few digits of a trunk access code.

Warning!
Toll fraud is a theft of long-distance service. When toll fraud occurs, your organization is responsible for the charges incurred. For more information about how to prevent toll fraud, call the Avaya Customer Care Center at 1-800-643-2352 and Avaya Support at 1-800-242- 2121.

Types of PBX-based toll fraud

Telecommunications service is highly important for an organization. To make your system secure against toll fraud, address the following concerns:

Maintenance ports

Maintenance ports help the support vendor keep a product operating. For traditional voice communications systems, maintenance services comprise a robust set of support functions, including:

  • Remote monitoring, diagnostics, and trouble resolution
  • Parts replacement
  • Onsite corrective and preventative repair
  • Telephone and online technical assistance

You cannot use maintenance ports to place telephone calls. However, hackers can gain control over the system setup. Through maintenance ports, hackers create security “holes” that permit unauthorized calling. Hackers use devices that randomly dial numbers until a modem or dial tone is obtained. Hackers then hack the user ID and password to enter your system. Select a good password with a combination of alphanumeric and special characters. A good password decreases the chances of password hacking.

On Modular Messaging systems with Avaya Message Storage Server (MSS), you can also use the Remote Maintenance Board (RMB) feature. The RMB starts alarms and alerts. These alarms and alerts record and notify the system administrator about unexpected and unpleasant behavior in Avaya MSS. For information about how to connect the RMB, see "Connecting the MSS RMB" in the Installation and Upgrades guide (pdf).

The Access Security Gateway (ASG) usually protects the maintenance port through a challenge and response algorithm. The most dangerous type of abuse is abuse of the maintenance port. Once the hackers enter your system, they have complete control over all the administrative commands.

Voice mail fraud

Modular Messaging is a voice mail system. Voice mail is a computerized voice messaging system and is more than an answering machine. You can use voice mail to listen to and send messages from any tone dial telephone in the world. Voice mail reduces the number of telephone calls, callbacks, and holding time. Voice mail is available 24 hours a day.

Two types of voice mail fraud are dependent on the type of PBX used. Both types of voice mail fraud give the hacker access to proprietary corporate information.

The first type is responsible for most of the equipment-related toll fraud loss. Toll fraud can occur when hackers misuse the call transfer capabilities of voice mail systems. Hackers can dial a Trunk Access Code (TAC), Feature Access Code, Facility Access Code (FAC), or an extension number. Hackers can make fraudulent long-distance calls or request a company employee to transfer them to a long-distance number.

The second type of voice mail fraud can occur when hackers use a mailbox. Hackers either control the mailbox or use the information stored within the mailbox. A hacker usually hacks the voice mail password to change the password and greeting.

To prevent these types of voice mail fraud, you can configure the system in the following ways:

  • Clear the following check boxes in the voice mail system configuration (VMSC). On the Receptionist tab, clear the Transfer Invalid Mailboxes during Business Hours or Transfer Invalid Mailboxes after Business Hours check boxes.

  • Clear the digit or digits used to request external lines from the PBX to prohibit callers from obtaining an external line. For example, a call must use 9 to access an external line. When you clear 9 on the PBX, callers cannot access an external line when they dial the invalid mailbox 9004. By default, the PBX selects all digits.

For more information, see the VMSC online Help topic "Outcalling restrictions and Receptionist tab."

Automated attendant

An automated attendant is the industry term for an electronic receptionist. Automated attendant is a service that connects to the PBX system. An automated attendant helps route calls to the appropriate extensions. Callers can select a defined destination from a menu of options. The destination can be a department, announcement, or an attendant. A destination can also be a user-defined destination, such as an extension number. An example of automated attendant devices is the Modular Messaging system. Automated attendants connect to one or more ports on the PBX. The automated attendants provide the necessary signaling to the PBX when a call is being transferred.

Automated attendants include the following features:

  • Screening your calls
  • Extended absence greeting
  • Blocking all incoming calls
  • Caller applications

For more information about the Avaya Automated Attendant features, see the Telephone User Interface Guide (pdf).

Modular Messaging supports Teletypewriter (TTY) messaging in the US English. Administrators set up TTY support as an additional language, US English (United States) - TTY. You can install US English (United States) - TTY in the same way as other languages. You can set up TTY in Modular Messaging using the following ways:

  • View VMSC as a valid voice mail domain (VMD) language.
  • Select TTY as a preferred telephone user interface (TUI) language by any Modular Messaging local subscriber.
  • Associate TTY with a key at the Automated Attendant main prompt that callers can select.

For more information, see Messaging with a teletypewriter (TTY).

In general, many automated attendant systems are vulnerable to toll fraud and are easy targets for toll hackers. When hackers connect to an automated attendant system, they try to find a menu option that leads to an outside facility. Hackers can also enter a portion of the toll number to verify whether the automated attendant system passes the digits directly to the PBX.

Many voice messaging systems incorporate automated attendant features. You can tighten the security of the automated attendant itself. However, you must take additional steps on the VMSC and the PBX side to reduce the risk of toll fraud. For more information about how to tighten the VMSC, see Voice mail fraud.

Before you set up an Automated Attendant, ensure that you do the following to minimize unauthorized use:

  • Never allow a menu option to transfer to an outgoing trunk without a specific destination.

  • When a digit from 1 through 9 is not a menu option, program the digit to perform one of the following actions:

    • Transfer to an attendant

    • Transfer to an announcement and disconnect the call

    • Intercept the call

  • When 8 or 9 is dialed to access an outgoing line, program 8 or 9 on the Automated Attendant tab to take one of the following actions:

    • Translate to an extension

    • Transfer to an attendant

    • Make an announcement and disconnect the call

    • Intercept the call

  • Restrict call transfers to subscribers when Basic Call Transfer is used.

  • Use the Outcalling Restrictions feature to prohibit users from obtaining an external line when they dial an initial digit of an invalid mailbox number. For more information about Outcalling Restrictions, see the Messaging Application Server Administration Guide (pdf).

Remote access

Remote access is also referred to as Direct Inward System Access (DISA). With DISA, callers can enter the system from public networks. Callers can use the following methods to dial in to the system and use the system features and services:

  • Central Office (CO)

  • Foreign Exchange (FX)

  • Direct Inward Dialing (DID)

  • 800 service trunks

After accessing the Modular Messaging system, the user hears a system dial tone. For system security, the system might require users to dial a barrier code. If a valid barrier code is dialed, the user hears a dial tone and can place calls the same way as an on-premises user.

Modular Messaging and toll fraud

This section discusses two Modular Messaging features that hackers can use to commit toll fraud. The section also provides information about how you can implement security checks.

Call Me

This feature calls subscribers at a designated telephone number or a telephone list when subscribers receive a message that meets certain specified criteria. Subscribers who can use the feature create condition rules that can trigger Call Me and call the telephone numbers.

Find Me

This feature redirects unanswered calls to a list of telephone numbers specified by the subscriber. Find Me is implemented for only those calls that are unanswered. However, the Find Me feature redirects a call to the messaging system when the subscriber telephone is busy. As a result, the caller cannot locate the called subscriber.

What you need to do

When a message triggers Call Me or Find Me, the Avaya Messaging Application Sever (MAS) calls telephone numbers on a subscriber-specified list. If no one answers at the first number in the list, the MAS calls the next number until the call is answered. Because the MAS makes calls to designated telephone numbers, the Call Me and Find Me features are vulnerable to toll fraud. A Class of Service (COS) setting enables these features.

Avaya recommends that administrators enable these features by relevant COS for only the subscribers that require this method of notification. Administrators can also assign a restrictive PBX COS to the PBX ports used to make the outbound call, or require account codes or authorization codes.

Review your use of outbound calls to ensure that your subscribers establish proper rules for the Call Me and Find Me features. The rules should not waste telephone resources.

Detecting toll fraud

To detect possible hacker activity, users, and administrators can look for the following situations:

  • Employees cannot get outside lines.

  • Customers have difficulties connecting to your toll-free number. The busy line can impact local Direct Inward Dial (DID) lines.

  • Users cannot explain an increase in long-distance usage.

  • System reports an increase in short duration calls.

  • Administrators notice a significant increase in internal requests for assistance in making outbound calls, particularly international ones.

  • The system experiences heavy call volume during the night-time and weekend hours.

  • The system receives a sudden increase in wrong numbers.

  • Bills show calls made to unfamiliar or atypical numbers.

  • Attendants report frequent "no one there" or "sorry, wrong number" calls.

  • Switchboard operators complain of frequent hang-ups or touchtone sounds when they answer.

  • Sudden or unexplained inability to use specific administrative functions within the system.

  • Staff or customer complaints of inability to enter the voice mail system.

  • Simultaneous DISA authorization code use coming from two different places at the same time.

  • Unusual increase in the use of customer premises equipment-based system memory.

  • Unusual increase in the number of subscribers with locked mailboxes.

  • Unexplained changes in system software parameters.

You can use monitoring techniques to review and track various activities on your system. Modular Messaging provides a Reporting tool. The tool generates comprehensive reports on the following types of information:

  • Subscriber mailbox port usage

  • Subscriber incoming and outgoing call activity

  • Planning capacity

  • Tracking system security

You can view each report for an entire day or for each hour. Review these reports on a regular basis to help establish traffic trends. Use the reporting and monitoring tools to monitor your system on a regular basis. If you notice any suspicious or unusual patterns, take corrective action.

In addition, you can use the following measures to reduce the possibilities of frauds:

  • Restrict call transfers to the host PBX when the system does not allow transfers, uses Enhanced Call Transfer, or permits Transfer to Subscriber Only.

  • When password protection into voice mailboxes is offered, use at least the minimum length specified for passwords.

  • Deactivate unassigned mailboxes, and remove unused mailboxes.

  • Lock out consecutive unsuccessful attempts to enter a voice mailbox. Administrators configure the number of unsuccessful attempts.

  • Establish your password as soon as your voice mail system extension is assigned. A new password ensures that only you have access to your mailbox.

  • Assign passwords or configure the system in such a way that requires each subscriber to change his or her initial password immediately.

  • Record and store the administrative password in a secure place, preferably off site. Never discard an active password.

  • Never program passwords on auto-dial buttons.

  • Contact Avaya for additional measures that you can take to prevent fraud.

Unauthorized system use

To minimize the risk of unauthorized break-ins to the system, use the compliance guidelines for the following passwords:

  • Your voice mail (vm) password

  • The system administration (sa) password

  • Subscriber passwords

  • Trusted server passwords

Use the password aging feature.

Modular Messaging comes with administrative password features and options. The following options help you secure your system:

  • Change default passwords. When you first use your system, change the system administrator log-in and the voice mail administrator log-in passwords immediately. The logins provide access to the MSS. The Windows Terminal Services into the MAS restricts the MAS access to Windows access control lists (ACLs). Configure passwords to require that subscribers change their log-in passwords immediately.

  • Password standards. Follow the minimum password standards to comply with the system standards for administrator and subscriber passwords.

    Depending on your Modular Messaging with Exchange or Domino setup, you can configure a mailbox that does not require a log-in password. A disabled password impacts security. Increase the number of alphanumeric characters in a password to lower the probability that an unauthorized user can gain access. For more information, see Messaging Application Server Administration Guide for Avaya Modular Messaging with the Avaya MAS and Avaya MSS.

  • Password aging. Use the password aging feature parameters to enhance the security levels of the system. This ensures that administration and subscriber passwords are changed at regular intervals. You can also use the password expiration feature for administrative and subscriber logins to reduce the danger of unauthorized access.

For more information about passwords and mailbox administration, see Password and mailbox administration.

You can ensure additional security by using the ASG to provide secure remote access to the MSS. For more information about ASG, see Adjuncts.

Top of page

Home | Search | Site Index | Print | Back | Fwd | Legal | Close

©2007 Avaya Inc. All rights reserved. Last modified: