Professional Documents
Culture Documents
CONTENTS
Contents ....................................................................................................................................... 2
Toll Fraud ..................................................................................................................................... 3
Toll Fraud over hacked voicemail systems..........................................................................................3
Industry best practices ........................................................................................................................4
The Firewall Approach ........................................................................................................................5
General Rules .....................................................................................................................................5
Toll Fraud
Over recent months the telecom industry has received many reports of increased
hacking activity, where customers are reporting that they are being billed for Premium
Rate or International telephone calls fraudulently made through their telephone systems.
This attack involves hackers accessing your telephone system via system options that
eventually permit the hacker to place either Premium Rate or International Calls.
These hackers most often call a business after-hours utilising some software called a
war dialler. This allows them to categorise your telephone lines and decide how best to
attack your telephone system. This could be via the use its automated answering system
or vulnerable voicemail boxes or unsecured telephone lines (DISA). Experienced
hackers sometimes recognise the equipment they are calling by its prompts and know
the equipment’s default passwords, allowing them access to mailboxes with unchanged
passwords (or they will try guessing at simple passwords such as 1234 and 1111).
It is imperative for you to protect yourself against this type of fraud by ensuring your
telephone system and voicemail equipment is safeguarded and your employees are
educated about password security best practices.
For customers who own their telephone and voicemail systems, you are responsible for
the protection of your equipment and are responsible for any toll charges.
Industry best practices
• If possible programme your voice mail system to force users to change their
password at least every 90 days. If not then introduce a corporate password
policy which requires them to do so.
The above security measures are of a general nature and will not protect every aspect of
an individual telephone system – you are encouraged to contact either your maintainer
or a specialist telecom security company to discuss the unique aspects and
vulnerabilities of your telephone equipment in greater detail.
Remember that you are responsible for paying for all calls originating from, and
charged calls accepted at, your telephone, regardless of who made or accepted them.
The Firewall Approach
In our opinion this offers the most effective approach to telephone system security;
General Rules
PBX
Voice Mail
All Systems: