Toll Fraud on Voicemail Equipment
It has recently come to our attention that there are reports of criminal activity where people are being billed for long distance calls fraudulently made through their business voicemail equipment.
We take your security very seriously and want to keep you abreast of the situation and provide you with advice on how to protect your business from such fraud.
This criminal activity involves experienced fraudsters accessing unprotected business voicemail equipment via system option prompts that eventually permit the user to place long distance calls. Fraudsters most often call a business after-hours and use its automated answering system to troll for vulnerable mailboxes. Experienced fraudsters sometimes recognize the equipment they are calling by its prompts and know the equipment’s default passwords, allowing them access to mailboxes with unchanged passwords (or try guessing at simple passwords such as 1234 and 1111).
It is imperative for you to protect yourself against this type of fraud by ensuring your voicemail equipment is safeguarded and your employees are educated about password security best practices. You are responsible for all charges on your telephone bill.
Here are some practices for protecting your Call Pilot System and Norstar Application Modules:
Ensure your employees change the manufacturers’ default password [immediately upon being assigned a voicemail box, and are trained to change the password frequently thereafter]
Programming your voice mail system to require passwords with a minimum of 6 characters (8 is preferred – the more complex the password, the more difficult it is to guess)
Training your employees not to use easily-guessed passwords such as their phone numbers, local number, or simple number combinations.
When assigning a phone to your new employee, never make the temporary password the employee’s telephone number or extension numbe.
Validate if the through-dialing feature is needed, and if not it should be disabled by your equipment support provider. Through-dialing allows you to make long distance calls through your mailbox when you are at an offsite location. If this feature is used, it is important that you generate and monitor through-dialing reports to ensure your mailboxes are not being abused.
Remember-Steps to Prevent Fraud
1. Make all passwords 6 digit minimum.
2. Change programming so passwords expire.
3. Confirm which users need the Through Dial Feature. Disable on users that do not need this option.
4. Remove any mailboxes that are not being used. We often find mailboxes that still exist in the voicemail system even when the user no longer exists.