Technical information
MERLIN LEGEND/MAGIX Toll Fraud
Issue 7 June 2001
5-19
Frequently monitor system call detail reports for quicker detection of any
unauthorized or abnormal calling patterns.
Limit Remote Call Forwarding to persons on a need-to-have basis
Change access codes every 90 days
Use the longest-length barrier codes possible, following the guidelines for
passwords
Toll Fraud Prevention
Toll fraud is the unauthorized use of your telecommunications system by third
parties to make long-distance telephone calls. Under the law, you, the customer,
are responsible for paying part or all of those unauthorized calls. Thus, the
following information is of critical importance. Unauthorized persons concentrate
their activities in two areas with the MERLIN MAGIX Integrated System:
They try to transfer out of the MERLIN MAGIX Integrated System to gain
access to an outgoing trunk and make long-distance calls.
They try to locate unused or unprotected mailboxes and use them as
drop-off points for their own messages.
The following is a discussion of how toll fraud is often perpetrated and ways to
prevent unauthorized access that can lead to toll fraud.
Physical Security, Social Engineering, and
General Security Measures
Criminals called hackers may attempt to gain unauthorized access to your system
and voice messaging system in order to use the system features. Hackers often
attempt to trick employees into providing them with access to a network facility
(line/trunk) or a network operator. This is referred to as social engineering.
Hackers may pose as telephone company employees or employees of Avaya or
your authorized dealer. Hackers will go through a company’s trash to find
directories, dialing instructions, and other information that will enable them to
break into the system. The more knowledgeable they appear to be about the
employee names, departments, telephone numbers, and the internal procedures
of your company, the more likely it is that they will be able to trick an employee
into helping them.