Technical information

ManualsBrandsAT&T ManualsNetwork RouterDEFINITY Remote Port Security Device

151

152

153

154

155

156

157

158

159

160

MERLIN LEGEND/MAGIX Toll Fraud

Issue 7 June 2001

5-25

Educating Users

Everyone in your company who uses the telephone system is responsible for

system security. Users and attendants/operators need to be aware of how to

recognize and react to potential hacker activity. Informed people are more likely to

cooperate with security measures that often make the system less flexible and

more difficult to use.

 Never program passwords or authorization codes onto Auto Dial buttons.

Display telephones reveal the programmed numbers and internal abusers

can use the Auto Dial buttons to originate unauthorized calls.

 Discourage the practice of writing down barrier codes or passwords. If a

barrier code or password needs to be written down, keep it in a secure

place and never discard it while it is active.

 Instruct operators and attendants to inform tell their System Manager

whenever they answer a series of calls where there is silence on the other

end or the caller hangs up.

 Advise users who are assigned voice mailboxes to frequently change

personal passwords and not to choose obvious passwords.

 Ensure that the System Manager advises users with special telephone

privileges (such as Remote Access, Outcalling, and Remote Call

Forwarding) of the potential risks and responsibilities.

 Be suspicious of any caller who claims to be with the telephone company

and wants to check an outside line. Ask for a callback number, hang up,

and confirm the caller’s identity.

 Never distribute the office telephone directory to anyone outside the

company; be careful when discarding it (shred the directory).

 Never accept collect telephone calls.

 Never discuss your telephone system’s numbering plan with anyone

outside the company.

Educating Operators

Operators or attendants need to be especially aware of how to recognize and

react to potential hacker activity. To defend against toll fraud, operators should

follow the guidelines below:

 Establish procedures to counter social engineering. Social engineering is a

con game that hackers frequently use to obtain information that may help

them gain access to your system or voice messaging system.

 When callers ask for assistance in placing outside or long-distance calls,

ask for a callback extension.

 Verify the source. Ask callers claiming to be maintenance or service

personnel for a callback number. Never transfer to

*10 without this

verification. Never transfer to extension 900.

 Remove the headset and/or handset when the console is not in use.