Instruction manual
Small business communications systems
6-26 Issue 9 May 2003
Detecting toll fraud
To detect toll fraud, users and operators should look for the following:
■ Lost voice mail messages, mailbox lockout, or altered greetings
■ Inability to log into voice mail
■ Inability to get an outside line
■ Foreign language callers
■ Frequent hang-ups
■ Touch-tone sounds
■ Caller or employee complaints that the lines are busy
■ Increases in internal requests for assistance in making outbound calls
(particularly international calls or requests for dial tone)
■ Outsiders trying to obtain sensitive information
■ Callers claiming to be the “telephone” company
■ Sudden increase in wrong numbers
Establishing a policy
As a safeguard against toll fraud, follow these guidelines for your MERLIN MAGIX
Integrated System and voice messaging system:
■ Change passwords frequently (at least quarterly). Changing passwords
routinely on a specific date (such as the first of the month) helps users to
remember to do so.
■ Always use the longest-length password allowed.
■ Establish well-controlled procedures for resetting passwords.
■ Limit the number of invalid attempts to access a voice mailbox to five or
less.
■ Monitor access to the MERLIN MAGIX Integrated System dial-up
maintenance port. Change the access password regularly and issue it only
to authorized personnel. Disconnect the maintenance port when not in use.
(This however, eliminates Avaya’s 24-hour maintenance surveillance
capability and may result in additional maintenance costs.)
■ Create a system management policy concerning employee turnover and
include these suggestions:
— Delete all unused voice mailboxes in the voice mail system.
— If a terminated employee had remote access calling privileges and a
personal authorization code, remove the authorization code
immediately.
— If barrier codes and/or authorization codes were shared by the
terminated employee, these should be changed immediately.