Installation guide
Wave Global Administrator Guide
Appendix A
A. Protecting Your Phone System Against Toll Fraud
CHAPTER CONTENTS
Businesses using any phone system, including Wave ISM, are vulnerable to loss of money from
unauthorized people hacking into their phone system. Hackers can then make hundreds of
outbound long distance or international calls that cost businesses around the world millions of
dollars every year. Wave contains several features and options that can protect your system
against toll fraud.
Typical toll fraud strategies
While hackers committing toll fraud use a variety of techniques to gain access to a system, it is
important to note that 99% of the time access is gained through unsecure, easy-to-guess
passwords. Wave ISM System Settings provide several options to enforce harder-to-guess
passwords.
The following are the most common methods of attempted toll fraud:
• Calling the main auto attendant, pressing #, logging in as the Administrator, pressing #
for dial tone and placing outbound calls.
• Attempting to log on at every extension (101, 102, etc.) until an extension with an easy
password is found. Once found, the hacker will change call forwarding to the external
number they want to dial (for example, an international number or the number of another
hacked PBX), and then make calls to the external number as needed. By calling through
multiple hacked PBXs, Caller ID and traces will be unable to track down the hacker's
identity.
Typical toll fraud strategies. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-1
Identifying toll fraud . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-2
Securing your system against toll fraud . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-3
Responding to toll fraud attempts. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-8
Release 2.0
September 2010