Instruction manual

ManualsBrandsBetter Music Builder ManualsMicrophones and systemsVM-82U G3

Known toll fraud activity

Issue 9 May 2003

2-5

— Voice mail

There are two types of voice mail fraud. The first type, which is

responsible for the bulk of equipment-related toll fraud loss, relies on

misuse of the call transfer capabilities of voice mail systems. Once

thieves transfer to dial tone, they may dial a Trunk Access Code

(TAC), Feature Access Code or Facility Access Code (FAC), or

extension number.

If the system is not properly secured, thieves can make fraudulent

long distance calls or request a company employee to transfer them

to a long distance number.

The second type of voice mail fraud occurs when a hacker accesses

a mailbox to either take it over or simply access the information

stored within it.

In the first situation, a hacker dials either 9 or a TAC that allows the

call to be transferred to the outgoing facilities. In the second

situation, a hacker typically hacks the mail password and changes it

along with the greeting. This gives the hacker access to proprietary

corporate information.

—

Automated attendant

Auto attendants are used by many companies to augment or

replace a switchboard operator. When an automated attendant

answers, the caller is generally given several options. A typical

greeting is: “Hello, you’ve reached XYZ Bank. Please enter

1 for

Auto Loans,

2 for Home Mortgages. If you know the number of the

person you are calling, please enter that now.”

In some Auto Attendants, option 9 is to access dial tone. In addition,

when asked to enter an extension, the hacker enters 9180 or 9011.

If the system is not properly configured, the automated attendant

passes the call back to the PBX. The PBX reacts to 9 as a request

for a dial tone. The 180 becomes the first numbers of a 1-809 call to

the Dominican Republic. The 011 is treated as the first digits of an

international call. The hacker then enters the remaining digits of the

phone number and the call is completed. You, the PBX owner, pay

for it. This hacker scenario works the same way with a voice mail

system.

—

Remote access/direct inward system access (DISA)

Remote access or DISA is designed to allow remote users to access

a PBX to place long distance calls as if they were at the same site

as the PBX. Because of the potential cost savings, many PBX

owners use DISA instead of calling cards; however, remote access

capability opens the door for fraudulent calls by thieves.

Hackers are able to locate the DISA feature with the use of a war

dialer, explained previously. After finding a number, the device

searches for barrier codes.