Mitel SX 200 Phantom SCAM calls to guest rooms

[shawnmac1974]

thread1329-1788011

We have a Mitel SX 200 ICP system for our hotel and recently our guests have been receiving calls directly to their rooms from scammers claiming that the guests credit card did not process correctly during check-in and they need to provide the caller with their card details. I found the thread referenced above in which @kwbMitel mentions that it is best practice to not allow calls to rooms from the automated attendant. He also mentions that we should make sure the voicemail ports do not have automatic line turned on and he thought it was COS option 604. Unfortunately our COS doesn't seem to have option 604 nor can I find where to block calls to guest rooms from automated attendant and I was hoping someone on here might be able to point me in the right direction on how to enable those features. Thank you in advance for any help you can provide.

 

[kwbMitel]

This is a VERY common Scam and has been in play for years

If your rooms have a common leading digit, you should block that digit for VM Auto-Att in form 49

If your rooms do not have a common digit you can block them all if need be as long as your admin phones fall outside that range.

you should NEVER allow direct guest access via the Auto-Attendant regardless of what the customer asks, I can give examples of a half dozen or so scams I've run into over the years. I have flat out refused to set up a system to allow it on many occasions and provided my reasons. One of my favourite arguments against it is I tell them I won't stay at a hotel that allows it due to the violation of my privacy.

For the record, the option 604 being turned off is specifically to resolve vm ports dialing on their own to rooms, not to prevent outside callers

 

[nytalkin]

Be sure to put passwords on each mailbox in your AA. I slows the hackers down. Increase the password length to the max. The back office people will hate this but it will significantly reduce the hacks. In case it's not obvious, change all of the access passwords.

KWB, nice to see you still contributing.

I suppose you're entitled to your opinion, I'm just not going to suppose very hard.

 

[shawnmac1974]

Thank you kwbMitel and nytalkin for your replies and suggestions. In full disclosure I have inherited this system as the IT director for our hotel so I'm still learning how to configure it, but my preference would be to outsource this to someone who can support it better than myself. Would either of you suggest a company who provides support for Mitel systems, particularly the SX-200 ICP, if such support still exists? Thanks again!

 

[shawnmac1974]

On Form 49 it looks like there are 2 options that could prevent automated attendant transfers. Am I correct in my understanding that DISABLEing option "Auto Att Xfer to any Extn" would prevent anyone from dialing an extension from within automated attendant? So if I want to allow our back office team to be able to continue to access their voicemail remotely, I would need to leave that option ENABLEd and instead configure the option "Auto Att Xfer Restrictions" to block the VM digits as suggested by kwbMitel. Since my room extensions are numbered by floor, i.e. Floor 1 rooms are 100, 101, etc.; Floor 2 rooms are 200, 201, etc,; do I configure the "Auto Att Xfer Restrictions" with an entry like "1,2,3" or "1 2 3"?

Thanks!

 

[kwbMitel]

You can turn off VM Transfer to any extension and it is a good idea to do so. What this option does is allow transfers to extensions that DO NOT have a mailbox associated.

Yes the Auto Att Xfer Restriction applies to the leading digits entered. 1,2,3 is the entry I believe.

@nytalkin, I find I have a fair bit of spare time these days and I'm only responding when I don't have to look stuff up.

 

[The mitel guy]

dont use the embeded voicemail its not secure.. it can be brute forced with ease.. also dont allow callers through the auto attendant to reach guest rooms.

 

[The mitel guy]

the best way is to use tennant controlls to isolate guests from being reached by the auto attendant

 

[kwbMitel]

@ The Mitel Guy, yeah we get it, you don't like the Mitel voicemail.

However, please give actual good advice.

If you tenant the VM, even assuming you mean 1 way, how exactly will the Voicemail turn on a message lamp or invoke a wakeup call?