Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Toll fraud Norstar Flash. 3

Status
Not open for further replies.
Feb 24, 2017
14
CA
Toll fraud with Norstar Flash.

Feature 985 returns 250 as the extension of the Flash.

If I create restriction 50 that denies all calls and apply that restriction to
extension 250.
Will that be enough to block toll fraud trough the Flash using Off Prem Notify
or any other trick used by fraudsters.

Thanks,
Robert
 
Vmail appears to ignore restrictions but might be software dependent.

View the FAQ here for some info.

Quickly though ...
-Delete unused mailboxes
Use the MBOX/CHG/DIR key to go through the mailboxes if need.
If a mailbox is not in the directory (Directory Y or N?) the it will not show in the list.
-On a Flash change all COS to 5 to deny Off Prem (Callpilot 1xx use 11)
-Reset ALL passwords (or change) including the General Delivery mailbox 10, 100 or 1000 and make sure users do not use 1234, 1111 etc.
-Leave password for F983 as default 12000 or 102000 etc.

Restrict filter:
*
0
10




small-logo-sig.png


=----(((((((((()----=
Toronto, Canada

Add me to LinkedIN
 
The problem with toll restricting the voicemail DN is that the Flash or Call Pilot can use both DNs on the physical port used to connect it to the KSU, the B1 DN (displayed when F985 is dialed) and the B2 DN that you have no ability to access to program. Because you can't toll restrict the B2 DN the Flash or CP can still use it to make unrestricted calls half of the time. A much better way is to put the toll restrictions on the trunks and have the customer use F68 COS override if they need to dial any of the numbers that are restricted - typically only 01 or 011 overseas calls.

Funny, Not Funny Story:
Because the Flash lacks Outbound Transfer I thought it was immune from toll fraud until several Flash customers complained about toll fraud. It took me a while to figure out what was going on. The fraudsters remotely accessed and initialized the management mailbox (12 or 102), the password had been changed from default 0000 to 1111. They turned on Off Prem Notification and input an overseas number. They would leave a message in that mailbox and the Flash would then dial the Off Prem number, the fraudster on the far end would answer the call, log into the mailbox to retrieve the message and keep the line open while a ton of charges were being racked up.
When I used F981 to log into the management mailbox I heard the voice of the fraudster he had recorded in the mailbox name when he initialized the mailbox = a Filipino sounding voice saying "hello, hello" - it sounded kind of creepy.


 
You should see the link I posted above.

"-Off Premise Notification - a Hacker will program *72 plus a number, this will forward the phone line and they have also programmed another mailbox to cancel it in the morning using *73"

More splaining deeper:
So what they do is first put in their own number, leave a message, it phones them, they now know the number based on caller ID.
They dial back into the mailbox, setup the Off Prem to dial as example: *72P01144XXXXXXXXXX
They then leave another message, bionic betty now dials out that string, she has now forwarded that line to a number in England in my above example.
They do this at night, then in the morning as not to go detected they do the *73 to cancel it, sometimes using another mailbox.

Thanks to Callpilot "Reports" I could see the two mailboxes setup.
Note "basic reporting" wipes out after a week.




small-logo-sig.png


=----(((((((((()----=
Toronto, Canada

Add me to LinkedIN
 
Thanks Curly, I missed your link. There's a lot of good information there. Very sadly it's becoming less of an issue as people migrate away from the greatest telephony platform of all time.

 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top