toll fraud

[DavidLamont]

anyone ever experienced toll fraud anywhere?

basically our system is showing that it has been hacked, we've incured about £100,000 worth of calls in the last month that dont belong to us and our maintainer is saying that the hackers have gone through the audix system


any ideas or info would be very much appreciated

 

[jfh9219]

If its coming via AUDIX it is probably a call transfer issue. Callers transfer to an extension that gets them out of the switch. For instance: *T,9000 can give a caller access to an outside line. In addition to tightening up AUDIX you should look at restricting Trunk to Trunk transfers on the switch.

From Avaya:

Administering call transfers out of AUDIX to minimize toll fraud:

AUDIX R1V7 or later software initially disables the Call Transfer Out of AUDIX feature to provide maximum security for the prevention of toll fraud. Before you activate call transfers out of AUDIX, consider the following:

* If your switch supports enhanced call transfer and you administer AUDIX to use enhanced call transfer, you minimize your risk for toll fraud. Switches that support the Enhanced Call Transfer feature include:

DEFINITY Generic 1, Generic 2, or Generic 3

System 75 XE or System 75 R1V3 Issue 1.4 (or later)

System 85 R2V4
* If your switch does not support enhanced call transfer, you may wish to re-evaluate your need to use the Call Transfer Out of AUDIX feature against the possibility of incurring toll fraud. Some AUDIX features that require the Call Transfer Out of AUDIX feature include automated attendants administered to redirect calls out of AUDIX, the Return the Call option and the Escape to Attendant feature.

Administering call transfers out of AUDIX:

To activate the Call Transfer Out of AUDIX feature:

1. Type system translation switch connection on the PATH line to display the system : translation : switch connection form and press ENTER .

a. If the switch type is dciu-sci, enhanced call transfer will probably work on your system. Go to Step 2.

NOTE:

If you have a DIMENSION 2000 PBX or an early System 75, System 75 XE, or System 85 switch, you need to activate basic call transfer in order to obtain call-transfer capability (see Step 4).

b. If the switch type is smsi, bri-api, sl1, stand-alone, or some other type of non-Lucent switch, you will need to activate basic call transfer as described in Step 4.
2. Type system appearance on the PATH line to display the system : appearance form and press ENTER .
3. Tab to the call transfer out of AUDIX feature (y/n)? field and type y.
4. The enhanced call transfer (y/n)? field will automatically be set to y. If your switch supports enhanced call transfers, leave this field set to y to provide maximum protection from toll fraud.
5. If your switch does not support enhanced call transfers, go to Step 4.
6. Tab to the enhanced call transfer (y/n)? field and type n.

A warning message about possible toll fraud will appear. This message is intended to remind customers that they are at risk whenever enhanced call transfers are not used; however, basic call transfer (switchhook flash) is the only way to allow Call Transfers Out of AUDIX on switches that do not support the Enhanced Call Transfer feature.

 

[koglass]

I would also button down the COR's of the Audix ports. Give them a low FRL and even possilly outward restrict the COR if you are able to without preventing users from a needed service. You maybe also can restrict trunk to trunk transfer if it is not already restricted. Make the CORs of the TGs a seperate COR and the Audix Ports a Seperate COR and next to the COR number of the TG mark it N instead of Y.

 

[mikeydidit]

Avaya will run a free security check for you (A little late it seems) and give you a full report of any areas that are unsecured. They will give you recommendations on what needs to be locked down and how.

Yes I also know this from experience. I was hit one weekend from a phone booth for $40,000. And yes, trunk to trunk transfer was the cause.

Hell, there are no rules here - we're trying to accomplish something.
Thomas A. Edison

For the best response to a question, read faq690-6594