Toll Fraud

[curlycord]

Recently a few of us have had to service some clients that have Toll Fraud however their is no evidence that Toll Fraud could be possible.
Example there is no Outdialing allowed on Mailboxes or Sets, Voice Mail ports are denied pool/line access and lines or sets or both restricted from 0, * 10 etc and no lines are auto answer with DISA etc.
I had one who said they even had codes to dial Long Distance from the carrier with all the above restricted and still Toll Fraud happened.

Now I am wondering since it's possible to spoof your phone number and call others I wonder if hackers have found a new way to make LD calls with the clients number.
Just as an example they spook the number and dial a 10XX LD service and make the call and boom that number is billed.







________________________________________

Add me to LinkedIN

=----(((((((((()----=

http://www.curlycord.com

Toronto, CAN

 

[belevedere]

Just a few question, do they use webex? If so is the log in published? Do they use SIP trunks? Was their SIP trunk provider hacked? Again if SIP trunks, are they using the well known published port 5060? Is their local router well protected by log in and password, and not left at default?
Some things I have run into in a similar situation.

 

[kwbMitel]

Yup, I'd suspect SIP trunks

**********************************************
What's most important is that you realise ... There is no spoon.

 

[curlycord]

No actually they are POT's lines...all sites in question are with Bell Canada.


________________________________________

Add me to LinkedIN

=----(((((((((()----=

http://www.curlycord.com

Toronto, CAN

 

[kwbMitel]

Do you know of some examples of numbers that were dialled supposedly.

I had a situation here in Alberta with a hotel where the numbers being dialed were 10 digit local but they were being billed similarly to 900 toll calls.

The carrier was Shaw in my case, and the carrier took responsibility for the calls.

**********************************************
What's most important is that you realise ... There is no spoon.

 

[curlycord]

I forget the country and area codes but I could see in the Callpilot reports 011 XX XXX-XXX-XXXX
Most of the area codes if I recall seem to start with a 2 maybe. 011 XX 2XX-XXX-XXXX


________________________________________

Add me to LinkedIN

=----(((((((((()----=

http://www.curlycord.com

Toronto, CAN

 

[ucxguy]

If you have a record of these calls in Callpilot reports, then apparently Callpilot was involved (used to make the calls) - so it's clear this was no spoofing. Someone figured out a way how to dial into a mailbox and dial out from the mailbox. With the calls being in Callpilot reports, I'd guess someone hacked the Callpilot password and temporarily changed the configuration of a mailbox to dial out to an external destination of their choice.

 

[curlycord]

Sorry, I see I wasn't clear in the last post...what I meant was on an average in most other cases that is what I usually see and not a 900 #, per my first post there is no evidence of any hacking.

But your right that's exactly what they do and as of late they also use the Off Premise Notification (remote msg notify) to do a *72 to forward the lines oversea's at night then change it to *73 in the morning or use another mailbox for that.



________________________________________

Add me to LinkedIN

=----(((((((((()----=

http://www.curlycord.com

Toronto, CAN