Long Distance Fraud. Protect your voicemail and equipment; and educate your employees.
Toll fraud is an ongoing risk for business customers,where businesses are billed for long distance calls made fraudulently through their business voicemail equipment.
Below are the details:
The activity involves experienced fraudsters accessing vulnerable business voicemail equipment via system option prompts that eventually permit the user to place long distance calls.
Fraudsters most often call a business after-hours and use its automated answering system to troll for vulnerable mailboxes. Experienced fraudsters sometimes recognize the equipment they are calling by its prompts and know the equipment's default passwords, allowing them access to mailboxes with unchanged passwords (or try guessing at simple passwords such as 1234 and 1111).
It is imperative for you to protect yourself against this type of fraudulent activity by ensuring your voicemail equipment is safeguarded and your employees are educated about password security best practices.
Industry best practices for protecting your voicemail equipment include:
Ensuring your employees change the manufacturers' default password immediately upon being assigned a voicemail box, and are trained to change the password frequently thereafter
Programming your voicemail system to require passwords with a minimum of 6 characters (8 is preferred - the more complex the password, the more difficult it is to guess)
Insist your employees don’t use easily-guessed passwords such as their phone numbers, local number, or simple number combinations.
When assigning a phone to your new employee, never make the temporary password the employee's telephone number
Programming your voicemail system to force users to change their password at least every 90 days
Validate if the through-dialling feature is needed, and if not it should be disabled by your equipment support provider. It is a convenience feature that allows you to make long distance calls through your mailbox when you are at an offsite location. However it is the primary enabler of toll fraud on phone systems. If this feature is used, it is important that you generate and monitor through-dialling reports to ensure your mailboxes are not being abused.
Remove all unassigned mailboxes
The above security measures are of a general nature and might not protect every aspect of an individual telephone system- you are encouraged to contact your equipment support provider to discuss the unique aspects and vulnerabilities of your telephone equipment in greater detail. Remember that you are responsible for paying for all calls originating from, and charged calls accepted at, your telephone, regardless of who made or accepted them.
If you have general questions about voicemail equipment protection and have a Bell maintenance contract contact a Bell representative at firstname.lastname@example.org. Otherwise, contact your equipment support provider.
If you suspect you have been a target of criminal activity, it is your responsibility to contact the local authorities immediately. Bell will be pleased to co-operate with you and assist in a formal criminal investigation with your consent and at the request of the local authorities.