MERLIN LEGEND Communications System Release 6.1 | Issue 1 |
Network Reference | August 1998 |
|
|
ACustomer Support Information
Toll Fraud Prevention | Page |
■All voice messaging system users must use secure passwords known only to the user.
Security Risks Associated with the Automated
Attendant Feature of Voice Messaging Systems 1
Two areas of toll fraud risk associated with the Automated Attendant feature of voice messaging systems are the following:
■Pooled facility (line/trunk) access codes are translated to a menu prompt to allow Remote Access. If a hacker finds this prompt, the hacker has immediate access. (In Release 3.1 and later systems, dial access to pools is initially
■If the Automated Attendant prompts callers to use Remote Call Forwarding to reach an outside telephone number, the system may be susceptible to toll fraud. An example of this application is a menu or Submenu that says, “To reach our answering service, select prompt number 5,” and transfers a caller to an external telephone number.
Remote Call Forwarding can be used securely only when the central office provides “reliable disconnect” (sometimes referred to as forward disconnect or disconnect supervision), which guarantees that the central office does not return a dial tone after the called party hangs up. In most cases, the central office facility is a
Preventive Measures | 1 |
Take the following preventive measures to limit the risk of unauthorized use of the Automated Attendant feature by hackers:
■Do not use Automated Attendant prompts for ARS Codes or Pooled Facility Codes.
■Assign all unused Automated Attendant Selector Codes to zero, so that attempts to dial these are routed to the system attendant.
■If Remote Call Forwarding is required, MERLIN LEGEND Communications System owners should coordinate with their Lucent Technologies Account Team or authorized dealer to verify the type of central office facility used for RCF. If it is a
