MERLIN LEGEND Communications System Release 5.0

Issue 1

System Manager’s Guide 555-650-118

June 1997

 

 

ACustomer Support Information

Other Security Hints

Page A-16

Educating Operators

1

 

 

Operators or attendants need to be especially aware of how to recognize and react to potential hacker activity. To defend against toll fraud, operators should follow the guidelines below:

Establish procedures to counter social engineering. Social engineering is a con game that hackers frequently use to obtain information that may help them gain access to your communications system or voice messaging system.

When callers ask for assistance in placing outside or long-distance calls, ask for a callback extension.

Verify the source. Ask callers claiming to be maintenance or service

personnel for a callback number. Never transfer to *10 without this verification. Never transfer to extension 900.

Remove the headset and/or handset when the console is not in use.

Detecting Toll Fraud

1

To detect toll fraud, users and operators should look for the following:

Lost voice mail messages, mailbox lockout, or altered greetings

Inability to log into voice mail

Inability to get an outside line

Foreign language callers

Frequent hang-ups

Touch-tone sounds

Caller or employee complaints that the lines are busy

Increases in internal requests for assistance in making outbound calls (particularly international calls or requests for dial tone)

Outsiders trying to obtain sensitive information

Callers claiming to be the “phone” company

Sudden increase in wrong numbers

Establishing a Policy

1

As a safeguard against toll fraud, follow these guidelines for your MERLIN

LEGEND Communications System and voice messaging system:

Change passwords frequently (at least quarterly). Changing passwords routinely on a specific date (such as the first of the month) helps users to remember to do so.

Always use the longest-length password allowed.

Page 378
Image 378
Lucent Technologies 5 manual Educating Operators, Detecting Toll Fraud, Establishing a Policy