MERLIN LEGEND Communications System Release 6.1
Network Reference
555-661-150
Issue 1
August 1998
Customer Support Information
Page A-17Other Security Hints
A
■ Be suspicious of any caller who claims to be with the telephone company
and wants to check an outside line. Ask for a callback number, hang up and
confirm the caller’s identity.
■ Never distribute the office telephone directory to anyone outside the
company; be careful when discarding it (shred the directory).
■ Never accept collect telephone calls.
■ Never discuss your telephone system’s numbering plan with anyone
outside the company.
Educating Operators 1
Operators or attendants need to be especially aware of how to recognize and
react to potential hacker activity. To defend against toll fraud, operators should
follow the guidelines below:
■ Establish procedures to counter
social engineering
. Social engineering is a
con game that hackers frequently use to obtain information that may help
them gain access to your communications system or voice messaging
system.
■ When callers ask for assistance in placing outside or long-distance calls,
ask for a callback extension.
■ Verify the source. Ask callers claiming to be maintenance or service
personnel for a callback number. Never transfer to
*
10 without this
verification. Never transfer to extension 900.
■ Remove the headset and/or handset when the console is not in use.
Detecting Toll Fraud 1
To detect toll fraud, users and operators should look for the following:
■ Lost voice mail messages, mailbox lockout, or altered greetings
■ Inability to log into voice mail
■ Inability to get an outside line
■ Foreign language callers
■ Frequent hang-ups
■ Touch-tone sounds
■ Caller or employee complaints that the lines are busy
■ Increases in internal requests for assistance in making outbound calls
(particularly international calls or requests for dial tone)
■ Outsiders trying to obtain sensitive information
■ Callers claiming to be the “phone” company
■ Sudden increase in wrong numbers