1. Protecting Your Phone System Against Toll Fraud
Businesses using any phone system, including Wave, are vulnerable to loss of money from unauthorized people hacking into their phone system. Hackers can then make hundreds of outbound long distance or international calls that cost businesses around the world millions of dollars every year. Wavecontains several features and options that can protect your system against toll fraud.
Hackers who commit toll fraud use a variety of techniques to gain access to a system. The following are the most common methods used to attempt toll fraud:
| • | Gaining access via unsecure, easy-to-guess passwords. This technique is used in the majority of cases. System Settings in the Global Administrator Management Console provides several options to enforce harder-to-guess passwords. See Enhancing password security. |
| • | Calling the main auto attendant, pressing #, logging in as the Administrator, pressing # for dial tone and then placing outbound calls. See Making account logon more secure. |
| • | Attempting to log on at every extension (101, 102, etc.) until an extension with an easy password is found. Once found, the hacker will change call forwarding to the external number they want to dial (for example, an international number or the number of another hacked PBX), and then make calls to the external number as needed. By calling through multiple hacked PBXs, Caller ID and traces will be unable to track down the hacker's identity. See . |
| • | Calling random users and telling them they are a representative from the phone company and need their voice mailbox password to track down a problem with the phone system. Users should be told to never give out their passwords, and if they have reason to believe someone else has it, to change it immediately to something secure. |
Most phone carriers maintain toll fraud web pages with current information. You can monitor these web sites for up-to-date information and potential remedies. Contact your carrier for more information.