Educating operators, Detecting toll fraud – Lucent Technologies MERLIN LEGEND 6 User Manual

MERLIN LEGEND Communications System Release 6.0
System Manager’s Guide

555-660-118

Issue 1

February 1998

Customer Support Information

Page A-17

Other Security Hints

A

■

Never distribute the office telephone directory to anyone outside the
company; be careful when discarding it (shred the directory).

■

Never accept collect telephone calls.

■

Never discuss your telephone system’s numbering plan with anyone
outside the company.

Educating Operators

1

Operators or attendants need to be especially aware of how to recognize and
react to potential hacker activity. To defend against toll fraud, operators should
follow the guidelines below:

■

Establish procedures to counter

social engineering. Social engineering is a

con game that hackers frequently use to obtain information that may help
them gain access to your communications system or voice messaging
system.

■

When callers ask for assistance in placing outside or long-distance calls,
ask for a callback extension.

■

Verify the source. Ask callers claiming to be maintenance or service
personnel for a callback number. Never transfer to

*

10 without this

verification. Never transfer to extension 900.

■

Remove the headset and/or handset when the console is not in use.

Detecting Toll Fraud

1

To detect toll fraud, users and operators should look for the following:

■

Lost voice mail messages, mailbox lockout, or altered greetings

■

Inability to log into voice mail

■

Inability to get an outside line

■

Foreign language callers

■

Frequent hang-ups

■

Touch-tone sounds

■

Caller or employee complaints that the lines are busy

■

Increases in internal requests for assistance in making outbound calls
(particularly international calls or requests for dial tone)

■

Outsiders trying to obtain sensitive information

■

Callers claiming to be the “phone” company

■

Sudden increase in wrong numbers