beautypg.com

Educating operators, Detecting toll fraud, Establishing a policy – Lucent Technologies MERLIN LEGEND 5 User Manual

Page 378

background image

MERLIN LEGEND Communications System Release 5.0
System Manager’s Guide

555-650-118

Issue 1

June 1997

Customer Support Information

Page A-16

Other Security Hints

A

Educating Operators

1

Operators or attendants need to be especially aware of how to recognize and
react to potential hacker activity. To defend against toll fraud, operators should
follow the guidelines below:

Establish procedures to counter

social engineering. Social engineering is a

con game that hackers frequently use to obtain information that may help
them gain access to your communications system or voice messaging
system.

When callers ask for assistance in placing outside or long-distance calls,
ask for a callback extension.

Verify the source. Ask callers claiming to be maintenance or service
personnel for a callback number. Never transfer to

*

10 without this

verification. Never transfer to extension 900.

Remove the headset and/or handset when the console is not in use.

Detecting Toll Fraud

1

To detect toll fraud, users and operators should look for the following:

Lost voice mail messages, mailbox lockout, or altered greetings

Inability to log into voice mail

Inability to get an outside line

Foreign language callers

Frequent hang-ups

Touch-tone sounds

Caller or employee complaints that the lines are busy

Increases in internal requests for assistance in making outbound calls
(particularly international calls or requests for dial tone)

Outsiders trying to obtain sensitive information

Callers claiming to be the “phone” company

Sudden increase in wrong numbers

Establishing a Policy

1

As a safeguard against toll fraud, follow these guidelines for your MERLIN
LEGEND Communications System and voice messaging system:

Change passwords frequently (at least quarterly). Changing passwords
routinely on a specific date (such as the first of the month) helps users to
remember to do so.

Always use the longest-length password allowed.

See also other documents in the category Lucent Technologies Boating Accessories: