Lock it down

Restrict any destinations that should not normally be dialed, e.g. Premium Rate, International or Operators including Directory Enquiries.

Review available (or possible) telephone system call logging and call reporting options.

Monitoring for increased or suspect call traffic could then take place locally.


Restrict Access

Please note that call logging (if not in place) should immediately be set up on any system where fraud is suspected. But it will need to be professionally programmed or it may miss certain call types.

Voicemail ports should be barred outgoing access to trunks if possible.  Then the extension ports can be completely barred access to Trunks

If access to trunks via Voicemail is absolutely necessary then suitable restriction need to be set up on any extension ports that must have a voicemail connected.

It may be possible to by-pass Barring restrictions in the UK by dialling for example 18002,  141, 1470, 1280,  some prefix that can be used and still allow the call to route correctly over the Public Network.


Beware of DISA

DISA is a feature no longer sold but an old telephone system could have the feature still present  – ensure it is  completely disabled.

If a customer has networked telephone systems be aware that DTF hackers can potentially ‘breakout’ from one site to the other via this route.

Ensure IVR / Auto Attendant options for accessing trunks are removed.

Voicemail and DISA passwords – Use a password but not obvious passwords such as “1234” or the extension number. Consider changing passwords periodically.