12-06-2011 08:31 PM
We have a customer who's been hit with unauthorized toll charges or
fraud. I believe they're getting in via voicemail, and dialing out to the
900 numbers. When this happened a few months ago, they changed all the
vpn passwords, we reassigned those physical phones which were associated
with the extensions that placed the calls, and changed all of the
voicemail pins. But it's happening again, so I believe they must be
getting in via voicemail.
900 numbers both 900*, 1900*, 91900* and 9900* are blacklisted in the CoS
How can I know if they're placing the calls via hacking someone's
voicemail and getting dial-tone or getting in through the vpn? The
extensions that placed the calls have had registrations disabled, so it
could possibly be someone spoofing (outpulsing their number) and dialing
the 900 numbers.
Solved! Go to Solution.
12-28-2011 01:44 PM
There is a feature called Virtual Calling Card that is enabled by default to allow placing calls from voicemail. The number of digits allowed for Virtual Calling Card should be reduced to 3 or 4 to only allow internal calls to be placed. Additionally, reduce the number of minutes allowed to 0. The feature should remain in place for Auto Attendants, so they can transfer calls to extensions (as long as your Auto Attendants are configured for that function). For that reason, it is critically important to choose a very complex voicemail password for Auto Attendant mailboxes. For more information, consult the HP Knowlegebase. Recent versions of VCX software have an additional Voicemail password security feature, to enforce complex passwords for voicemail boxes.