MERLIN LEGEND Communications System Release 5.0
System Manager’s Guide
555-650-118
Issue 1
June 1997
Customer Support Information
Page A-16Other Security Hints
A
Educating Operators 1
Operators or attendants need to be especially aware of how to recognize and
react to potential hacker activity. To defend against toll fraud, operators should
follow the guidelines below:
■ Establish procedures to counter
social engineering
. Social engineering is a
con game that hackers frequently use to obtain information that may help
them gain access to your communications system or voice messaging
system.
■ When callers ask for assistance in placing outside or long-distance calls,
ask for a callback extension.
■ Verify the source. Ask callers claiming to be maintenance or service
personnel for a callback number. Never transfer to
*
10 without this
verification. Never transfer to extension 900.
■ Remove the headset and/or handset when the console is not in use.
Detecting Toll Fraud 1
To detect toll fraud, users and operators should look for the following:
■ Lost voice mail messages, mailbox lockout, or altered greetings
■ Inability to log into voice mail
■ Inability to get an outside line
■ Foreign language callers
■ Frequent hang-ups
■ Touch-tone sounds
■ Caller or employee complaints that the lines are busy
■ Increases in internal requests for assistance in making outbound calls
(particularly international calls or requests for dial tone)
■ Outsiders trying to obtain sensitive information
■ Callers claiming to be the “phone” company
■ Sudden increase in wrong numbers
Establishing a Policy 1
As a safeguard against toll fraud, follow these guidelines for your MERLIN
LEGEND Communications System and voice messaging system:
■ Change passwords frequently (at least quarterly). Changing passwords
routinely on a specific date (such as the first of the month) helps users to
remember to do so.
■ Always use the longest-length password allowed.
