NEC toll fraud NEC toll fraud Dave Werth (Systems Engineer) (OP) 8 Aug 19 17:00 Has anyone ran across toll fraud on an NEC electra elite vmail? I'm assuming that is how it is happening. Seems to only happen in night mode. RE: NEC toll fraud AKgreatland (Vendor) 8 Aug 19 19:14 I have not on the Electra but they have been hitting the inmails pretty hard. generally their setting up find me follow me in the voicemail and mailbox notification which generally comes with a begin time and a end time. If the begin is set to start after hours that is most likely why you only see it happen at night AKgreatland Just another beautiful day in the land of communications RE: NEC toll fraud belevedere (Instructor) 8 Aug 19 20:32 Delete all unused mail boxes. Have all users put a password in their mail box. Set up a toll restriction class and assign the VM ports to it. Restrict 011 in the tables. Most important, put a password on the $nec box. It's a well known default log in. RE: NEC toll fraud meyer1y2k (Vendor) 12 Aug 19 15:58 I recently encountered an incident where the system was assigned a public IP address for WebPro. The hacker used the necii login and password to change system call forward to an off site number and then modify the DID for the station. They would then go back in after a few hours and put everything back. We found this on the modification log (SV9100). Public web access was removed and we went in and changed all the necii passwords on all systems we maintain whether accessible or not. We actually changed all passwords since necii would let you see all the logins. We further removed all the user passwords since that can also be used to modify call forward.