Preventing Toll Fraud and Voicemail Hacking on the NEC SL1100 & SL2100

This Tech Tip offers suggestions for protecting your customers from unauthorized use of their phone system. Without these steps, a hacker could take control of a user’s mailbox’s Find-Me/Follow-Me feature and use it to send callers to an International number. 

Suggestions to Prevent Unauthorized Use of Find-Me/Follow-Me

Have Users Password Protect Their Mailboxes

1. From the user’s mailbox menu, dial 67.

2. Dial 7 to change the security code.

The security code must be 4 digits long. It is recommended that you not use passwords that can be easily guessed, such as: 1111, 1234, or the user’s extension number.

Set Unused Mailboxes to “Undefined”

1. Go to Program 47-02-01: InMail Station Mailbox Options.

2. Use the Mailbox (1~28) search box in the upper right corner to navigate to the desired unused mailbox.

3. Set Mailbox Type to “Undefined” (SL1100) or “None” (SL2100).

4. Go to Program 47-03: InMail Group Mailbox Options.

5. For each unused Group Mailbox, set the Mailbox Type to “Undefined” (SL1100) or “None” (SL2100).

Apply Toll Restriction to InMail Ports

It’s recommended to apply Toll Restriction to all InMail ports that block International Calling.  By doing this, even if a hacker was to take over a mailbox, the attempt to call out to an International number will fail.

If your phone system was purchased from us with a pre-programmed database, we have already applied International Toll Restriction to Class 2, and the following steps are already complete
If you did not purchase your phone system from us with a pre-programmed database, please complete the steps below

1. Go to Program 21-04: Toll Restriction Class for Extensions.

2. Set all InMail Ports to Toll Class 15 for all system Modes.

3. Go to Program 21-05: Toll Restriction Class

4. Use the Toll Restriction Class (1~15) search box in the upper right corner to navigate to Class 15.

5. Set International Call Restriction Table to “Assigned”.

6. Go to Program 21-06-01: International Restriction Table.

7. For Table Entry 01, set the Dial Digits to “011”.

Please note: By default, all extensions are assigned to Toll Restriction Class 2 which is also assigned to use the International Toll Restriction Table, as well as the International Toll Permit Table.  So, the steps above will also block International Calling for this Toll Class as well.  

If the user has a need for making International calls, but wants to prevent InMail from making International calls, you will need to permit entry of the 011 + the country codes the user calls, or disable 21-05-01 for the toll class telephones use.