If your company uses a PBX / Voice Messaging system then you are being targeted by Phreakers (Phone Hackers).
2.1 Vulnerability: Remote access allows vendors to access and perform maintenance or changes to your system remotely. The technician will connect via a modem to a system SDI (Serial Data Interface) port and log in to your system to perform the actions. This connection path may be exploited by phreakers.- A regular review of calls associated with the extension.So, here's 6 quick tips that I use to help me better manage my email:6.2 Protective Action 1: Avoid modem polls. Many companies use modem pools to reduce the total cost of analog card ports. Modem pools allow phreakers and hackers to dial in and peruse your system for vulnerabilities.Even after you have emptied your trash, Compressing Folders is a recommended step to prevent other data corruption. Once you understand that an email does not actually move from one folder to another until the folder is compressed, then you can better appreciate this advice.4. Be sure that your virus system, firewall system, junk mail systems are up-to-date. I use Norton for viruses and have it connected to my email system so that all incoming and outgoing messages are scanned for viruses. Norton prompts me to update it regularly. ZoneAlarm, my firewall system,
www.zonealarm.com is up and running whenever I'm online to protect me from any type of intrusive attacks. Eudora has a built-in junk email detector system that works relatively well, but I'd prefer that most of my junkmail never even reach my email program. Consequently, I use SpamArrest,
www.spamarrest.com, which runs $34.95/year. All of my email goes through SpamArrest before it's downloaded into Eudora, and I can approve or block certain senders as I see fit. I log in at the beginning of the day and the end of the day to see if something was labeled as spam and rescue it, and then proceed to delete all the spam. Of the 600 emails a day I receive, I would estimate that at least 400/day are due to spam. Thanks goodness for SpamArrest!7. Fraud Scams- Password protection.
- Password creation procedures (avoid simple passwords or number sequences).
- Lost password retrieval procedures.
- New mailbox creation procedures.
- Terminated employee procedures.1.2 Protective Action 1: Verify with your vendor that all factory passwords have been changed or deactivated.7.2 Protective Action 1: Educate your employees on authorized contacts from your vendor or communications personnel. Vendors should always identify themselves.1.2.2 Protective Action 3: Create and maintain a process that identifies how often passwords will be changed and 'triggers' that require system password changes.This is an important part of your email management. When you no longer need an email, it should be deleted. When you first delete an email, your software will send the email to the Trash Bin. Your email is not actually deleted until you first empty your trash bin.�
http://www.fcc.gov � Federal Communications Commission.
�
http://www.fraud.com � Report suspected fraud.
-
http://www.cs2communications.com- Cultivate non-sharing of authorization codes within your company.
- Authorization codes should be as lengthy as your switch will allow.
- Change authorization codes on a regular basis.
- If possible, change the Flexible Feature code associated with authorization codes at least once a year.
- Keep records of created authorization codes.
- Regularly review calls associated with authorization codes.4.1 Vulnerability: External transfers and forwarding exposes your company to employee fraud and phreaker activity. Employees could intentional take advantage of this feature to process non-business-related calls for themselves or friends. Phreakers use their social skills to convince employees to connect calls for them.Once you learn how to use your software to its full potential, then your life will be greatly simplified and your effectiveness will be dramatically improved.- Time of Day schedules for Call Forwarding (contact your vendor).OUTLOOK EXPRESS: Click on Edit - Empty 'Deleted Items' Folder. To compress the remaining folders, click on Tools - Options, then click on the tab for Maintenance. Then click the button that says, "Clean Up Now". Once the compression is completed, click OK.5.1 Vulnerability: The most likely problem you will encounter with authorization codes is employee sharing. The act of sharing authorization codes exposes your company to possible employee fraud. Phreakers are savvy and are likely to know the authorization code procedures used by your particular system.I cannot stress enough how important it is that you utilize the tools for emptying the trash and compressing the mail folders. Protecting your email data on a regular basis is good practice for avoiding disaster in your mailbox.NETSCAPE MAIL: Click on File - Empty Trash Folder. To compress the
mailboxes, click on File - Compress Folders.When an email is moved from one folder to the other, only the header information is actually moved. The body information will not be deleted from the original folder until which time the original folder is compressed.5. Authorization Codes- Call Forwarding scams. Your employee is asked to forward calls as a test for a vendor.
- Call Back scams. Your employee is asked to dial a number as a test.
- Area Code scams. Your employee is informed to access an important message by dialing an 809 or 900 area code number. (Also known as the "Prize" scam).
- Modem Hijack scams. Your employee is informed to visit a link on the internet or asked to install a program. The program then runs in the background and dials numbers.6.2.2 Protective Action 3: Set the software associated with modems to not auto-answer. Many software programs or emulation programs have built in security features that prevent unauthorized access.6.2.1 Protective Action 2: Determine if a modem will have dial in and/or dial out capabilities. Most modems should be dial out only. To make a modem dial out only have your vendor program the extension as a non-Direct Inward Dial (DID). Modems that are Direct Inward Dial should adhere to the discipline discussed in Step 2.You are the best judge as to how to organize your email into topics that provide an easy method of retrieval of the information when you need it most.- Release company information (mailbox log in procedures, switch room and modem numbers).
- Connect to external numbers or transfer to external numbers.
- Dial a specific dial string or area code.Email filters are a tool to help you save time and frustration. Have you ever lost an incoming email under the deluge of email coming into your mailbox? With filters, you can direct the important email or not-so-important email into certain pre-ordained folders.As an example, when Email A comes into your main Inbox, the data connected to Email A appears in two files. One file contains the header and body of the email. The other file contains only the email header information.Related Websites:In order to get the most from your email software, there are three key processes that you should learn. These processes are concerned with data organization, saving time and email database management.2.2.1 Protective Action 2: Consider purchasing a modem with a CLID authentication feature. The authentication feature checks the number dialing in and if it doesn�t match the CLID authentication programming, the call is refused. Communicate with your vendor to determine what number they will be using. Perform an internet search for CLID Authentication modems or contact your vendor.2.2.2 Protective Action 3: You could place all of your modems in DND (Do Not Disturb). Calls made to the modem will be forwarded to your Attendants or a recorded announcement (RAN). Inform your vendor that they must call the attendant prior to dialing in so that the DND can be removed. They must also contact the attendant when they are done programming.Fortunately, the primary email browsers make it easy to organize your information. By allowing you to create folders within your email software, you can file specific emails into folders dedicated to the topic of the email.Don�t be fooled into thinking you need some special software to filter your email. Setting up filters is actually quite easy.I've found email to be both a blessing and a curse. I love the immediacy of the communication, but hate all of the spam and viruses that I have to be vigilant about.7.1 Vulnerability: Phreakers or scammers will use social skills to convince your employees to:EUDORA: Click on Mailbox - New --- or right click on Eudora in the folders window and then click on New. When the window opens, type in the name of your new mailbox and click OK. If you want to create a folder to place other mailboxes into, click the checkbox before clicking OK.6. Never put your email address on your website. Spammers buy robot or spider programs that scour websites for unecoded email addresses to add to their spam database. You can use a contact form where a visitor will have to input information and send the form data to you, or you can use an email address encoder program. I like to maintain the ability for my visitors to email me if they wish, so I use a program called Natata Anit-Spam Encoder,
http://natata.hn3.net/antispam_encoder.htm. I encode all the email addresses on my websites and those of clients. The program is free of charge.EUDORA: Click on Special - Make Filter. Once again, just follow the instructions in the Filter wizard.- A regular review of where calls are being routed.5. If you're receiving emails via your domain name, like
yourname@yourdomainname.com, and the email address is set up as a POP3 account, log into your web hosting account and be sure that you're set up only to receive emails at designated email addresses. Many times spammers will send emails out to postmaster@ or webmaster@ or info@, as these are pretty common email address aliases. If your hosting email account has an address that is set up to receive all the email to the bogus aliases (unrouted email) , you'll be getting lots of spam. Instead, log in to your hosting account and set your default email address to :blackhole: or to :fail: No Such User Here so that you'll only get the email at the addresses you've created.1.2.1 Protective Action 2: Change your passwords frequently, especially if your company has a high number of employee turnovers.3.2. Protective Action 1: Disallow auto-create
mailboxes. This setting is usually enabled during installation to permit a quick setup. When your initial setup is complete � disable this feature.Article by Charles Carter
http://www.cs2communications.comArticle by Charles Carter
http://www.cs2communications.com
Author: Charles Carter