Most unauthorized long distance call attempts occur as a caller tries to transfer out of the messaging system.
You can control call transfers out of messaging by administering the system to limit the numbers to which a caller can transfer.
To transfer out of the messaging system, the user presses * T, the digits of the extension to which she or he wants to transfer, and #. If the pattern of the number dialed corresponds to a pattern that you have permitted on the Allowed Numbers menu, the messaging system initiates the transfer. The Communication Manager server then verifies that it is allowed to transfer to the requested destination.
Before you enable a transfer out of the messaging system, you need to restrict such transfers as described under Controlling Call Transfers. Within this menu system, you can specify extensions to which a caller can transfer.
Callers cannot transfer to extensions that are expressly denied on the Denied Numbers menu. You can, for example, prohibit call transfer to extensions beginning with "9" if dialing this number results in access to an outside line.
If a caller enters an extension that is an allowed transfer, the Communication Manager server completes the transfer, disconnects the messaging system, and sends a "disconnect successful transfer" message to the system. If the number is notan allowed transfer, the Communication Manager server leaves the system connected to the caller and sends a "fail" message to the messaging system. Then the system plays an error message requesting further activity.
If Call Transfer is activated on the Administer System Attributes and Features page (Under Messaging Administration, select System Administration), you have administered your system to allow * T transfers. You can minimize the risk of toll fraud attempts that use * T transfers by taking one or both of the following precautions:
Setting the Transfer Restriction field on the SAdminister System Attributes and Features page to subscribers.
Administering allowed and denied numbers as described under Controlling Call Transfers. In this case, if the pattern of the number dialed corresponds to a pattern that you have permitted on the Transfer Security menu system, and if that number is a valid extension number for an administered subscriber (either local or remote), transfer is permitted.
The Transfer Restriction field also can be set to digits. In this case, the destination telephone number must correspond to a pattern you have permitted and administered in the Transfer Security menu system. It must also have the same number of digits as extension numbers (that is, mailbox identifiers) within the messaging system. Since this option does not minimize toll fraud, it is administered only by Avaya and only as a special service to customers who want the digitsoption.
Setting the Transfer Restriction field to subscribers is the more secure of the two options. It virtually eliminates the fraudulent use of call transfer since the messaging system can verify that the specified destination is an administered number. If digits are specified, on the other hand, the caller might find a way to access the Communication Manager server and to use Communication Manager server features and functions to complete fraudulent long distance calls.
If you want to assign nonresident subscribers(that is, users with a mailbox but no telephone on the Communication Manager server) to extension numbers that start with the same digit or digits as Communication Manager server trunk access codes (such as 9), you must carefully administer the restrictions by using the Transfer Restrictions menu.