Ensuring that you always use strong passwords on your Gradwell account and IAX trunks is extremely important. Unfortunately there are people on the Internet that are on the look out for VoIP users with poor passwords, and they have various methods to do this. They normally have one of two aims:
- Toll fraud: this is when the person wishes to make calls and they don't wish to pay for a call. After they have found out a username and password for an extension they use this to log on to the system and make calls
- Revenue share fraud: this is when the person wishes to make calls to a revenue share number. Every minute that a call is made to this number they make money at your expense. Once they have access to a VoIP account they make long calls to this number
Gradwell have various methods to try and prevent this happening, however users do need to appreciate the importance of strong passwords to help make this work.
The tool below introduces you to the functionality that you can use to help protect your account from fraud.
What is a strong password?
Passwords can be strengthened by ensuring they aren't too short, have a mixture of alphanumeric characters and aren't standard "dictionary words". Passwords that are compromised are frequently simple words that you would find in a dictionary. It's extremely simple with computer software to find these out - the software simply makes hundreds of login attempts per minute using common words and passwords, and very quickly will chance upon the correct password. Therefore avoid words that you would find in the dictionary where possible.
To set a password for a Gradwell account it must follow the following rules:
- It must be at least eight characters long AND
- It must have a mix or letters and numbers OR
- It must have a mix of upper and lower case characters
If you can, we recommend mixing upper and lower case characters as well as adding numbers.
Creating new extensions
When you create a new extension we will automatically generate a strong password for you. Please enter this into your VoIP device.
If you need to change an extension password we have a Reset Password button to help generate a new password. You will find this in the password field on the extension page, and will automatically update the password for the extension.
Protecting your hardware
A common method of gaining access to your account is not via your control panel, but via your VoIP phone. Many have web interfaces that are publicly accessible using your phone's IP address. Therefore always ensure that you set a strong custom password for the web interface (the manufacturer's defaults are common knowledge so are the first thing a fraudster will try).
Please refer to your device's manual for assistance on changing the web interface password. If your phone was purchased from Gradwell we will have automatically set a custom password for you.
Other steps you can take
There are some other steps you can take to reduce the chances of your being the victim of fraud.
Only allow certain IP addresses to make calls from your account
Our IP ACL functionality will only allow calls to be made from IP addresses that you have authorised. For more help using this functionality please read this guide.
Manage call barring settings
Call barring is setup on your account to automatically block calls to high risk and high cost destinations. You can customise the call bar on a per extension basis if you wish (for example, blocking all international calls). For more help on customising call barring settings please see this guide.
Our daily spend alert functionality restricts the total cost of calls that can be made on your account in one day. This won't stop you being a victim of fraud, but it could limit the cost of it to you.
You can set this amount by clicking the Credit link in the Account Management area of your VoIP control panel menu.
The maximum daily spend can be any value between £1 and your credit limit. If you reach your daily spend limit an email will be sent to the master email address on your account.
Please note that once you reach your daily limit your ongoing calls are not automatically stopped, so you may spend more than your daily limit. However, any further attempts at making outbound calls will not be authorised.
Blocking calls out
If an extension is only required for internal calls you can easily block all outbound calls by turning off PSTN Access on the extension. To do this, navigate to the Extensions page (within the Configure menu of your control panel) and select the extension you wish to configure. Scroll to PSTN/Billing Settings and look for PSTN Access.
Untick this box to bar calls to outside telephones.