Can inbound DNIS be spoofed?

[tjww1000]

A customer's 3300 was hacked and the carrier claims that it was by fault of the MiVB. They state that the call came in on a DID that has a DNIS of 4741. 4741 is a System Speed Dial that rings to a Hunt group that reroutes to a NuPoint Call Flow that only allows 4 digit dialing. The Hunt group had a COS that did not have SMDR enabled and the SMDR options were at the most basic of settings. The following SMDR string is one of many fraudulent calls. Note that it appears to be direct trunk to trunk. I have included a valid inbound DID call to 1656 for reference. Note that the inbound digits dialed and DNIS field contain the international call and the caller ID is 100. This seems to me that the carrier is at fault, what say you?

%01/23 11:12P 0000:22:26 T1125           011381607915506           A T1191
%01/23 11:12P 0000:22:24 T1125    003 9011381607915506            T1191
                      100        7915506

-01/23 11:17P 0000:08:41 T1129    003 1656                        1656
                      4085686808 1656

[rotary dial tommy]

I would say the tech that porgrammed the mitel is at fault for not blocking ld calls . Not the carriers fault .Good luck on the finger pointing .

[ralph]

There could be a couple of things going on.  But before you do anything else, restrict your VM/AA ports to local only.
Do this for all NuPoint ports and embedded ports.
Change the VM TUI admin passwords for NuPoint and Embedded.

Next turn on Record Transfer in your SMDR string.

Now, as for what happened, odds are pretty good that one or more mailboxes were hacked.  The hacker would put in the fraudulent number in his personal contact list or extension number.  I've seen this a lot with embedded.  Not so much with NuPoint but it does happen.

Ralph