This is a brief update for customers who have Polycom and Yealink phones on their OnSIP phone system. Unfortunately, VoIP fraud is not uncommon. Each year, millions of dollars are lost to fraudulent phone calls.
Today, we're implementing a new setting in your OnSIP admin portal to help fight this growing problem. To understand this setting, you must first understand how common cases of VoIP fraud can happen:
Hackers scan the Internet for VoIP phones' IP addresses; they can successfully find your phone's IP address if it is not behind a NAT. If you have a Polycom or Yealink phone, they can login to its web admin interface using the default admin username and password, extract your SIP credentials, register several phones with them, and start making hundreds of international calls- all on your dime.
We want to emphasize that keeping your phones secure is ultimately up to you, the customer. The best practice to prevent VoIP fraud is to place your phones behind a NAT so their IP addresses are not directly visible on the Internet. (If you need help, please contact our Support Team.) However, we've made a security improvement as a secondary measure.
As always, all charges coming from your account are your responsibility.
Our new security measure
Beginning today, any Polycom or Yealink phone on our phone provisioning server that reboots will be given a new admin password. New passwords are visible in the OnSIP admin interface. Simply click on your 'Phone' resources to view them.
As the admin, you will have the ability to override this change by checking the "Set Your Own Password" checkbox. Please note: If you check this box, we strongly recommend that you still change the password to something other than the factory defaults, which are widely known.
Again, we ultimately recommend that you place your phones behind a NAT so their IP addresses are not directly visible on the Internet, but we hope this improvement will help fight fraud.
Finally, this, in no way, "locks" your phone. You still have full access to all features and functionality of the phone and can reset the admin password back to factory defaults at any time.