How are the alerts sent and tracked?
ANI Violations are tracked in the Equinox Portal (http://equinox.voip.evolveip.net/) and the credentials are unique to the portal so If you cannot log in you will need to engage Voice Engineering. The email alerts are sent from protector@evolveip.net.
Example Email Alert
In the subject line we can see the phone number in question that triggered the alert is 2162282400 and the total Score calculated is 13303. The Violation that triggered this specific notification was US International Call Count-Attempts. Usage shows 43 meaning that was the amount of calls total that was monitored, and the Threshold 12 from Default tells us that it was using the default threshold setting.
Troubleshooting
There are a couple ways to find the user in question initiated the calls because the number in question may not be the same as the User ID that initiated the calls.
Step 1: Locate the Calls that triggered the alert
Option 1:
Go into OCOM and search the number in question and find the calls to international numbers, usually easily indicated with the callee field starting with 011-[International Number] or if they are dialing to a blacklist country then the callee will show 0119999369-[International Number]. 9999369 is the IN_Special routing profile code needed to be able to place outbound calls to blacklisted countries. Then search for one of the international numbers in question and you should then see what User ID(s) then placed the call. Once you know the User ID(s) in question search by that now and you can get a full list of the calls.
Option 2:
Use the Equinox portal CDR Warehouse that will list all the calls in question so you can find the international numbers dialed then take that to OCOM to find the User ID in question.
First right click the Violation in question and then select “Resolve as Legitimate.” Please note if you do not finish the case out all the way, then it won’t submit so you are fine:
Next click “Step 4 – Select Legitimate CDRs” and make sure the box for “Exclude calls to Default Domestic” is checked, finally select “Get CDRs”:
Lastly the output will then list the dialed numbers so you can search in OCOM now:
Step 2: Grab the User IDs/Phone Numbers in question and start gathering the details:
What you need to investigate is the legitimacy of these call attempts. Legitimacy can be determined by confirming but not limited to the following:
Is International Dialing Enabled?
What device was being used to initiate the calls (Ex: UC-One or Desk Phone)?
What IP of the said device is registering from? If placed from a desk phone, confirm if they have an Edgewater present.
There is no Call Forward Always, Remote Office, or Sim Ring sending calls to an International number. Please keep in mind that even if there is a Call Forward Always set in certain cases can be legit if the pinhole is created in Broadsoft Backend.
Step 3: Providing your findings:
When finished find the original email in which the alert came in on and reply all, be sure to be replying from our personal email as some people may have filtering enabled for emails that come from Support@evolveip.net. Also be sure to include the ticket number in the subject line so it can be tracked and logged into the ticket. Include any PCAPS or screenshots of what you have found as evidence or if you need some assistance understanding. IF you think the alert is fraudulent INTERCEPT THE USER SEAT OR LOCATION, RESET THE SIP AUTHENTICATION, RESET THE VOCIEMAIL PIN, AND RESET THE APPLICATION PASSWORD and engage Voice Engineering to confirm your findings; meaning if the alert is after hours you are to call the Voice Engineering on call. We need to act in speedy matter on real fraudulent behavior as the longer it happens the more money is being loss.
An example of how a reply should look. Please keep in mind all fraud is different and your investigation into the matter may not be as simple:
