Compromised VoIP Accounts

A service is compromised when a third party obtains your VoIP phone number and VoIP password, and uses these details to make calls, typically calling expensive international destinations (phone fraud). In many cases, the calls are made using a machine, meaning there may be multiple calls made at the same time, or calls occur within seconds of each other.

 

  • The call history of your VoIP service is monitored, but there can be up to a 48 hour delay between calls made and calls being recorded on our systems.
  • If our systems detect call activity that resembles a compromised account (e.g. multiple consecutive calls to a high risk international number) then your VoIP service will be suspended.
  • If this occurs, an email and SMS advising of the suspension will be sent to the contact details listed on your account.
  • A member of the iiNet Support Team will attempt to contact you within 48 hours to assist you in securing your account again, or you may call us on 13 22 58.

 

  • Run an antivirus and anti-malware scan on your computer and remove any infections found. If your computer is severely infected and you have difficulty using it, you may need the assistance of a computer technician to get it working again.
     
  • Secure your modem settings:
    - Make sure any Remote Management/Remote Connect functions in your modem settings are disabled;
    - Change your modem settings login password;
    - Change your modem's WiFi password.

    Instructions on how to do this on iiNet modems can be found in the appendix of this guide. If you use a third-party modem, please visit the manufacturer's website for support information.
     
  • Change the password for your email address(es) as your VoIP account may have been compromised via compromised email accounts. If the email address is with iiNet, you can change the password in Toolbox.
     
  • Once all of these security measures have been taken, you may request that your VoIP service be unsuspended (this may take up to 2 business days to process). As always, you are accepting the risk that failure to keep your home network secure may lead to further exploitation of your services and you are liable for any charges resulting from a security breach outside of the iiNet network.
     
  • Remember - the integrity of your network is your responsibility. iiNet cannot ensure that your network and the devices attached to it are secured - we may only be able to secure iiNet provided hardware. Only request that your VoIP service is unsuspended once you know that the problem has been detected and resolved.

 

  • Regularly scan your computer for viruses and malware.
  • Make sure your wireless network has a secure WPA/WPA2 password, and don’t share this password with anyone you don’t want to have access to your network.
  • Change the login password for your modem from the default setting.
  • Never share your passwords over email, instant messengers or social media. If you need to record any password, write it down on a piece of paper and keep it somewhere safe.
  • Never enable remote management on your modem without setting it to a static IP address of a secure computer that is also owned by you. If you don’t set a static IP address for remote management, then any computer can access your modem remotely and potentially compromise your services.
  • Make sure that your modem is running the latest version of its firmware.

 

Appendix - Securing iiNet modem settings

  1. Open your web browser and go to http://192.168.1.1.
  2. Log in with the default username "admin" and default password "admin", or use your custom login password.
  3. If you find that you can’t log in due to an incorrect password, you may need to factory reset your modem to return the password to the default.
  4. Select Advanced.
  5. In the left-hand column, select System Tools, then Adminisration.
  6. Under "Account Management", you need to change your modem's login password to something different from the default "admin". First, enter the current username and password for the Older User Name and Old Password fields.
  7. Enter a new, different password into both the New Password and Confirm New Password boxes.

    Note: You may also change the default username "admin" to something different if desired.

    TP-Link VR1600v settings 1
  8. Before hitting Save, write down your new modem login details and keep them somewhere safe for future reference.
  9. On the same page, scroll down to "Remote Management". Make sure that Remote Management: Enable is NOT ticked. If you needed to untick the box, click Save
    TP-Link VR1600v settings 2
  10. Next, select Wireless, then Wireless settings.
  11. You'll see the 2.4GHz wireless settings by default. Make sure Security is set to WPA/WPA2 Personal (Recommended) and enter a new, different Password, then click Save.
  12. Afterwards, select 5GHz and make sure Security is set to WPA/WPA2 Personal (Recommended). Enter a new, different Password, then click Save to finish. 
    TP-Link VR1600v settings 3

TG-1 or TG-789 Broadband Gateway

  1. Open your web browser and go to http://10.1.1.1.
  2. Log in with the default username "admin" and default password - on the TG-1, this is "admin". On the TG-789, this is a unique password printed on the barcode sticker. Alternatively, use your custom password.
  3. If you find that you can’t log in due to an incorrect password, you may need to factory reset your modem to return the password to the default.
  4. On the dashboard, make sure the switch on the Assistance panel is set to OFF
    TG-789 settings 1
  5. On the dashboard, select the Wireless panel. 
    TG-789 settings 2
  6. You'll see the wireless settings. Under Access Point, make sure Security mode is set to WPA2 PSK and then enter a new, different Wireless Password. If you don't actively use WPS to connect devices to your WiFi network, set this switch to OFF and then click Save
    TG-789 settings 3
  7. Close the Wireless window to return to the dashboard.
  8. The final step is to change your modem's login password to something different from the default "admin". The only way to do this is in step 5 of the Setup Wizard.

    If you're not confident doing this alone as the first 4 steps of the Setup Wizard involve re-entering/confirming your broadband settings, please call us on 13 22 58.

    TG-789 settings 4

     

    TG-789 settings 5

Huawei HG532d or HG658

  1. Open your web browser and go to http://192.168.1.1.
  2. Log in with the default username "admin" and default password "admin", or use your custom credentials.
  3. If you find that you can’t log in due to incorrect login credentials, you may need to factory reset your modem to return the username and password to the default.
  4. Click Basic in the left-hand column and then select WLAN.
  5. Make sure Security is set to WPA2 PSK and then enter a new, different WPA Pre-shared key (WiFi password). If you don't actively use WPS to connect devices to your WiFi network, untick the WPS Enable box and then click Submit.
    Huawei settings 1
  6. The next step is to change your modem's login password to something different from the default "admin". After your WiFi changes have saved, click Maintenance in the left-hand column and then select Account.
  7. Select "admin" from the User Name drop-down menu. Enter a new, different password into both the New Password and Confirm Password boxes.

    Note: You may also change the default username "admin" to something different if desired.

    Huawei settings 2
  8. Hit Submit to finish.

 

These instructions will only work for the NetComm model sold by the iiNet Group.

  1. Open your web browser and go to http://10.1.1.1.
  2. Log in with the default username "admin" and default password “admin”, or use your custom credentials.
  3. If you find that you can’t log in due to an incorrect username/password, you may need to factory reset your modem to return the username and password to the default “admin”.
  4. You'll see the Basic view of your modem's settings. At the bottom of the page, click Switch to advanced view.
  5. Click Security Settings in the top menu bar and then select Miscellaneous from the drop-down menu.
  6. Make sure the the Enable box for Remote Administration is not ticked. Click Save if you had to make any changes. 
    NetComm settings 1
  7. Next, click Network Setup in the top menu bar and then select Change Password from the drop-down menu.
  8. On this page, you'll need to change the password to log into your modem settings to something different from the default password "admin". You may need to enter "admin" into the Old Password box before entering a New password and repeating it in the Reconfirm box.
    Note: You may also change the default username "admin" to something different if desired. 
    NetComm settings 2
  9. Before hitting Save, write down your new modem login details and keep them somewhere safe for future reference.
  10. Next, click Network Setup in the top menu bar and then select Wireless 2.4GHz from the drop-down menu. If you use the 5GHz network for your WiFi, select Wireless 5GHz instead.

    Note: If you use both, please repeat step 13 for both the 2.4GHz and 5GHz networks.

  11. Make sure Authentication is set to WPA-PSK/WPA2-PSK and then enter a new, different password in the Pre-shared Key box before clicking Save to finish. 
    NetComm settings 3

Budii, Budii Lite, BoB2 or BoB Lite

Screenshots have been taken with a Budii.

  1. Open your web browser and go to http://10.1.1.1.
  2. Log in with the default password “admin”, or use your custom password.
  3. If you find that you can’t log in due to an incorrect password, you may need to factory reset your modem to return the password to the default “admin”.
  4. Select Advanced Settings from the top menu bar and then select Modem password & remote management from the left-hand column. 
    Budii settings 1
  5. Enter a new modem password that contains a mix of upper and lower case letters, and numbers. You must change your password even if it was not previously set to the default “admin”. 
    Budii settings 2
  6. Make sure that Remote Management is set to OFF or Disable
    Budii settings 3
  7. Before clicking the Save Settings button in the upper right-hand corner, write down your new modem login password and keep it somewhere safe for future reference.
  8. You may be required to log in to your modem again with your new password.
  9. Select Set up my Wireless from the top menu bar.
  10. For Primary SSID Security Options, make sure that WPA/WPA2-PSK and Passphrase (8~63 characters) are selected.
  11. Enter a new password for your wireless network in the Pre-shared key text box. It must be at least 8 characters long and should contain a mix of upper and lower case letters, and numbers. 
    Budii settings 4
  12. Select Save Settings to finish.