If you weren’t already burned out on news about security threats facing your business, the FCC’s recent warnings regarding an uptick in voicemail system hacking is another thing to add to your list.
What Is It?
Heads up — scammers are calling into voicemail systems looking for default passwords and easily guessed passwords like “1-2-3-4”. When the perpetrator finds a number they can get into, they log into change your voicemail to say something natural like, “Yes, yes, yes, operator, I will accept the charges.”
Since automated collect call operating systems are designed to recognize such phrases and keywords, the hacker is then able to place multiple collect calls to your phone number. The automated operator will hear your voicemail and the collect call will be connected to your phone line. They will then be able to use your connection over an extended period of time as they make other scam phone calls and international calls.
Another version of this scam is somewhat more elaborate and involves the perpetrator hacking a voicemail system with a call forwarding feature. They then program the system to forward calls to an international number and then proceed to make calls using your phone service.
Who Is Targeted?
Hackers perpetrating this scam typically target business’ voicemail systems, because they can get away with more shenanigans for longer before discovery, although some private numbers are also being targeted. Here is what you need to know to help protect yourself from such a scam:
- The hackers perpetrating these scams usually use weekends and holidays since they assume no one will be around to answer your business phone on such an occasion. They also take into account the fact that you’re unlikely to notice your outgoing message being changed.
- Hackers are usually based outside of the United States. Phone calls will be originating from and routing through multiple countries around the world.
You are most likely to be made aware of this issue by your phone company reporting unusual activity on your phone line — but without a representative noticing that, you may not find out until you get your phone bill at the end of your statement period.
How To Avoid This Mess
If explaining to your CFO why $40,000 in calls were placed to Belarus this month, here are the tips you need to follow:
- Do not allow users to keep your system’s default password. It’s a little bit embarrassing for our entire industry how often this happens.
- Require more complex passwords, with at least six digits.
- Change your passwords on a routine basis.
- Do not use addresses, birthdays, phone numbers, or any other obvious password choice.
- Do not repeat numbers.
- Check into your voicemail system periodically to ensure your outgoing message hasn’t been altered.
- Consider blocking calls from international numbers, or locking down lines that shouldn’t ever need to use them.
- If you don’t use these features, make sure to disable call-forwarding, auto-attendant, out-paging, and remote notifications so they cannot be abused by unauthorized bad guys.
Lastly, you can reach out to your voice service provider and ask them directly about additional steps you can take to keep your voicemail system safe and secure. In the event your voicemail system is hacked, you should call your provider immediately to work out a solution and have your passwords altered, and to get a sense for what has been accessed and if any calling or costs have been incurred.
YellowFiber is the best voice service provider in the United States. Give us a call about hosted voice, SIP, SD-WAN and all your voice and data needs.