Just when I thought I’ve heard it all, something comes along that makes me realize that new scams are born every day. In January, several Northeast Wisconsin companies were victimized by a “phone hacking scam.” Never heard of it? Me either. So, off I went to the Federal Communications Commission’s website to find out more. And, what I learned was an earful (no pun intended).
According to the FCC, a phone hacking scam is a form of fraud that occurs when hackers break into a company’s voice mail system and rig it to either accept collect calls or place outgoing calls to international phone numbers – usually ringing up thousands of dollars on the business’s phone bill before they’re stopped.
Here’s how it works: A hacker calls into a company’s voice mail system and searches for voice mailboxes that still have the default passwords active – or have easily-guessed combinations, like 1-2-3-4. Once he’s “in”, the hacker will change the voice mailbox’s outgoing greeting to “Yes, operator. I will accept the charges.”
Next, he’ll make a collect call to the number he’s just hacked. When the automated operator “hears” the voice on the other end of the phone say, “Yes, operator, I will accept the charges,” the call is connected. The hacker then uses this connection for long periods of time to make other international calls. According to the FCC, this type of fraud usually happens during holiday periods or weekends, when callers will not be calling; thus, the changing of the outgoing message goes unnoticed.
Phone systems that allow users to forward calls or messages to another phone number are also vulnerable because the hacker programs the phone to forward calls to an international number. Then, Mr. Hacker is able to call all of his scammer friends in other countries on someone else’s dime.
Here’s how to protect your company’s phone system:
- First, change default passwords as soon as possible, and replace them with strong passwords. Try something more clever than 1-2-3-4 or using your extension number as your password. Trust me, it isn’t fooling anyone.
- Turn off any unused or unmonitored extensions or phone numbers, and check your outgoing message regularly to ensure that it’s really your message.
- Next, contact your phone provider and ask them to restrict international calls, calls to premium phone numbers, collect calls and calls made outside of normal business hours. Also consider disabling features like call forwarding, if they’re not being used.
- Lastly, ask your provider if it has any more advice on how to make your phone system more secure. In the case of the local companies who lost money, it was their phone provider who called them to let them know of the suspicious activity.
Written By: Susan Bach, NE Regional Director at the BBB Serving Wisconsin