If you don't change the default password on your voice mailbox, you, or your company, could be in for a big ? and expensive ? surprise. The Federal Communications Commission (FCC) has become aware of a form of fraud that allows hackers to use a consumer's or business's voice mail system and the default password to accept collect calls without the knowledge or permission of the consumer.
The Scam Works Like This:
A hacker calls into a voice mail system and searches for voice mailboxes that still have the default passwords active or have passwords with easily-guessed combinations, like 1-2-3-4. (Hackers know common default passwords and are able to try out the common ones until they can break into the phone system.) The hacker then uses the password to access the phone system and to make international calls.
The hacker does this by first changing the voice mailbox's outgoing greeting to something like ?Yes, yes, yes, yes, yes, operator, I will accept the charges.? Then, the hacker places a collect call to the number they've just hacked. When the (automated) operator (which is usually programmed to ?listen for? key words and phrases like ?yes? or ?I will accept the charges?) hears the outgoing ?yes, yes, yes, yes, yes, operator, I will accept the charges? message, the collect call is connected. The hacker then uses this connection for long periods of time to make other international calls.
There is also another twist to this scam. A hacker breaks into voice mailboxes that have remote notification systems that forward calls or messages to the mailbox owner. The hacker programs the remote notification service to forward to an international number. The hacker is then able to make international calls.
What to Beware of:
Hackers usually break into voice mail systems during holiday periods or weekends, when callers will not be calling; thus, the changing of the outgoing message goes unnoticed.
Hackers are typically based internationally, with calls frequently originating in and/or routed through the Philippines or Saudi Arabia.
Businesses that are victimized usually find out about the hacking when their phone company calls to report unusual activity or exceptionally high phone bills. (The fraud usually occurs on business voice mailbox systems, but consumers with residential voice mail could also become targets.)
Consumers who are victimized may find out about the hacking when they receive unusually high phone bills.
What You Should Do to Prevent This Risk:
To avoid falling prey to this scam, the FCC recommends voice mail users do the following:
The FCC advises consumers to consult with their voice mail service provider for additional precautions they can take to assure the security of their voice mail systems.
If you believe your system has been hacked, call the phone company and report the incident to the police.
Filing a Complaint with the FCC:
Consumers who become victims of this scam are encouraged to file a written informal complaint with the FCC. There is no charge for this.
Your complaint letter should include your name, address, telephone number or numbers involved with your complaint, a telephone number where you can be reached during the business day, and the name of your long distance carrier. Your complaint letter should provide as much specific information as possible, such as:
You should mail your complaint to:
Federal Communications Commission
Consumer & Governmental Affairs Bureau
Consumer Inquiries and Complaints Division
445 12th Street, SW
Washington, DC 20554