£16 million reported in financial loss to businesses through phone mailbox hacking.

During the past few months, several of our customers have become victims of voicemail hacking.

With telephone systems evolving and voicemail options becoming more advanced, such as mailbox forwarding and remote management, they are now potentially more susceptible to outside attack.

We would like to make our customers aware of a scam called “voicemail hacking”. This is not the type of hack that you will have heard about in the news regarding celebrities. This attack is aimed at business phone systems and their associated voicemail boxes.

Voicemail hacking has cost UK businesses and schools over £16 million in unauthorised calls during the past year, with some facing bills of over £30,000.



The scam

Hackers use widely available software that targets an organisation’s phone system, attacking voicemail boxes, attempting to crack the passcode.

By default, most modern phone systems allow users to dial into their voicemail remotely and then make calls out from the telephone exchange. This is designed to allow employees to make calls when they are out of the office, but it also allows hackers to exploit the system for financial gain.

Once the hacker has gained access to the mailbox, normally via a weak password, they can then potentially force the phone to dial an international premium rate number. This number is operated by the thieves and they receive up to £10.00 a call.
Most companies will contractually be obliged to pay the bill, unless you can prove that the phone company did not advise you correctly when the system was installed (disable feature or change default passwords).

What to do

Here are our top tips to reduce the risk of voicemail hacking:

  • Decide if your company needs the ability to dial out from a mailbox. If not, ask your phone system provider to disable it.
  • Ensure ALL users change the default mailbox password (normally 0000 or 1234).
  • Ensure all passwords use 6-digits where possible and don’t use consecutive numbers or variations of your telephone or extension number.
  • Ask your provider to bar calls to premium or international numbers if viable.
  • Check the voicemail greeting is your own – a changed message can be a sign of attempted voicemail hack. (Hackers tend to attack voice mailboxes at the start of weekends or holidays).
  • Ask your phone system/lines provider if they have an alerts system which they can sign you up to, so that you are notified of abnormal activity.

If you have any questions regarding the above please do not hesitate to get in touch.

Comments are closed.