The average cost to a victim of a UK phreaking attack is currently estimated at £10,000 and according to the CFCA the UK is now one of the world's worst PBX hacking areas (CFCA Oct 2011). It is becoming common for these attacks to take place by gaining access to the telephone system via voicemail.
Here is how the latest fraudulent attacks have been carried out.
- A hacker calls companies at random and leaves a voicemail with a fake telephone number
- They then phone back to see if they can guess the voicemail password
- They then see if they can use a call back feature to make the phone system ring the number they left in the previous message
- If they succeed they can call your voicemail for a local charge and use the call back feature to connect them to more expensive numbers – and you will pay for the call.
The costs to small and medium sized businesses can be damaging but there is a series of measures you can put in place to help prevent this phone fraud from happening.
Voicemail protection checklist
- Always change the default password supplied
- Always delete messages after listening to them as deleted messages can't be hacked
- Change your voicemail PIN regularly and don't use obvious numbers such as birthdays, repetitive numbers such as 0000, or common simple combinations such as 1234
- Make your voicemail PIN as long as your system will allow (at least 6-8 digits)
- If you have a PIN for remote access to your voicemail make it as long as possible
- If you don't need to make international calls, or call premium rate numbers, then ask to have these numbers barred
- You could consider disabling call back functions if you don't use it regularly
- Check your voicemail message to make sure it is still yours!
- Also any Hunt Group voicemail boxes will need to be checked to see if they have similar PINs or call back access features
We recommend that every employee change their voicemail PIN from the default. We also recommend that you review your policy on how regularly your employees change their voicemail PIN.
For advice on protecting your phone system, email [email protected] or use our live chat feature.