If you don’t change the default password on your voice
mailbox, you, or your company, could be in for a big – and expensive –
surprise. The Federal Communications Commission (FCC) has become aware of a
form of fraud that allows hackers to use a consumer’s or business’s voice mail
system and the default password to accept collect calls without the knowledge
or permission of the consumer.
The Scam Works Like This:
A hacker calls into a voice mail system and searches for
voice mailboxes that still have the default passwords active or have passwords
with easily-guessed combinations, like 1-2-3-4. (Hackers know common default
passwords and are able to try out the common ones until they can break into
the phone system.) The hacker then uses the password to access the phone
system and to make international calls.
The hacker does this by first changing the voice
mailbox’s outgoing greeting to something like “Yes, yes, yes, yes, yes,
operator, I will accept the charges.” Then, the hacker places a collect call
to the number they’ve just hacked. When the (automated) operator (which is
usually programmed to “listen for” key words and phrases like “yes” or “I will
accept the charges”) hears the outgoing “yes, yes, yes, yes, yes, operator, I
will accept the charges” message, the collect call is connected. The hacker
then uses this connection for long periods of time to make other international
calls.
There is also another twist to this scam. A hacker breaks
into voice mailboxes that have remote notification systems that forward calls
or messages to the mailbox owner. The hacker programs the remote notification
service to forward to an international number. The hacker is then able to make
international calls.
What to Beware of:
-
Hackers usually break into voice mail systems during
holiday periods or weekends, when callers will not be calling; thus, the
changing of the outgoing message goes unnoticed.
-
Hackers are typically based internationally, with calls
frequently originating in and/or routed through the Philippines or Saudi
Arabia.
-
Business that are victimized usually find out about the
hacking when their phone company calls to report unusual activity or
exceptionally high phone bills. (The fraud usually occurs on business voice
mailbox systems, but consumers with residential voice mail could also become
targets.)
-
Consumers who are victimized may find out about the
hacking when they receive unusually high phone bills.
What You Should Do to Prevent This Risk:
To avoid falling prey to this scam, the FCC recommends
voice mail users do the following:
-
always change the default password from the one
provided by the voice mail vendor;
-
choose a complex voice mail password of at least six
digits, making it more difficult for a hacker to detect;
-
change your voice mail password frequently;
-
don’t use obvious passwords such as an address, birth
date, phone number, or repeating or successive numbers, i.e. 000000,
123456;
-
check your recorded announcement regularly to ensure
the greeting is indeed yours. Hackers tend to attack voice mailboxes at the
start of weekends or holidays;
-
consider blocking international calls, if possible; and
-
consider disabling the remote notification,
auto-attendant, call-forwarding, and out-paging capabilities of voice mail
if these features are not used.
The FCC advises consumers to consult with their voice
mail service provider for additional precautions they can take to assure the
security of their voice mail systems. If you believe your system has been
hacked, call your phone company and report the incident to the police.
Filing a Complaint with the FCC
Consumers who become victims of this scam can file a
complaint with the FCC. There is no charge for filing a complaint. You can
file your complaint using an on-line complaint form found at
esupport.fcc.gov/complaints.htm. You can also file your complaint with
the FCC’s Consumer Center by e-mailing
fccinfo@fcc.gov; calling 1-888-CALL-FCC
(1-888-225-5322) voice or 1-888-TELL-FCC (1-888-835-5322) TTY; faxing
1-866-418-0232; or writing to:
Federal Communications Commission
Consumer & Governmental Affairs Bureau
Consumer Inquiries and Complaints Division
445 12th Street, SW
Washington, D.C. 20554.
What to Include in Your Complaint
The best way to provide all the information the FCC needs
to process your complaint is to complete fully the on-line complaint form.
When you open the on-line complaint form, you will be asked a series of
questions that will take you to the particular section of the form you need
to complete. If you do not use the on-line complaint form, your complaint,
at a minimum, should indicate:
-
your name, address, e-mail address, and phone number
where you can be reached;
-
the telephone and account numbers that are the subject
of your complaint;
-
the names and phone numbers of any companies involved
with your complaint;
-
the amount of any disputed charges, whether you paid
them, whether you received a refund or adjustment to your bill, the amount
of any adjustment or refund you have received, an explanation if the
disputed charges are related to services in addition to residence or
business telephone services; and
-
the details of your complaint and any additional
relevant information.
For More Information
For information about other telecommunications issues,
visit the FCC’s Consumer & Governmental Affairs Bureau Web site at
www.fcc.gov/cgb, or contact the FCC’s Consumer Center
using the information provided for filing a complaint.
|
Federal Communications Commission · Consumer
& Governmental Affairs Bureau · 445 12th St. S.W. ·
Washington, DC 20554 |
1-888-CALL-FCC (1-888-225-5322) ·
TTY: 1-888-TELL-FCC (1-888-835-5322) · Fax: 1-866-418-0232 · www.fcc.gov/cgb/
|
|