Easter is the second most popular time for hackers to attack Business telephone systems. Why is this? They look for the times of the year that Offices are left unattended for the maximum length of time. What is their aim? It is to take control of telephone systems forcing them to dial premium rate numbers that they own and thus earn the maximum revenue.
When a Business purchases a new telephone system it is often from a major player like Cisco. The telephone system will be installed by a reputable telephone installer and Voicemail will be setup as this is a key feature of a telephone system. By default the password to access a Voice mailbox is 1234 and the Business owner as well as all the staff will be advised to change the password. Many do not as 1234 is easy to remember and after all their Voice mailbox doesn't hold any secrets does it?
In a modern day Business where staff work from home or they are out on the road they have a requirement to be able to access their Voicemail when they are not on the premises. Typically this involves dialling their own direct dial number, entering a key sequence and then entering the password for their Voicemail. Over time their direct dial number appears on Business cards, Company websites and at the bottom of e-mails and eventually the number falls into the wrong hands.
So how do criminals break in and rack up phone bills that can exceed £70,000 over 4 days? They ring the direct dial number, enter the key sequence and then try the default password 1234. If they get into Voicemail they can then take control of the telephone and get it to call their premium rate number. If it is a big Business with 100 or more phones they will try all the direct dial numbers as the phone number sequence is usually sequential and if nobody has changed their password they will access all of them and get them all ringing their premium number if there are enough outgoing lines available at the Business.
If you think this is unlikely I have personally been involved in three instances of this during my time providing support for Businesses. Telephone companies do actively look for instances of this happening over long Bank Holidays and sometimes get in contact with you before your return to save the bill from getting too large. Will you get your money back? Sometimes telephone companies help out but you never get all of it back. How do you protect yourself against this? It's easy - when your telephone installer tells you and your staff to change your Voicemail password please take it seriously and ensure it is done.
