Back to BasicsNewsVoIP
How To Prevent Auto-Attendant Fraud

If you don’t change default passwords on your voicemail accounts, you or your company could be in for an expensive surprise. There are hackers who know how to compromise voicemail systems to accept and make international collect calls without your knowledge or permission.

To keep your business safe from such a scam, we’ve compiled some valuable information about how this scam works and how to minimize your risk.

How Hackers Commit Auto-Attendant Fraud

A hacker calls into a voicemail system searching for mailboxes that still have the default passwords active or have passwords with easily-guessed combinations, such as “1-2-3-4.”  After finding such a number, the perpetrator changes the outgoing greeting to something like, “Yes, yes, yes, yes, yes, operator, I will accept the charges.”

Since automated collect call operating systems are programmed to listen for such key words and phrases, the hacker is then able to place a collect call to another number. When the operator hears the outgoing message, the collect call is connected. The hacker can then use the connection for long periods of time to make other international calls.

In another version of this scam, a hacker breaks into a voicemail system’s call forwarding feature, programs the system to forward calls to an international number, then uses it to make calls. Hackers typically target business voicemail systems, but consumers with residential voicemail should also beware.

Important facts you should know

  • Hackers usually break into business voicemail systems during holiday periods or weekends, when changes to outgoing messages are less likely to be noticed.
  • Hackers are typically based internationally, with calls originating in and routing through many countries around the world.
  • Business victims usually find out they’ve been hacked when their phone company reports unusual activity, but residential victims may not find out until they receive unusually high phone bills.

Tips to minimize your risk

  • Always change default passwords for all voicemail boxes. Follow your I.T. department’s best practices.
  • Choose a complex voicemail password of at least six digits.
  • Don’t use obvious passwords such as an address, birth date, phone number, repeating numbers, such as 000000, or successive numbers, such as 123456.
  • Check your recorded announcement regularly to ensure the greeting is indeed yours and has not been changed.
  • Consider blocking international calls.
  • Disable remote notification, auto-attendant, call-forwarding and out-paging features if you don’t use them.
  • Call our technical support team at (469) 429-2500 or simply dial 4357 (HELP) on your desk phone.

If you think you’ve been hacked, report the incident to both your phone service provider and your local authorities.