Skip to main content

Even voicemail is susceptible to fraud



In a world of increasing exposure to online security threats, it’s nice to be able to rely on voicemail for risk-free communication. The problem is, you can’t. Your voicemail system can easily be hacked if you don’t take some precautions.

Passwords as passports

In the most common scheme, hackers figure out the passwords for voicemail boxes. Most frequently, they call numbers until they’re transferred to voicemail, and then try different combinations of numbers until they find the password. Once they’re in a voicemail box, they change the greeting to authorize collect or third-party calls.

In some cases, hackers use voicemail to enable lengthy, international conference calls. In others, they distribute the compromised phone numbers to friends and relatives overseas. These individuals can then call the United States, asking that the calls be billed to their “home” numbers. Because such calls are typically placed at times when voicemail is likely to pick up, such as weekends and holidays, the voicemail greeting authorizes the calls and the business is left holding the bill. Phone companies may or may not waive such charges.

Unauthorized calls aren’t the only way that hackers can exploit voicemail. Anyone who gains access to passwords can use them to listen to messages. Thus, hackers can get unlimited access to confidential business information — or employees may even use passwords to monitor their bosses’ messages.

Prevention is essential

Simple precautions can prevent these fraudulent activities. The easiest is to make sure everyone in your company creates a unique password. Fraud perpetrators know that many people either don’t bother to change the default “1234” password or simply use their extension numbers as their passwords.

Changing passwords regularly, just as with computer network logons, is another way to discourage voicemail fraud. Even better, encourage your employees to use six-digit — instead of the more common four-digit — passwords. Hackers would have to try 100,000 combinations to hit on the right one. It’s much easier for them to find default passwords somewhere else.

Another prevention method is to ask employees to routinely check their greetings. Your business may also want to disable international calls, auto-attendant features, call-forwarding and out-paging capabilities.

Endlessly inventive

Fraud perpetrators are endlessly inventive when it comes to scamming individuals and businesses. Contact us for more information on common fraud schemes and how to prevent them.

 Please contact us for additional information

© 2018

Popular posts from this blog

DOL Form T-1

Update: The OLMS will not seek to enforce the filing of the Form T-1 for one year from the original due date. Office of Labor-Management Standards (OLMS) published a final rule on May 30, 2019 establishing a Form T–1 Trust Annual Report which requires annual reporting by Form LM-2 filing labor organizations on financial information pertinent to “trusts in which a labor organization is interested”. On March 29, 2021, the Office of Labor-Management Standards (OLMS) released News 01-2021 – Notice of a non-enforcement policy in connection with an intended rulemaking to rescind the Form T-1 Trust Annual Report. Follow this link for our client bulletin: Non-enforcement Policy Bulletin Please contact us for additional information
Read more

IRS Announces New Pilot “Pre-Audit” Compliance Program for Retirement Plans

  On June 3, 2022, the IRS announced a new pilot pre-examination compliance program for retirement plans beginning in June 2022.   Under the new program, the IRS will send letters to plans advising them that they have been selected for an examination and will have a 90-day window to self-review the plan’s documentation and operation to determine if they meet current tax law requirements. If the plan does not respond within 90-days, the IRS will audit the plan. If self-review reveals non-compliance, the plans will be able to self-correct the mistakes using the correction principles in the IRS voluntary compliance program (EPCRS).    EPCRS’s self-correction program will be available. If a mistake cannot be self-corrected, an IRS closing agreement under EPCRS will be available based on the voluntary compliance program (VCP) fees rather than the normal closing agreement fees. If the plan does respond within 90 days, the IRS will review the submitted documentation, determine whether it
Read more