|
|
|
|
|
|
|
Last update: 12/13/2005 |
|
 |
||||
 |
  
|
 |
||||
|
|
The "Yes Scam"
Most businesses have a voice mail system as part of their telephone system. Although very convenient for communicating with your customers, suppliers and fellow employees, if not managed properly it can also cost you money - as in thousands of dollars in as little as a single weekend.
Here is how this scam works. A hacker dials into your system via any number that can reach your voice mail system. What they are looking for is a mailbox that has a default password or a mailbox that is easily guessed, such as 1234. Once they have access to a mailbox, the greeting is changed. It is usually rerecorded in a manner that tries to sound like someone actually answering the phone.
A normal script will look something like this: "Hello?" pause "yes" pause "yes, I'll accept the charges."
or even something simpler like "yes, yes, yes, yes, yes, yes..."
Once this greeting is set up, the hacker will provide the information on the newly hacked mailbox along with it's telephone number to others. This information is either sold or given away. But either way this information will spread quickly.
At this point the thief calls a service such as AT&T and ask to have their call billed to the number of the hacked mailbox. When the carrier's computer calls to verify that the third party is willing to accept the charges for a third party call, the computer hears "Hello?" pause "yes" pause "yes, I'll accept the charges" and the call goes through.
A Creative hacker can sometimes make it sound like a real person has answered by making it sound like you were put on hold for a moment and then getting back to the operator.
This toll fraud scam can cost you thousands of dollars over a single weekend. You may think that you are not responsible for the cost of this fraud since you did not authorize any third party calling. However, some carriers have taken the position that the business is responsible for protecting their equipment from hacking and intrusion. This position leaves you responsible for the entire cost of the fraud.
How to Protect Your Business
The number one thing you can do to protect yourself against this scam is to insist that no voice mail user has a password that is trivial or easy to hack. Example of these are: 1111, 1234, 0000, ect.
Every password should be at least 5 digits in length and never have repeating or consecutive numbers.
The second thing you can do is to ask your local carrier to block third party call billing to any of your numbers. This is not available in all areas of the country so you will need to verify with them.
Delete any unused mailboxes. Be sure that you know if you have any that are not in use or not. If you need help with this, you should contact your voice mail vendor for assistance. Some voice mail systems such as the Mitel NuPoint can actually provide a report that will show if a mailbox has ever had it's password changed.
And finally, educate your users. Not just once, but at least once a year. Be sure that they tell you if they suspect anything suspicious with their voice mail box.
|
|||||
|
 |
Copyright © 2003 Long Distance Facts |
 |
|||
    |
