As our dependence on technology grows, cyber risk is becoming an ever-increasing anxiety for businesses. There are thousands of ways that bad people can breach, hack and attack business technology systems, exploiting technological weakness to commit fraudulent and malicious activity. Phone systems are no exception and they have one particular area that is notoriously vulnerable to hackers – your voicemail platform. Voicemail system hacking can lead to significant financial impact for a business; however, with some proactive measures, you can take steps to defend your voicemail system security.
What is Voicemail Hacking?
Most voicemail systems are set up to provide remote access to users who wish to check their voicemail messages or change their greeting, usually by calling their own phone number and typing a password when they reach their voicemail. A hacker can exploit this by calling a business with the intent of reaching voicemail boxes and then guessing at voicemail passwords to gain unauthorized access the system. They hope to find voicemail boxes that still have their default password or common combinations such as repeating or ordered numbers, dates, or street addresses.
Once a hacker has breached the voicemail system, they can leave a new outgoing voicemail greeting with the intent of fooling automated collect calling services (for example, “Yes operator, I will accept the charges”). The hacker then places a collect call to the number and when the operator hears the new message, it will connect the call and provide the hacker with the ability to place expensive international calls on the hacked business’ dime.
Precautions to Keep Your Voicemail System Secure
The following proactive precautions can help you avoid the pain of a voicemail system hack:
- Always, always, always change the default passwords with which your phones are initially set-up.
- When choosing new passwords, require a voicemail password of at least 6 random digits. It is crucial to avoid common or obvious patterns, such as repeating (e.g. 1111) or ordered (e.g. 1234) numbers or years or addresses.
- Have employees change their voicemail passwords on a regular basis. Organize scheduled password change dates for the company if you need to.
- Have employees check recorded their greeting on a regular basis, especially after holidays, to ensure it has not been tampered with. It is common for this type of hack to happen on weekends or holidays, when the hacker can be more certain to reach voicemail boxes and will have a longer period of time before a changed voicemail message is noticed.
- If your business does not need to place calls internationally, consider disabling international calling capability entirely. If you do need the ability to make international calls, we strongly recommend the use of authorization codes as an extra protective measure – which entails six extra digits dialed at the time of your call.
Need Guidance on VoIP Phone Systems?
Allied is here to be your trusted technology advisor. To lessen the potential for risk to our voice clients, Allied uses a system developed to detect potential fraudulent activity; in the event suspicious activity is detected, our 24/7 support operation is notified, allowing us to disable international calling until we can verify the legitimacy of calls. Reach out to us if you have questions or interest in a VoIP phone system for your business. Happy National Cybersecurity Awareness Month!