Hackers are always going to be a threat to anything that is connected to the outside world. That includes computers, cell phones, and phone systems. Even if your phone system isn’t connected to the Internet, it doesn’t mean that it’s not vulnerable to bad people wanting to do bad things. We have had a few clients (ones that we didn’t install originally) over the years call us in a panic that their long distance provider was telling them they were hacked. When it happens the long distance and international bills can add up to thousands of dollars overnight. Most telecom carrier contracts put you liable for these fraudlent calls!
Basically what hackers will do is guess one of your voice mailbox and password combinations and then setup some type of forwarding. Then when they call into your system (usually overnight and on weekends when it won’t be noticed as quickly) they dial an extension which transfers them to a 2nd outside line, and then gives them a dial tone. Once they have dial tone they can dial anything you can dial from your desk. Nowadays most carriers block 900 and 976 numbers, but most still allow international calling. Depending on the country dialed, the charges could be over a dollar a minute. Once the hacker has got your system in their control, they will sell your info on the black market and your system will make calls all over the world.
There are easy ways to protect yourself.
First, if you don’t need to make international calls have your long distance carrier set international calls to be blocked completely or at least require a PIN number.
Second, would be to make sure the administrative mailbox passwords (0 out mailbox, system greeting mailbox, etc) is not using a default password or one that is simple like 1234 or 0000.
Third would be to require your employees to change their passwords on a regular basis. Some phone systems can be set to force the changes on a calendar setting.
Fourth, have your phone system programmer lock down the voicemail system to not be able to make long distance or international calls. This feature is usually referred to as “destination restriction” or “class of restriction.” Wireline came up with this solution close to 10 years ago and it always surprises me when I look through a system programmed by another company when it doesn’t have this simple safety feature in place.
Unfortunately without extensive technical knowledge of your system, it’s not easy to test if your system is vulnerable. A quick service call now can save you thousands of dollars in money and in time.
Brad “the phone guy” Carr