View Single Post
  #3  
Old 26-12-2013, 10:50 PM
acropolite's Avatar
acropolite (Phil)
Registered User

acropolite is offline
 
Join Date: Feb 2005
Location: Launceston Tasmania
Posts: 9,021
Speaking of phone scams, here's a real one, Voicemail hacking.

Most modern phone systems have inbuilt voicemail, criminals are exploiting vulnerabilities in voicemail systems and on selling the call capabilities to others.

It works like this; either a users mailbox, a common mailbox or Automated attendant is set to dial the access digit for an outgoing line, usually 0, most voicemails have this capability as well as the ability to remotely customise. The fraudulent user then rings the users number and immediately gets another dial tone allowing them to dial again. If, for example, a system is hacked in Sydney, a local caller or callers can use this system to call overseas, in some cases racking up thousands of dollars in call charges over a weekend.

Usually the hackers will do a trial run, setting up the hack, testing, then dismantling the hack in wait for a weekend or holiday break where the system will be hammered. It may be days weeks or even months after the system is compromised before the "sting".

We have had two of our customers hacked, in the first instance the hackers customised the Automated Attendant menu, adding a hidden option to call forward to an external line, over one weekend the customer had fraudulent calls in excess of $600 to middle eastern destinations.

In the second instance, hackers got in to a voice mailbox and set a call forward, made a couple of what can only be assumed to be test calls to the UK, then dismantled the hack, leaving no "fingerprints" most likely to return the following weekend re-establish the hack and hammer the system.

In both cases Telstra advised the customer that unusual call patterns had happened, thankfully they must have some form of alert system in place for calls outside of usual operating hours and destinations.

If your workplace phone has voicemail, make sure that you don't use simplistic passwords, if possible get your maintainers to load the latest software on the system and program any security measures that can prevent hacking from occurring.
Reply With Quote