Several cases of fraud with respect to business voicemail equipment have happened. These cases involve experienced criminals that illegally gain access to company voicemail systems and then place long distance calls from within those systems.

This is part of an illegal global trend
Many businesses and phone companies around the world have recently fallen victim to this fraud. Fraudsters most often call a business after hours, and then employ a variety of manual and automated techniques to try and guess at the passwords used to protect access to voicemail equipment. If these passwords have not been changed from their default settings, or if passwords are used that are easy to guess at (such as 1234 or 1111), it is fairly easy for these criminals to gain access to voicemail equipment. Once inside, long-distance calls are initiated, resulting in unexpected charges.

Take steps to protect yourself
Today’s sophisticated voicemail system comes with safeguards to prevent this kind of exploitation. However, like locks on your car or on your house, they have to be used properly in order to be effective. Here is what you can do to increase protection for your business:

  • Ensure that your employees change the manufacturers’ default password immediately upon being assigned a voicemail box, and that they are reminded to change the password frequently thereafter.
  • Program your voice mail system to require passwords with a minimum of 6 characters (8 is preferred – the more complex the password, the more difficult it is to guess).
  • Train your employees not to use easilyguessed passwords such as their phone numbers, the number of their phone extension, or very simple number combinations.
  • When assigning a phone to a new employee, never make the temporary password the employee’s telephone number.
  • Program your voice mail system to force users to change their password at least every 90 days.
  • There is a feature called “throughdialing” that allows you to make long distance calls from within your mailbox when you are at an offsite location. Validate if the through-dialing feature is needed, and if not ask your equipment support provider to disable it.
  • If you decide to keep through-dialing enabled, then it is important that you generate and monitor through-dialing reports to ensure your mailboxes are not being abused. Remove all unassigned mailboxes.

While these precautions are of a general nature, and might not protect every aspect of an individual telephone system, they will go a long way to reducing your vulnerability to this type of fraud. We encourage you to contact your equipment support provider to discuss your particular configuration in greater detail. Remember that you are responsible for paying for all calls originating from, and charged calls accepted at, your telephone, regardless of who made or accepted them.

If you have general questions about voicemail equipment protection contact your equipment support provider.