- On December 22, 2016
Fraud telephone systems
A number of frauds have taken place these last couple of weeks involving telephone systems. As a system user, you are prone to this fraud and may well be targeted. It could cost your Organisation thousands of pounds in only a few days, so you need to take action as the frauds are very prevalent at the moment.
How the fraud works
A caller posing as a telephone engineer may ask you questions what seem quite innocent about the make of the system and the direct dial telephone numbers attached to it. If you have a voice mail system it is capable of answering an external call and forwarding that call to another number.
Fraudsters are manipulating this vulnerability by knowing that users often leave their voice mail box with the default password of 1234/0000. They obtain a direct dial number (or take one from literature and websites) dial it and receive a voicemail greeting, upon the greeting they dial the default password and if someone has left it in default they enter the programming of the mailbox and set the mailbox to forward the call to a premium rate number. They then send large numbers of calls to the premium rate number generating revenues for themselves. The fraudsters know direct dial numbers are given in numerical sequences and test everyone until they find one with a default password.
The action you need to take:
- You must make sure every voice mail box does not use the default password and get the users to change those passwords straight away.
- Leave instructions for all staff who answer the telephone not to give out information to any callers about the make and model of your telephone system.
- If you ever have a new phone or voice mailbox do not leave it in default password, but change it immediately. The fraudsters will ring all your direct dial numbers to find one mailbox left in default.
- If you forward calls to a mobile or another branch at night or at the weekend please contact us.
If you have any further questions, please send all questions to firstname.lastname@example.org with “ Fraud “ in the subject field, your email will then be answered by our Engineers who will send you a written reply and confirmation.