More on Voicemail Fraud

Following up on our last article about voicemail fraud, users should be aware that Bell Canada has taken the position that the onus is on the victim to pay fraudulent charges. This comes in the wake of several serious voicemail hacks, including one that cost one Oakville, Ontario-based company over $60,000. In this case, Bell detected the situation and cut off long distance access . . . then sent the company the bill. After some wrangling, Bell agreed to accept a smaller amount.

Believe it or not, this is not the worst instance of fraud. One Burlington, Ontario – based company got stuck with a phone bill of over $200,000 due to the same form of fraud. In this case, Bell agreed to accept about half of that amount as a “goodwill gesture.” However, Bell has made it clear that it considers these charges the responsibility of the account holder.

Bell’s position is that account holders are responsible for using the safeguards on voicemail systems to prevent criminals from illegally accessing them. Last month, the company took out ads in major Canadian newspapers detailing this position, and in situations where it’s compromised on bills the company has said lowered charges are a favour, not an obligation.

One thing that Bell is less than forthcoming about, however is who exactly is administering these apparently vulnerable voicemail systems – namely, Bell itself. Furthermore, which of these victims failed to follow Bell’s recommendations? Which ones didn’t – and if they didn’t, did they even know what they were supposed to do? Did Bell say anything to them about what they expected users to do in the way of security administration, or is this advice post-hoc lecturing?

The fact of the matter is that full security precautions are as onerous as the attached system makes them. While using hard to guess passwords is a no-brainer, why do Bell’s services include easily exploitable default settings? Can you really expect companies that don’t have a telecom or security focus to change their passwords every 90 days? If Bell is serious about fraud prevention, why don’t they make a system that pushes security update requests and adds at least one strong, default security process to go through before users get long distance access?

The idea that the user is responsible by default is convenient for providers, but practically speaking, most businesses aren’t filled with telecom security experts. They just want to use their services in a convenient, cost-effective fashion. We can’t comment on who’s legally bound to pay these fraudulent charges (that’s for the courts) but we can say that if you’re worried about these sorts of situations, the best option is to outsource your telecom customer service to experts who understand the providers’ policies and procedures, and can argue your case from an informed position. We’ve learned from experience in the telecom expense management field that needless charges often result from customers who just can’t afford to wait on the phone for provider support, and don’t have the time, knowledge and inclination to argue for the cost reduction they deserve.

Voicemail Security

For GILL Technologies, telecom expense management is a comprehensive service that includes telecom customer service. We pride ourselves on handling technical issues for you. That means we keep abreast of many different trends and issues, including security.

One issue that’s making the rounds right now concerns voicemail security. We’ve received several advisories about professional criminals hacking voicemail systems. Voicemail fraud is typically used to place long distance calls through a system, leaving the billing with you. In an email alert, Bell Canada characterizes this crime as a “global trend.” This is an accurate observation. Telecom-related crime often crosses international borders, making offenders difficult to catch, prosecute or recover damages from.

A voicemail fraudster usually calls a business after hours to get uninterrupted time on the line. The criminal then uses ether automated or manual techniques to steal your password. After getting access to the system, the fraudster uses it to place long distance calls on your bill. If the voicemail configuration allows it, the criminal will make several repeat visits, or even set things up to make it easier to get back in. In fact, your account information may make the rounds with the fraudster’s associates. Eventually, this activity will show up on your phone bill, but that still gives the crook up to a month to exploit your system. This can result in huge bills – and one thing Bell won’t tell you is that they’re not always willing to refund charges that are obviously fraudulent.

Fortunately, voicemail systems have several protections in place – but you have to know what they are, and use them properly. Here’s what security experts advise:

  • Don’t use the system’s default password or passwords that are easy to guess. Criminals have lists of these.
  • Demand passwords with a minimum of six (and preferably eight) digits.
  • Don’t base the password off of publicly accessible information, such as the phone number or extensions.
  • Change passwords every 90 days.
  • The prime target of fraudsters is the system’s through-dialing system, which allows remote long distance calls through the voicemail account. If you won’t use it, disable it. Otherwise, require password authentication for each and every session. Customer support should be able to guide you through the setup.
  • Use management and reporting tools to track the origins and details of every call. Voicemail systems will have these systems in place.
  • Remove unassigned mailboxes.
  • If you’re not sure how a feature works, consult customer service. Lack of knowledge is one of the most common causes of security programs.

The drawback to best practices in security is that they can be labor intensive. That’s why even though most of these tips are common sense, voicemail fraud will probably be around for a while. One advantage of our services is that we can manage this for you. Instead of wasting time on the phone with a provider you can make a quick call to one of our client care representatives. Our cost audits can also uncover suspicious activity and most importantly, serve as evidence when fraud sparks a billing dispute between your company and the carrier. Contact us to find out more.