More on Voicemail Fraud

Following up on our last article about voicemail fraud, users should be aware that Bell Canada has taken the position that the onus is on the victim to pay fraudulent charges. This comes in the wake of several serious voicemail hacks, including one that cost one Oakville, Ontario-based company over $60,000. In this case, Bell detected the situation and cut off long distance access . . . then sent the company the bill. After some wrangling, Bell agreed to accept a smaller amount.

Believe it or not, this is not the worst instance of fraud. One Burlington, Ontario – based company got stuck with a phone bill of over $200,000 due to the same form of fraud. In this case, Bell agreed to accept about half of that amount as a “goodwill gesture.” However, Bell has made it clear that it considers these charges the responsibility of the account holder.

Bell’s position is that account holders are responsible for using the safeguards on voicemail systems to prevent criminals from illegally accessing them. Last month, the company took out ads in major Canadian newspapers detailing this position, and in situations where it’s compromised on bills the company has said lowered charges are a favour, not an obligation.

One thing that Bell is less than forthcoming about, however is who exactly is administering these apparently vulnerable voicemail systems – namely, Bell itself. Furthermore, which of these victims failed to follow Bell’s recommendations? Which ones didn’t – and if they didn’t, did they even know what they were supposed to do? Did Bell say anything to them about what they expected users to do in the way of security administration, or is this advice post-hoc lecturing?

The fact of the matter is that full security precautions are as onerous as the attached system makes them. While using hard to guess passwords is a no-brainer, why do Bell’s services include easily exploitable default settings? Can you really expect companies that don’t have a telecom or security focus to change their passwords every 90 days? If Bell is serious about fraud prevention, why don’t they make a system that pushes security update requests and adds at least one strong, default security process to go through before users get long distance access?

The idea that the user is responsible by default is convenient for providers, but practically speaking, most businesses aren’t filled with telecom security experts. They just want to use their services in a convenient, cost-effective fashion. We can’t comment on who’s legally bound to pay these fraudulent charges (that’s for the courts) but we can say that if you’re worried about these sorts of situations, the best option is to outsource your telecom customer service to experts who understand the providers’ policies and procedures, and can argue your case from an informed position. We’ve learned from experience in the telecom expense management field that needless charges often result from customers who just can’t afford to wait on the phone for provider support, and don’t have the time, knowledge and inclination to argue for the cost reduction they deserve.


  1. The issue must be made public that these same Bell lines can be hacked into in the telephone closet of multi unit buildings, at the demarcation point in the customer’s building (which would be where Bells lines come into the building)and even on the street in that nice grey Bell box that does NOT have a lock on it. Bell is not making their own infrastructure secure – so why should the customer be held liable when there is no way to prove where the fraud took place – on the customer’s property or in the Bell box?

  2. Well in this case, the fraud was probably initiated by remote dialing. It is true that Bell has a basic duty to keep a secure infrastructure, especially given their power as an upstream provider in Canada. If they don’t have their direct business in order, what does that say about what they lease to other providers?

    Ultimately though, it’s not as if Bell can’t track unusual usage patterns. If a line that is usually used for local and infrequent long distance suddenly racks up thousands of dollars in charges for activity in, say, Africa, what do they think is going on, really? Our analysis department can pick out these extreme changes in usage. Assuming Bell can, perhaps they should be issuing proactive alerts.

  3. At last an outstanding writing about the subject, keep up the good work also I wish to learn a lot more of your stuff in the time to come.