We’ve heard the hacking stories…phishing, ransomware, denial of service…but did you know that your company’s SV9100 voicemail system can be manipulated for nefarious gain as well?
The real-life scenario goes like this: Hacker calls into your company. No answer, and the call goes to voicemail. The caller presses a few keys, and discover the employee did not protect the voicemail box with a password. That caller (now an intruder) is able to set a code for access. They call back in, and are able to make unlimited international phone calls from that phone line. When the next phone bill arrives, there are thousands of dollars of international phone call charges. Guess who is responsible to pay?
The communications service team at ClearPath Connections has seen several instances of this in the past month, even though this scam has been around for years. Although no system is immune, we will take a closer look at Inmail …the most common software used with the NEC9100 system that we most commonly install and service.
STEP 1: PREVENTION
–Passcodes! Yes, we all have password fatigue. But is the risk worth the time it takes to enter 5 digits?
–Firewall! You wouldn’t close your garage door at night while leaving your car on the street, would you?! Have the proper level of security, and put your phone system behind it.
– Consider restricting or removing international calling. Easier said if your company isn’t global in scope…but just like restricting web access to certain sites, it is sometimes necessary.
– Utilize your toll-restricting capabilities. Are you aware that you can set limitations (or remove entirely) the ability to dial out from the voicemail system? You can restrict these expensive calls (remember, from voicemail only) to normal work hours.
– Restrict the hours and days of the week that international calling is allowed.
STEP 2: MONITOR and IDENTIFY HACKING
– Frequently review your calling records, and flag any international calls that don’t look right. Immediately call your carrier for details on any suspicious calls.
– Verify the source: never take phone programming instructions from someone you don’t know.
STEP 3: THE FIX
– Unfortunately, once the calls have been made, there is no easy way to go back in time. Work with your carrier to initiate a fraud complaint.
– Require each voicemail user to set a new passcode. If you send a company-wide email, include a link to simple instructions online from a reputable source…ideally, NEC or your supplier.
– Immediately initiate as many prevention tactics as your company can tolerate. Ease back when your phone system is behind a secure firewall.
INMAIL AND THE FIND-ME, FOLLOW-ME FEATURE
Find Me/Follow Me refers to two technologies that, in conjunction, enable incoming phone calls to be received at different locations, on different phones. “Find Me” refers to the ability to receive incoming calls at any location. Our next blog entry will address this popular feature and hacking. To make your day easier, sign up to have the information sent directly to your inbox.