Bell Canada has taken out full-page newspaper ads warning customers they are responsible for costly long-distance calls made through their voicemail systems, even if they were done so fraudulently.In the ad, Bell says it has received several complaints about a voicemail fraud scam whereby "experienced criminals...illegally gain access to company voicemail systems and then place long distance calls from within those systems."
While a spokeswoman for BCE's Bell Canada says the bills have been reduced by the phone company, the businesses insist they shouldn't be forced to pay for any of the illicit calls.
Businesses are crying foul after receiving sky-high phone bills that charged them upwards of $200,000 because hackers were able to break into their Bell voicemail system and hijack it to make long-distance calls.
The warnings come too late for Burlington, Ont. law firm Martin & Hillyer.
Martin & Hillyer, says it has been hacked and is battling to erase a bill that includes charges worth more than $207,000 in calls to Sierra Leone in western Africa.
The law firm isn't alone in but Bell Canada spokeswoman Julie Smithers calls the situation "really rare" and a "very old scam" that affects primarily business customers, although she said some residential consumers have been caught as well.
Here's how Bell thinks it works: an automated dialler will target a specific phone number, and wait for the voicemail to respond. Then, the computer will go through standard voicemail passwords.
Often the voicemail passwords have never been changed from the original programmed default, they are the same as the phone number or extension, or they are easily guessed, such as 1234.
Once it finds the correct password -- often a predictable number combination -- the automated dialer will choose an option on the voicemail that allows it to make long-distance phone calls.
On the phone bill it will appear as though the calls were made directly from the office or home number.
The Bell ad says its systems come with adequate security devices, but "like locks on your car or on your house, they have to be used properly in order to be effective."
Smithers said Bell does have technologies to detect "bizarre calling patterns and in a lot of cases we can stop it by placing a block on long distance."
But she added "it is extremely important and it is the customer's responsibility to put passwords in place that are difficult to guess."
In Oakville, Gordon Cowan, the president of GPS Consulting Group & Insurance Agencies, faced a similar problem but on a smaller scale.
His offices rung up more than $60,000 in charges, starting with a 14-hour period on a weekend in early October.
"I came in on Sunday and there was a call from the Bell Canada fraud squad saying we had been breached. They shut our voice mail system down," Cowan said in an interview.
"They told us to change our passwords, which we have been doing anyway, and they would be in contact with us."
Cowan says that a week later the hacking happened again.
In both instances, Bell Canada agreed to reduce bill as a "goodwill gesture" -- in the law firm's case they cut it down to about half of the $207,000.
Cowan's $60,000 bill was slashed to about $7,000.
Bell says that Canadians are responsible for taking steps to prevent their voicemail from being hacked.
"It is something that's not unique to Bell -- it has been seen by pretty much every telephone company in the country, the U.S. and internationally," Smithers said.
Last week, reports from Australia said that police were investigating claims from a Perth business that its Internet phone lines were hacked, resulting in a $120,000 phone bill from more than 11,000 international calls.
Bell offered up a number of tips for companies to ensure their phone systems are not compromised. But Bell also says companies will have to pay for those calls made when the systems are hacked.
"Remember that you are responsible for paying for all calls originating from, and charged calls accepted at, your telephone, regardless of who made them or who accepted them," the ad states.
The following is a list of steps Bell says companies can take to protect their voicemail systems.
- Ensure employees change default password immediately after being assigned a voicemail box.
- Program systems to require passwords of six or eight characters.
- Avoid easily-guessed passwords.
- Require users to change their password every 90 days, as a minimum.
- Disable the offsite "through-dialling" option if it isn't necessary.
- Remove all unassigned mailboxes.
"While these precautions are of a general nature, and might not protect every aspect of an individual telephone system, they will go a long way to reducing your vulnerability to this type of fraud," the ad states.
Posts
0 comments:
Post a Comment