SMB Phone Hacking is Alive, Well and Thriving with VoIP

Big data breaches of personal and credit card information have been in the news of late (Sony, Anthem, et al), but hackers are also making money the old-fashioned way: phone-hacking business lines.

It’s a low-tech hacking technique that usually targets small to medium-sized businesses (SMBs). These businesses are less likely to take precautions around their phone systems, making common mistakes like using easy-to-guess voicemail passwords, or default passwords. VoIP-type hacking, which involves hijacking or spoofing VoIP account credentials, is becoming more common too. And that’s an enormous problem considering that most SMB communications systems are VoIP or cloud-based, and open to the Internet and its nefarious denizens.

“The increased success in phone hacking is largely due to one main cause – users’ and administrators’ deficiencies in protecting their phone systems,” said Ed Fox, vice president of network services at MetTel. In a column. “In an era where everything online is considered exposed to hackers and where voice over IP systems are more prevalent, traditional voice services are not immediately seen as a threat to business security. “

Once they gain access to voicemail boxes or VoIP credentials, hackers can cause a lot of damage by re-routing phone calls through international exchanges and forwarding them to premium numbers. The hacker will be set up to take a cut of the charges to those numbers, so volume is in their best interests. And thanks to the magic of broadband and IP, they can now make hundreds of calls concurrently, running up phone bills into the hundreds of thousands of dollars, quickly.

Fox pointed out that there are several ways to combat this type of fraud, some of which businesses can implement internally and the others that come from the telecom service provider. These include:

• Enforce minimum 6-digit voicemail passcodes with stringent default requirements
• Do not allow call forwarding to international numbers
• Block calling to the countries that are the biggest offenders
• Lock out voicemail after multiple invalid attempts
• Disable international calling by default

“Security, from physical to online, has always been a concern for businesses, but it’s important to not forget the phone system,” Fox noted. “Sensitive information is constantly being shared, so it’s important to take every step possible to keep a business safe.”

Edited by Maurice Nagle