NEW YORK - Frequently changing voice-mail passwords, never using a factory-set password on an answering machine, and monitoring remote access on business telephone equipment can help businesses and consumers protect themselves from persons who try to hack into their systems and run up large bills.
"This has become a significant problem that many consumers and businesses don't know about," said Kathy Zanowic, Verizon's chief privacy officer.
In response to an increase in reports about telephone equipment hacking throughout the industry, Verizon issued an advisory today in an effort to prevent customers from becoming victims. Verizon cautioned residential customers to change their answering machine default passwords and urged its business customers who use internal switching equipment commonly known as PBXs to take steps to secure their systems against unauthorized remote use.
A very simple but common abuse occurs when consumers fail to change the default password on home answering machines. The password is used to allow a customer to remotely retrieve messages when away from home. A scam artist simply calls a number of phone numbers and tries to find one that is connected to an answering machine with a default password. He then gains access to the machine and, in some circumstances, can program it to accept collect or third-party billed calls. These calls are then billed to the owner of the phone line without the owner knowing it. The person conducting the fraud could also erase messages or create other problems for the customer.
"The first thing someone should do when setting up a new answering machine at home is select a unique password and enter it into the machine - and then change it every few months," said Zanowic.
Another version of the scam takes place with voice-mail services at home or at businesses, either supplied by the local telecom company or on equipment used by a business, including PBXs.
Two things can happen. Scam artists can call into the voice mail system at the home or business, gain access to the voice mailbox by guessing a simple password and then re-program the system to accomplish the same things they might do with an answering machine. In addition, with PBX systems, someone who is able to identify the account password can gain access to an outside line on the equipment and then make expensive calls that are charged to the business. This amounts to unauthorized users walking in from the street and making calls.
"In all these cases," Zanowic said, "customers have easy weapons at their disposal: Change passwords frequently; never use the default password on answering machines, voice-mail services or PBXs; monitor - or even disable -- remote access to PBXs; and make the passwords unusual and hard to guess."
Verizon customers who believe they have been victimized by the scam should report it to the company by calling their local Verizon business office, which is listed on the second page of their phone bill. Verizon representatives will work with each customer on an individual basis to address the issue.
Verizon provides updated information on these and other frauds and scams on the company's Web site: www22.verizon.com/pages/securityalerts/
Verizon Communications Inc. (NYSE:VZ), a Dow 30 company, is a leader in delivering broadband and other wireline and wireless communication innovations to mass market, business, government and wholesale customers. Verizon Wireless operates America's most reliable wireless network, serving 53 million customers nationwide. Verizon Business operates one of the most expansive wholly-owned global IP networks. Verizon Telecom is deploying the nation's most advanced fiber-optic network to deliver the benefits of converged communications, information and entertainment services to customers. Based in New York, Verizon has a diverse workforce of more than 250,000 and generates annual consolidated operating revenues of approximately $90 billion. For more information, visit www.verizon.com.