The hackers call into voicemail systems and search for boxes with the default password or easily guessed ones like 1-2-3-4. They then change the greeting to something like – “Yes, yes, yes, yes, yes, operator, I will accept the charges.” Then, they places a collect call to the number. When the (automated) operator (which is usually programmed to “listen for” key words and phrases like “yes” or “I will accept the charges”) hears the outgoing “yes, yes, yes, yes, yes, operator, I will accept the charges” message, the collect call is connected.
The hacker then uses this connection for long periods of time to make international calls. Sometimes they take over the number completely and set up a forward to another number. This is usually targeted over weekends or holidays, when people don’t check their voicemails for long periods of time. Most of the calls go overseas and can rack up big charges.
To counter this:
To avoid falling prey to this scam, the FCC recommends voice mail users do the following:
· always change the default password from the one provided by the voice mail vendor;
· choose a complex voice mail password of at least six digits, making it more difficult for a hacker to detect;
· change your voice mail password frequently;
· don’t use obvious passwords such as an address, birth date, phone number, or repeating or successive numbers, i.e. 000000, 123456;
· check your recorded announcement regularly to ensure the greeting is indeed yours. Hackers tend to attack voice mailboxes at the start of weekends or holidays;
· consider blocking international calls, if possible; and
· consider disabling the remote notification, auto-attendant, call-forwarding, and out-paging capabilities of voice mail if these features are not used.