$26K phone bill hacking nightmare

A Tauranga man who has been left with a $26,000 phone bill is warning people to make sure their PABX phone systems are protected from phone hackers.

Alan Bray, director of New Zealand Electrical Traders, says he got the shock of his life when he was handed the account.

Alan uses a PABX phone system and says hackers typically use the voicemail section of these systems to reroute international phone calls through your lines to anywhere in the world.

“Anyone with a PABX phone system with a voicemail system attached to it is exposed to this hacking.”

“It could potentially happen to any business.” Alan says when the systems were installed in his company by his phone services provider, none of the default passwords were changed by the installers.

He was not aware of these passwords as his company had requested all voicemail services be removed from the phone system.

He says if these had of been changed from 0000 it could have prevented the hackers from being able to hijack his phone line.

“The default passwords are really easy to get into as it is common knowledge what the different brands of PABX use as passwords.”

“This period of hacking and the accumulation of the $26,000 worth of international toll charges occurred within a period of two days. It started on a Sunday and finished two days later. I was not made aware of the account until two months after the hacking happened.”

Alan wants to use his story to warn other people with PABX phone systems to make sure all their passwords have been changed from the factory default settings.

“It could have been $100,000 or $200,000, there is no limit.”

Alan is currently in talks with his phone provider to see what can be done about the bill, but at this stage he has been told he is liable for the payment of the account.

You may also like....


Phone hacking

Posted on 02-07-2014 13:54 | By Calandre

@ EtcEtc : no they can’t. They cannot, no matter what they do, protect any PBX from a brute force traffic pumping attack as a result of International Revenue Share Fraud (IRSF) which is based on common phone numbers. This means no phone number can ever be considered "safe". No PBX maintainer can secure a PBX with "simple rules" in the face of this and but so many people think they can. This is why this crime proliferates.

Phone hacking

Posted on 30-06-2014 19:09 | By EtcEtc

Your pabx vendor following some simple and effective rules can easily make you more secure

Phone hacking

Posted on 30-06-2014 14:15 | By Calandre

This crime can be easily prevented with the installation of anti-phreaking (anti-toll fraud)software. This way malicious call traffic is identified and killed before it even gets through a phone system and to the network. Moreover all legitimate call traffic can flow without any restriction and without having to remove voicemail or having to constantly change passwords or monitor anything. It’s automatic and works 24/7. This phreaking attack would have been killed instantly. The reality for them now is that if they don’t secure themselves completely now they’re right in the frame to be attacked again because they’re in a phreaking network now and when you’ve been attacked once they will return and do it again and the bill may be even higher next time. Take a look at Control Phreak www.callista.net.


Posted on 28-06-2014 18:10 | By Capt_Kaveman

your problem its their problem

Not right..

Posted on 28-06-2014 14:56 | By awaroa

that the phone service provider did not alert Alan of any unusual activity BEFORE it got to $26k worth and despite the dodgy "no limit" calling policy.. But no, just send the poor guy a bill at the end of the month. The service provider needs to be exposed and needs to take responsibility for the majority of this. Unreal and a disgusting way to treat a customer..

Leave a Comment

You must be logged in to make a comment. Login Now