Thousands of New Zealand homes and businesses are at risk of being targeted by international phone hackers.
The threat came to light after a Tauranga businessman woke up to a $26,000 bill, and his phone provider still wanted him to pay until 3 News began asking questions today.
Switchboard manufacturer Alan Bray doesn't make international calls, but racked up the bill in only two days.
"Be aware you could wake up to this nightmare too," he warns.
3 News understands hackers are using automatic dialling software from bases like Nigeria, Somalia and Russia to call thousands of lines a minute until they stumble upon a PABX phone with an unsecured voicemail port.
Hackers then route all their customers' calls through that number for a day or so, until they move on to the next victim.
"It's being done as a form of fraud, so it's generating a large bill that someone in that chain is siphoning off," says Chris O'Connell, acting chief executive of the Telecommunications Users Association of New Zealand.
Mr Bray's phone provider, Intagr8, admits it has been stung before.
"We've had 20 in the last six months," says general manager Stephen Mascarenhas. "It's stepped up a lot in the last year or so."
Intergr8's wholesaler, Vodafone, says it is aware of Mr Bray's case and revealed up to 200 customers a year are affected, which has prompted a warning from an IT expert.
"Probably in excess of 50 percent of companies may have ineffective protection of their internal networks," says technology consultant Phil Strang.
But Mr Strang says in this case he doesn't believe the customer is to blame. Hackers accessed Mr Bray's number through the phone company's exchange.
"If there's any discrepancy on that, of course we will look into it," says Mr Mascarenhas. "There's no question about it. If that's where the issue lies then obviously that's not Alan's fault. But it is very possible to make simultaneous calls on the same lines."
Intagr8 told Mr Bray he'd have to pay almost $6000 towards his bill, but late this afternoon told 3 News they would stump up for the lot.
A relieved Mr Bray says it still serves as a lesson to us all – have your own security PIN on your voicemail.
source: newshub archive