Bell Canada customer billed $207,000 after hacker breach
Some Greater Toronto Area businesses are crying foul after receiving sky-high phone bills that charged them upward of $200,000 because hackers broke into their voicemail system and hijacked it to make long-distance calls.
While a spokeswoman for BCE's Bell Canada says the bills have been reduced by the phone company, the businesses insist they shouldn't be forced to pay for any of the illicit calls.
Martin & Hillyer, a law firm based in Burlington, Ont., says it has been hacked and is battling to erase a bill that includes charges worth more than $207,000 in calls to Sierra Leone in Western Africa.
The law firm isn't alone with the billing problem, but Bell Canada spokeswoman Julie Smithers calls the situation "really rare" and a "very old scam" that affects primarily business customers, although she said some residential consumers have been caught.
Here's how Bell thinks it works: an automated dialer will target a specific phone number, and wait for the voicemail to respond. Then, the computer will go through standard voicemail passwords.
Simple passwords are vulnerable
Once it finds the correct password — often a predictable number combination — the automated dialer will choose an option on the voicemail that allows it to make long-distance phone calls.
On the phone bill it looks like the calls were made directly from the office or home number.
Smithers said Bell does have technologies to detect "bizarre calling patterns and in a lot of cases we can stop it by placing a block on long distance."
But she added "it is extremely important and it is the customer's responsibility to put passwords in place that are difficult to guess."
In Oakville, Gordon Cowan, the president of GPS Consulting Group & Insurance Agencies, faced a similar problem on a smaller scale.
His offices rang up more than $60,000 in charges, starting with a 14-hour period on a weekend in early October.
"I came in on Sunday and there was a call from the Bell Canada fraud squad saying we had been breached. They shut our voicemail system down," Cowan said in an interview.
"They told us to change our passwords, which we have been doing anyway, and they would be in contact with us."
Cowan says that a week later the hacking happened again.
In both instances, Bell Canada agreed to reduce bill as a "goodwill gesture" — in the law firm's case they cut it down to about half of the $207,000.
Cowan's $60,000 bill was slashed to about $7,000.
Bell says that Canadians are responsible for taking steps to prevent their voicemail from being hacked.
"It is something that's not unique to Bell — it has been seen by pretty much every telephone company in the country, the U.S. and internationally," Smithers said.