Maryland Doctor’s Office Loses $2 Million to Telecom Fraud

One small doctor’s office in Maryland is reeling after receiving a $2 million phone bill.

Fraudsters hacked into the office’s automated voicemail system and used it to place a significant number of calls to high cost destinations, such as Gambia, Ascension Island, Dominica, and others. The fraudsters were able to hack into phone lines at two of the doctor’s office locations in Salisbury and Ocean City, MD.

If a fraudster is able to hack into a voicemail system, they are often able to exploit the common “Call Back” feature, which allows a user to immediately return a missed call. The criminal calls the phone number, leaving their own premium rate number as the “call back” number.

Then, they login to the account, find their missed call, and return it, signaling the Voice Mail to initiate a call to their number. Once the call is connected, a criminal can attempt to leave it up as long as possible, often hours or days.

The attack happened over a weekend in February 2015, while the office was closed. It apparently went unnoticed for several days, before their telephone providers, Verizon and AT&T, notified the business of suspicious activity on the phone lines. Police are now working with the FBI, both the phone companies, as well as the service company that installed the business’s phone lines to investigate the incident.

According to the Communications Fraud Control Association, this type of fraud costs victims 4.73 billion annually across the globe. There is little legal protection available for the small businesses that are most often affected. Though most consumers assume that they will not be held responsible for fraudulent charges, as is the case with credit cards, telecom does not work the same way.