High Tech Phone Fraud

scam fraud telephone telemarketing

The predawn calls at Rich Beck's house one morning last year came so fast and furious, he finally got fed up.

"Just hung up the last time and left the phone off the hook. So that put an end to it," he told CBS News Correspondent Cynthia Bowers.

Or so he thought. Actually he did exactly what the caller wanted.

Welcome to the world of high tech phone fraud.

Hackers dial relentlessly until they get voice mail. Then they can figure out the password and change the outgoing message to say the phone accepts third party calls.

That gives phone operators the green light to verify charges for collect calls - calls made from places like the Philippines, where many of the hackers operate from. The scammers turn around and sell that access to other people, then ring up the profits.

"We were so shocked when we looked at our telephone bill," Beck said. "The long distance part of the bill came out to a total of $1,800 of long distance collect calls."

The targets are often business or government phone systems with dozens of extensions. Employees often leave a default password, like the last four digits in their extension, which makes the cracking the code a cakewalk.

In the blue-collar community of East Palo Alto, Calif., hackers working over a long holiday weekend managed to run up a bill 10 times the city hall's average - $30,000.

"Of course that needed a big explanation because I just don't have that," said Mayor Patricia Foster.

Another thing the mayor wants explained is why AT&T expects the city to pay for calls someone else made.

"On a credit card. The bank calls me when they find my credit card used in South Africa, but, you know, we got no calls from AT&T - we got no warning," she said.

AT&T says it's looking at that bill, but points out consumers have a responsibility to protect themselves -- by doing something as simple as picking a longer password.

"If you use a six digit password, that is a hundred thousand combinations that they would have to try," said Clemmie Scott of AT&T security. "For the hacker, it's move on and find an easier victim."

And it won't be Rich Beck. He's disconnected his voice-mail.