- Joined
- Nov 10, 2007
- Messages
- 60
- Reaction score
- 0
This morning, I noticed that the BLF lamp for my extension was illuminated at multiple phones throughout the office today -- but I certainly wasn't on the phone. I rebooted my phone , but the lights on the other phones never went off. I rebooted our proxy server, but the lights never went off.
Then, I went into the admin console and saw 4 outgoing calls, all from my extension. What the heck? I restarted all 3CX services. Within 30 seconds of the services restarting, the multiple calls began again. About this time, my partner got a call on another line that he transferred immediately to me. It was our SIP provider Vonage. They noted that our account was likely being hacked and we had (in the space of 1 hour) ran up charges of nearly $100 to Nigeria, the Central African Republic, and Guatemala.
We sell Ferrari, Maserati, and Lamborghini parts around the world -- but I know we have hardly any customers in those countries -- so clearly, something was whacked. As the Vonage rep said, it was clearly a hack into 3CX and the perp was using our a softphone to mimic my extension and place the fraudulent calls. Immediately, I stopped all 3CX servcies and changed the passwords for each of our registered extensions. I then changed the password for the whole 3CX admin console. When services restarted, the calls were gone -- and have not reappeared.
Moral of the story? CHANGE PASSWORDS, and don't use a password that is the same as the extension number. (Oh, the other moral of the story? Vonage customer service waived all charges and absolutely gets a HUGE thumbs up in my opinion for catching it so quickly and proactively calling us).
Then, I went into the admin console and saw 4 outgoing calls, all from my extension. What the heck? I restarted all 3CX services. Within 30 seconds of the services restarting, the multiple calls began again. About this time, my partner got a call on another line that he transferred immediately to me. It was our SIP provider Vonage. They noted that our account was likely being hacked and we had (in the space of 1 hour) ran up charges of nearly $100 to Nigeria, the Central African Republic, and Guatemala.
We sell Ferrari, Maserati, and Lamborghini parts around the world -- but I know we have hardly any customers in those countries -- so clearly, something was whacked. As the Vonage rep said, it was clearly a hack into 3CX and the perp was using our a softphone to mimic my extension and place the fraudulent calls. Immediately, I stopped all 3CX servcies and changed the passwords for each of our registered extensions. I then changed the password for the whole 3CX admin console. When services restarted, the calls were gone -- and have not reappeared.
Moral of the story? CHANGE PASSWORDS, and don't use a password that is the same as the extension number. (Oh, the other moral of the story? Vonage customer service waived all charges and absolutely gets a HUGE thumbs up in my opinion for catching it so quickly and proactively calling us).