Tech Made Simple

Hot Topics: How to Fix Bluetooth Pairing Problems | Complete Guide to Facebook Privacy | How to Block Spam Calls | Snapchat Symbol Meaning

We may earn commissions when you buy from links on our site. Why you can trust us.

author photo

Hackers Exploit Voicemail Vulnerability to Access Financial Accounts

by Elizabeth Harper on August 15, 2018

You already know how important it is to have strong passwords and two-factor authentication on your online accounts — but you may not have considered your voicemail password. Voicemail accounts are startlingly easy for hackers to access, and that can be a problem for your other online accounts.

That's because most of your online accounts let you reset your password by phone. Theoretically, by calling or texting an access code to your phone number, a service can confirm your identity before letting you reset your password. But if a hacker has access to your voicemail, they can request a password reset code by phone and intercept it. Then they change your password and have full access to your account. Websites like PayPal, eBay, LinkedIn and Instagram are all vulnerable — and even secure messaging apps like WhatsApp and Signal can be compromised.

The hack itself is simple. Many voicemail accounts have default passwords or easy to guess passwords, like the last four digits of your phone number. Even if you change the password, you usually only need to provide a weak four-digit code — and most phone providers allow you to guess your code as many times as you want without locking your account. That means a hacker can just go through every possible number combination until they hit the right one. After that, it's easy for them to force your calls to voicemail so they can intercept your password reset code.

Some companies — including PayPal — have protections against this kind of hack, but those can be bypassed, too. PayPal will call you with a password reset code, but requires you to enter that code during the phone call. Hackers can get around this by listening to the code, then changing voicemail greeting to a recording of the code.

In the end, the problem is that our voicemail accounts aren't very secure — and the prevalence of password reset by phone leaves us all vulnerable. The only way to completely prevent such an attack is to shut down your voicemail entirely, which isn't practical for most people. However, you can make it more difficult for hackers by changing your voicemail password. Fortunately, most mobile carriers make it easy. Here are instructions for resetting your password on each carrier:

When you reset your password, be sure:

  • Make it as long as possible, preferably a random series of numbers.
  • Don't include any easily guessable personal information, like addresses, phone numbers or birthdays.
  • Save it in your password manager so you don't forget it.

And, of course, you should make sure your other passwords are up to snuff, too. Anything you do to make it harder for hackers to get into your accounts makes it less likely you'll be a victim.

[Image credit: voicemail access via BigStockPhoto]


Topics

Privacy, News, Computers and Software, Computer Safety & Support, Phones and Mobile, Blog


Discussion loading

Home | About | Meet the Team | Contact Us
Media Kit | Newsletter Sponsorships | Licensing & Permissions
Accessibility Statement
Terms of Use | Privacy & Cookie Policy

Techlicious participates in affiliate programs, including the Amazon Services LLC Associates Program, which provide a small commission from some, but not all, of the "click-thru to buy" links contained in our articles. These click-thru links are determined after the article has been written, based on price and product availability — the commissions do not impact our choice of recommended product, nor the price you pay. When you use these links, you help support our ongoing editorial mission to provide you with the best product recommendations.

© Techlicious LLC.