Bell customers must pay bills racked up by fraudsters

Some Ontario companies received a major shock when their Bell Canada bill arrived in the mail, showing a huge balance on calls that the companies insist they never made.

Watch: See all Videos in the Player

A A | Email This Email | Print | Comments (48) Tweet

CTV.ca News Staff

Date: Fri. Jan. 30 2009 7:43 PM ET

Bell Canada has taken out full-page newspaper ads warning customers they are responsible for costly long-distance calls made through their voicemail systems, even if they were done so fraudulently.

The warnings come too late for Burlington, Ont. law firm Martin & Hillyer, a company that received a $207,000 phone bill for calls made to Sierra Leone.

The calls were likely made by criminals who called into the system after hours, and hacked passwords used to protect the voicemail equipment.

In the ad, Bell says it has received several complaints about a voicemail fraud scam whereby "experienced criminals...illegally gain access to company voicemail systems and then place long distance calls from within those systems."

Bell says that the vast majority of Bell customers are using third-party equipment, and a third-party voicemail provider, and should being dealing with their providers to protect themselves.

"It's the responsibility of those customers to go out and get their third-party tech support to administer (those systems) and security," Bell spokesperson Julie Smithers told CTV.ca Friday evening. "It's the responsibility of those customers to protect their systems, because really, the equipment is owned by them."

Often the voicemail passwords have never been changed from the original programmed default, they are the same as the phone number or extension, or they are easily guessed, such as 1234.

When they appear on the company's phone bill, it appears as though the calls were made directly from the office or home number.

The Bell ad says its systems come with adequate security devices, but "like locks on your car or on your house, they have to be used properly in order to be effective."

Smithers says that Bell works with the companies that use Bell voicemail systems to make sure that those systems are secure and up-to-date.

"We really want to talk to our customers, we really want to be helping them," she said.

Bell offered a number of tips for companies to ensure their phone systems are not compromised. But Bell also says companies will have to pay for those calls made when the systems are hacked.

"Remember that you are responsible for paying for all calls originating from, and charged calls accepted at, your telephone, regardless of who made them or who accepted them," the ad states.

Smithers said that when overseas calls are made on Bell systems, Bell must pay a fee to international long-distance carriers.

"We have to pay for those services, so when calls are made on our system internationally we then have to go pay providers for that airtime," she said.

The following is a list of steps Bell says companies can take to protect their voicemail systems.

Ensure employees change default password immediately after being assigned a voicemail box.
Program systems to require passwords of six or eight characters.
Avoid easily-guessed passwords.
Require users to change their password every 90 days, as a minimum.
Disable the offsite "through-dialling" option if it isn't necessary.
Remove all unassigned mailboxes.

"While these precautions are of a general nature, and might not protect every aspect of an individual telephone system, they will go a long way to reducing your vulnerability to this type of fraud," the ad states.

Comments are now closed for this story

tc
said
0 0

Bell and a few commenters state that you should change your password (usually only a 4 digit number in most systems) on a regular basis. That is fine but if someone is determined enough and has the right program to hack your password I imagine it would only take about 15 minutes or so to do. The bell system allowing long distance access through the voice mail is the issue here. Maybe if bell didnt have that feature than something like this wouldnt happen. As well bell should have some additonal checks and balances on their system so that if a rash of long distance call start occuring through a voicemail system than it gets flagged for further investigation. I'm waiting for bell to announce their senior execs getting about 200k or so dollars in bonuses now.

Vote NDP in the next federal/provincial election
said
0 0

We need to pass legislation that will make consumers immune to any fraudulent calls. Also I wonder why Bell Canada doesn't have a feature where it can block long-distance calls to certain numbers or countries. I guess Bell cares more about getting payments than their customers. What happened to the Big 3 automakers (i.e treating customers like trash) will happen to Bell if they don't fix this situation soon.

Guido
said
0 0

Bell could just not permit calls to particular countries without added steps.

At $200,000 they could send an investigative team to Sierra Lion and "have a word" with the people the calls were made to.

anonopine
said
0 0

Change the phone through Bell so that it can only make local outgoing calls. Have outgoing long distance capability removed. You can still make long distance calls, but only with special cards. Much safer.

If Bell won't let you remove long distance capability, go elsewhere for phone service, and even write to your MP about it.

Ken P.
said
0 0

Bell does not manage or own the voicemail box system. Companies using these systems must include the operation and security procedures required by the system as part of the training of their employees. A company not competent enough to do so should not own such a system.

Scote
said
0 0

"The Bell ad says its systems come with adequate security devices, but "like locks on your car or on your house, they have to be used properly in order to be effective. Often the voicemail passwords have never been changed from the original programmed default, they are the same as the phone number or extension, or they are easily guessed, such as 1234"

why are all of you complaining towards the phone carrier? Like it mentions, your car has locks... if you failed to lock your car, and manage to get it stolen, dont go crying back to your dealer saying you dont have to pay for the car because it got stolen.

Although on the flip side, if you DID have the proper security set, and followed their recommendations, then they SHOULD waive off the fee as it was their system (not your phone etc) that got hacked.

my 2cents

FSN
said
0 0

I don't believe this will affect the average Joe.

These problems exist because companies (small and large) have their own phone system. The phone system comes with lots of features including voicemail, and through-dialing.

When the equipment is first set up, all the passwords should be changed from the default (typically 1234). It is the responsibility of the Company (OWNER OF THE EQUIPMENT) to change those passwords and NOT Bell Canada. Bell has nothing to do with the telephone equipment within each business premise. It is NOT THEIR EQUIPMENT!

In the case of a HOME PHONE LINE, if you're the average Joe, with a phone line at home, with voicemail etc, I would find it hard to believe that if you're elsewhere (like at your friend's home for instance) that you can dial your home number, enter a password and then while connected to your home, dial out to somewhere else so that the charges appear on your home phone bill. Not only would you need the equipment to do this, but you'd also have to have TWO lines at home so that you could be connected to your home on one line, while dialing out using the other line... How many of you have two lines at home...? Probably less than 5% of the population.

This is similar to Wirelss Internet in your home. How many of you have changed the default password on your wireless device??? Do you know someone can be outside of your home sitting in their car using your internet connection to download God-only-knows-what? Who's fault is it if not the owner, who purchased it, connected it, but didn't read the instructions where it clearly says to change the default password for your own security.

I honestly don't blame Bell for this.

Sierra Leone is on the line and it's for you!
said
0 0

Furthermore...
Under Canadian law you cannot profit from crime.

Firstly, you would be an accessory but regardless of your angle....

You cannot profit from crime in this country.

I know it's like having 100,000 new subscribers every time you allow this to happen to a customer but...
that's illegal.

Vancouver Vonage User
said
0 0

I agree with most comments that the customer should have some responsibility, but, Bell has the records and systems mid-month and so they are complicit as this is forseeable. For example, in conjunction, why does Bell not offer an option where if the invoice for the month hits $X (as chosen by the customer) the ability to place toll long distance calls locks down. The customer would still be responsible for the X$ and would have time though to investigate. The customer would pick a number high enough than normal monthly usage but not something they can�t afford.

Paul from Kitchener
said
0 0

Does anyone of the people commenting actually read the article. This is about a companies phone system being hacked and the criminals using that companies system to make calls. When something like that happens it is nothing to do with bell or bells systems. it is that individual companies system and their responsibility to make sure their voice mail systems are protected from hackers.

Rob Russell
said
0 0

This is no different then if someone set up Wifi in their home but forgot to change the default security, allow most of their neighbours to get access to the internet via their service. Your next bill comes in and you have an overage charge for your internet due to using 1000x the typical usage. Who should pay that? Your ISP? NO! It's your own stupidity for not configuring YOUR equipment correctly. If Bell owned the equipment and configured it for the client, then yes, there would be some liability. But the majority of Voicemail systems are purchased, owned, and configured by the individual, and if they did not do it right, then it's not Bell's fault. Hire someone that CAN set it up correctly! Don't get me wrong, I absolutely HATE Bell and will never deal with them (Haven't in over 10 years) but come on, get real, take responsibility for your OWN inability and hire someone that knows HOW to configure these things correctly instead of trying to save a few bucks and doing it yourself.

I do agree that Bell (And other companies) should have security measures in place for this type of thing, but not with them responsible to GUESS if someone is hacking your line, but with Customer determined limits on the line. For example, Let say I know my long distance is never more then $500 a month. Set that as a limit and if this limit gets reached, a Bell rep contacts you and lets you know the limit has been reached and to inquire if this is legit and do you need to raise your limit or put a freeze on it until you determine where these calls are coming from.

Matt
said
0 0

Maybe the phone companies need to implement some sort of cap system on long distance charges.
This would keep people from getting surprised by unexpectedly large phone bills.

Aaron
said
0 0

And perhaps the locksmith can be liable when your house is broken into, even if you do leave your keys under the front mat. At some point the consumer has to be accountable if they are not using the product in a responsible manner. Or we could start buying hacker insurance.

Paul
said
0 0

Why is people allowed to even call out from their voice mail. THat is a system flaw. BELL should pay. You call your voice mail to check messages and that's it.

So if people call Sierra Leone saying from your phone box or the main terminal box that is outside your place and racked huge bills are you responsible. The physical attack is on a bell premise. Should Bell have safeguards like foreign numbers trying to hack the line. It is Bell inadequate infrastructure that in vulnerable. Hacking Voice mail when you are going only with digits is quite easy.

Gail (Hamilton)
said
0 0

A rationale explanation by Bell. At least they tell you how to protect the service provided. We all need to be alert to the methods of hackers and thieves. I don't work for Bell and never have, but I use their service for my internet and phone. Changing and/or protecting passwords is an individual responsibility, and call display lets me know who's calling before I answer. We have multiple supplier choices. Choose wisely.

Brian in Edmonton
said
0 0

Bell should not be on the hook for the customer's laziness. If you buy a wireless router and don't change the login/password from "admin/admin" and someone connects to that router, views your shared documents to figure out your online banking information, and steals your money, is D-Link or Linksys, as the router manufacturer, responsible? No! They gave you all the tools to protect yourself, and you're the one who was too lazy to do that. That makes YOU responsible. It's exactly the same in this case with Bell.

Brian OC
said
0 0

The simple and easy fix is for the phone companies to do the same as credit card companies. A "credit limit" on the account. Once the limit is exceeded, no more long distance. Just like your credit card...past due or at its limit, the machine won't process the payment request (or phone call).

Sherry
said
0 0

I work for a telecommunications provider and the responsibility is on both parties. I do not work for Bell but for another large company. Our company has a 7/24/365 fraud group that notices spikes in client traffic. If we see one we stop all the calls until we get a hold of the client. I suspect Bell also has a fraud group. However, with that said the client owns their own PBX (switch) and it is up to them to set it up correctly, not the telephone companies. How can Bell be responsible for a piece of customer owned equipment. So, again, both parties need to be diligent. Bell should reduce the bill to the client so that others just don't expect Bell to solve all their problems. Hopefully customers now will double-check their equipment to ensure it's safe. BTW, someone mentioned that Bell gets the call for 0$. That's not true. They have to pay the local telephone company in Siera Leone no matter what. So Bell has to take a hit on the unpaid bill from the client. Cheers!

Joel in Kamloops
said
0 0

Uh... don't blame Bell. This is no different than safeguarding a computer network password in a corporate intranet. You ALWAYS change your passwords for any system - and 90 days doesn't cut it either.

People really have to wake up and realize that there is a reason passwords and credentials exist.

The law company has to take the blame for this. The good news is that the firm can bill a few more dollars an hour, and pay it off in a couple of years.

pat
said
0 0

I think its only fair that if you don't bother protecting yourself, you should be responsible for the results. If you give your PIN number for your bank card to someone and they take out money, the bank will not refund you. It works the same if you lend your friend your credit card and they copy it, you don't get refunded if you didn't try to protect yourslef or break their rules of conduct. These companies can only protect you if you actually use the tools they provide.

Niagara George
said
0 0

Did you see the gentleman on TV explaining the situation?

The calls to Sierra Leone were all made in a single 6 hour period. He has 4 lines in his telephone system. That would give a total of 1400 hours of time available for the calls.

The total time of the calls was over 9000 minutes! The problem was not just that someone hacked into his system, but that they were able to get 6 lines out of each of his lines.

It sounded like a Bell problem, as much or more than a customer problem.

Erica
said
0 0

I feel that if you have taken all the necessary precautions to protect yourself from this form of fraud, then the customer should not be held accountable for the bill. Just as with stolen automobiles, home thefts etc ... the victim, the company or whomever else who has suffered a financial loss may request financial restitution through the criminal court system to recover the loss. Unfortunately, the fraudulent person must be apprehended first.

Isabel Campbell
said
0 0

Obviously Bell has the technological means and should be able to trace the call--- and bill the receiver instead. The way it stand now-- Bell is not doing itself any favour- the message is " Use Bell Services at your own peril!"

Reeza
said
0 0

To 'crack the code', you require multiple tries at accessing the voicemail. Assuming its not 1234 or the extension, we're talking about 100's of attempts to access a voicemail in a short period of time. Shouldn't that be setting off Bell's system alarms for their voice mail somewhere!?!? It does for your bank or most online accounts. A very simple precaution that could be put in place, but 5 people at 200,000 each is an extra million in revenue versus a $50k fix I suppose.

IT and Phone Tech
said
0 0

Many Companies have their own internal voice mail and phone network. Much like you would have your own internal computer network at any business.
I believe this is what Bell is referring to. People are hacking the internal company voice mail system, then from there getting an outside line to place calls...Entirely possible.
But still, to charge such outrages rates, for infrastructure that is all ready in place and paid for multiple times over is criminal.

From the East
said
0 0

To Frank:

"Common sense people... Bell can't be held responsible for these attacks...

If you have a lock on your door, but don't lock it, who is responsible for the goods being stolen, the lock makers... They offer a service, and its up to the company to use common sense!"

If the lock was your own installation, then you are correct. But if that "lock", installed by a host company, and you have no say in the level of security, than the host company has the obligation to alert the client of breaches and cover any losses due the inadequacy of their security.

tim
said
0 0

I fully agree with many of you.... DUMP It is nothing but shedding responsibility. Victims of crime are just that... VICTIMS. Sorry, but victims should NOT be held responsible for fraudulent actions of others. Does Bell really think they will see the $207,000.00 from this Law Firm? Good luck collecting on that one Ma Bell.

Your service provider (Bell) is aiding the crooks.
said
0 0

These fraudsters don't just defraud Canadians, this happens all over the world were the telco's let it happen. Bell Canada, Telus or whoever your service provider is needs to put it's foot down and just tell these countries that either they clean up their act or we will sever service. The problem will be solved. All that money spent on advertising should have been spent on lawyers.

Frank Lovelock
said
0 0

Security! Security! Security! That is the number one requirement in today's electronic communications. Make sure you change your password on all devices whether they be voice mail,computer applications or other. To ignore the secure use of your communication system does not shift responsibility to the company or provider. If you are a large user contract an agency to test and advise on security measures.

John in Mississauga
said
0 0

If this was back in the old days when Bell owned all the telephone equipment including the equipment in your office, I would agree that 100% of the security responsibility is in the hands of Bell. Today, when you own the telephone system in your office, and Bell has no access to configure your system, you have the responsibility of configuring and maintaining the security of the equipment that you own.
It would be in Bell's best interest to provide a better level of customer service to install software on their telephone switches to detect fraud patterns and block subsiquent telephone calls. That still does not absolve the customer's responsibility to secure the equipment that they own.

island girl
said
0 0

I saw the CTV news interview of a small businessman who was on the hook for over $200,000. He had done ALL of the safety requirements put forward from Bell. The Bell rep was some young mouthpiece who was full of rhetoric and wouldn't take responsibility for anything. Basically they say "It's your phone..." STAY AWAY FROM BELL!

KJ in Kingston Ontario
said
0 0

In the worst case the bill should be limited to what a similar international call of the same length would really cost: so $20 not $200,000. The amount proves it is an obvious scam number!!!!!!! Nobody is calling these African countries to chat about the grand kids at those rates.

Wade From Mcmurray
said
0 0

Bell is right on this. It is out of Bell's hands how the companies set passwords and voice mails. It is the companies fault that there security was lacking. You can't blame bell for this. What if a company employee gave out the password so he could profit from the long distance should Bell have to pay for it? It is on the company to protect the system from un-authorized usage.

Henry Wysmulek
said
0 0

For you uninformed out there, bell does not own the pbx or voicemail. These are purchased by the user, and the user owns the equipment.

How is the Telco supposed to know if these calls are real or fraud, or are they supposed to take the customers word for it?

We know people NEVER LIE to get away with not paying their bills!

No I am not a bell employee.

edd-medhat
said
0 0

How is it possible that if someone steals my car and uses it to commit a crime, I'm not held responsible for that crime? But, if someone steals my telephone to commit a crime, I'm held responsible by the telephone company. If someone steals my credit card, as long as I report it as soon as I become aware of the loss, I'm not held responsible.

How can this be?

When I signed up for a telephone, the telephone company did not tell me I was responsible for their problems.

Art Glen
said
0 0

Rogers did the same thing to me. My cell phone was stolen, a police report was filed, but Rogers insisted I pay the $300+ of long distance calls. I cancelled my Rogers account. Do the same to Bell. Corporations think they are invincible. Show them they are not! Shame on Bell for even suggesting this policy.

Diana
said
0 0

Well banks already don't take responsibility if your bank card was stolen and your pin was one of the numbers they warn you not to use, like your birthday. Same thing here. If you leave your password as 1234, then its your own fault. But bell should have some way of tracking whether you took all the necessary security steps.

Jason
said
0 0

Steve the Pundit,
Great guess. The new chips in credit cards and soon on debit cards absolves the banks of any responsibility. Its now your fault if someone gets access even though there is NO way to stop fraud. You can only slow it down temporarily.

As for Bell, colour me surprised. I ditched them 6 years ago when they sarted charging my credit card for services not rendered. In this case it was for a non-existent internet connection. Took two years to clear the charges from my card. I never paid a cent and only refer people to other companies.

Dale - Edmonton
said
0 0

The net cost to Bell of these costs is exactly $0. Zero. Once the system and agreements are in place, the cost of any one additional call is $0. This is fraud on Bell's part. If its not criminal, it should be. Again and again we see the big cellular companies in Canada hosing the public, with fees, charges and undisclosed features. Lets see some of these VPs and CEOs charged with fraud, see how quickly they stop doing this.

Corperate Criminals
said
0 0

Unfortunately, where I live, in a rural area of Ontario, I have no choice but to use Bell as my phone provider, internet provider and my satellite dish provider.

Their fee's are ludicrous to say the least, with each months bill coming up to $270 per month.

I don't make many long distance calls and my satellite package is basic, plus a few items, but Bell overcharges for everything.

I say Bell should take some responsibility here for the lack of security and to educate and inform their customers, that these problems may occurr with people breaking into their voicemails.

I say the CRTC must step up and help the customers who are getting racked over the coals in this country by Bell and allow more competition, so that large corperations like this one, doesn't fleece their customers.

Frank!
said
0 0

Common sense people... Bell can't be held responsible for these attacks...

If you have a lock on your door, but don't lock it, who is responsible for the goods being stolen, the lock makers... They offer a service, and its up to the company to use common sense!

KJ in Kingston Ontario
said
0 0

Most phone systems only allow a simple password that programs can easily crack.

The ONLY ANSWER -- disable TOLL CALLING on your BELL lines -- I did after the dial-up scams hit about a decade ago. I would NEVER have a phone that could just dial out to Africa and incur long distance charges that could bankrupt most people or eat up their entire life savings in one night.

Gerald from Belleville
said
0 0

This is ridiculous. It doesn't even make sense.

This type of thing should be a reverse onus: if Bell can prove that a client was negligent in protecting their voice mail system, and as a result, fraudsters were able to do long distance calls, then the client should be liable to pay. But ONLY if Bell can prove that the client was negligent. If Bell cannot prove that, then the client should not have to pay for the fraudulent phone calls.

Or, place a cap on the liability: 500$ for example. It's not like the extra calls actually cost Bell much of anything...

Essentially, with their new policy, Bell is saying that it is always YOUR fault if you are a victim, even if you've taken all possible steps to protect yourself. Here's an analogy. Your car is parked in your driveway, its doors are locked, the windows are up, and you installed an alarm and anti-theft system. A robber steals your car and goes on a joy ride and hits other cars and property, causing $1000000 in damages. According to Bell's logic, YOU would have to pay the $1000000, not your insurance company nor the robber. Doesn't make sense does it? Now, if you left your car running with the doors unlocked in front of a store, I might see "some" liability...but that's not what Bell is saying. Bell is saying that it is ALWAYS YOUR FAULT if you are the victim, and you are therefore ALWAYS LIABLE.

Wes
said
0 0

That's a bunch of BS that you would have to pay that bill...if someone steals your credit card info and uses it you're not held responsible, as long as you can prove it wasn't you. Why should this be any different?
This is the one time I am rooting for the lawyers...

TDEV
said
0 0

This is why I`m not a BELL CUSTOMER.

John Giannopoulos
said
0 0

I think Bell should be responsible in protecting the fraudsters from using their services illegally.If they can't do that maybe they shouldn't offer these services.They should pay for any illegal misuse of services not the customer.Can't handle that maybe they should close shop and let another provider offer services to clients.

Dump Bell
said
0 0

Perhaps Bell should have provided some measure of security like Mastercard or Visa does.

I think its morally reprehensible that Bell is charging for this and as such, I will never do any sort of business with Bell. I think with this shifty and classless move by Bell it will stand to destroy their reputation. Why should they pay when Bell can't keep their own systems secure? Why not bill the person on the other end?

I can see an ad for Bell now..."Get unlimited long distance for only $207 000.00 per month. Unlimited brilliant customer service and the most cutting edge security systems for telecommunications company anywhere on Earth."

-Yeah right...if Bell or anyone expected me to pay a $207 000 phone bill, I would laugh at them and make sure I would take them to court and counter sue them for emotional damages and lost wages. I would love to hear what a judge would say about Bell.

Perhaps if Bell had a secure setup, none of this would have happened.

Steve the Pundit
said
0 0

What next? Are the banks going to absolve themselves of responsibility if your debit card or entire identity are stolen? Further abdication of corporate responsibility.

Don't let them set this precedent; if you're with Bell, threaten to take your business elsewhere if they don't change this policy.

Today's Top Stories

Investigators remove a package containing a human foot from the Conservative Party of Canada office in Ottawa, Tuesday, May 29, 2012.

Pick your location

Top Stories -

News Sections

News Programs

Features

Browse: