U.S. flag

An official website of the United States government

Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.


Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Quick, what’s your voicemail PIN? Don’t know? It could be a default PIN, such as 1-2-3-4-5. Or maybe it was never set up at all. Facing a myriad of online and device threats, security experts warn that voicemail system security is often overlooked on both personal and business accounts.

Voicemail system vulnerability

If you don’t change the default password on all your voicemail accounts, you – or your company –  could be in for an expensive surprise. There are hackers who know how to compromise voicemail systems to steal personal and financial information, or to gain access to your financial and social media accounts by intercepting two factor account verification codes. Some hackers have reportedly monitored incoming voicemail messages at businesses and responded to callers by text, impersonating the business, These texts include links for payments on requested services, which go to the hackers’ accounts.

Hackers have been known to hijack voicemail accounts and change outgoing messages so they will accept automated international collect calls, which get added to the mailbox owners phone bill. In another version of this scam, a hacker breaks into a voicemail system’s call forwarding feature, programs the system to forward calls to an international number, then uses it to make calls.

In the past, hackers typically targeted business voicemail systems, but consumers with residential voicemail should also beware.

You should know

  • Hackers may try to break into business voicemail systems during holiday periods or weekends, when changes to outgoing messages are less likely to be noticed.
  • Hackers are often based internationally, with calls originating in, and routing through, many countries around the world.
  • In international collect call scams, business victims may not find out they’ve been hacked until their phone company reports unusual activity; and residential victims may not find out until they receive unusually high phone bills.

Tips to minimize your risk

To avoid falling prey to this scam, follow these helpful tips:

  • Always change default passwords for all voicemail boxes, at work, at home and on your mobile phone.
  • Choose a complex voicemail password of at least six digits.
  • Change your voicemail password frequently.
  • Don’t use obvious passwords such as an address, birth date, phone number, repeating numbers, such as 000000, or successive numbers, such as 123456.
  • Check your recorded announcement regularly to ensure the greeting is indeed yours.
  • Consider blocking international calls.
  • Disable remote notification, auto-attendant, call-forwarding and out-paging features if you don’t use them.
  • Consult your voicemail service provider about additional security precautions.

If you think you’ve been hacked, report the incident to both your service provider and the police.

Printable Version

Voicemail Hacking (pdf)


Date Last Updated/Reviewed:

Alternate Format Requests

People with print disabilities may request braille, large print, or screen-reader friendly versions of this article via the email form at fcc504@fcc.gov For audio and other access, use the "Explore Accessibility Options" link.


Consumer Help Center

Learn about consumer issues - visit the FCC's Consumer Help Center at fcc.gov/consumers



File a Complaint with the FCC

File Your Complaint

Visit our Consumer Complaint Center at consumercomplaints.fcc.gov   to file a complaint or tell us your story.