This happens more often that you think and the losses can be staggering. A few years ago, my company was hit by a similar scam. We were lucky, the cost was less than $5000.00 only because we noticed unusual activity early and were able to stop it.
In our case, someone was able to hack the password of one of our employees. With that password they were able to change the settings on the account to forward calls to a small foreign country that had exceptionally high international rates. To make matters worse, they set up a US based toll free number that rang to our employees direct dial number. We literally had thousands of calls in the first 24-hours of the attack.
Our attack could have been easily prevented. Believe it or not, the employee whose password was hacked used a password of 1 - 2 - 3 - 4. You would think it is obvious that you should not use easy to guess passwords like 1 - 2 - 3 - 4 or your first of last name as the password, but you would be surprised how many people still do this. Our company significantly strengthened its password requirements for all users after the attack.
We also under took other measures to prevent these types of attacks. Since 2006 we have not had any further attacks.
Here is the rest of the article on this scumbag, personally, I hope he spends the entire 10-years behind bars, because that is where he belongs.
A Venezuelan man was sentenced to 10 years in prison Friday for stealing and then reselling more than 10 million minutes of Internet phone service.
Edwin Pena, 27, was convicted in February of masterminding a scheme to hack into more than 15 telecommunications companies and then reroute calls to their networks at no charge. He must also pay more than US$1 million in restitution, and will be deported once his sentence is served.
Read the rest of the article here.