Hacking into mobile voice mail is surprisingly easy on many largest cell-phone carriers wordwide, thanks to web-based services that make your call appear to come from the cell phone you’re trying to hack.

Easy access to voice mail is a common convenience on many phones. Opening a mobile displays an icon if someone has left a voice message. Click on the icon, and the phone automatically dials the voice mail box – some without even requiring a password. It’s insecure, but a lot of users don’t think about it.

How does it work? The phone is programmed to dial the voice mail number, and the mail system looks at the caller ID of the incoming call to see whose voice mail box to access. It’s simple and easy, but it’s wide open to anyone who can spoof caller ID (or to someone who finds your phone).

Most carriers do not require passwords/PINs. The default when you set up your phone is not to require a PIN; the voice mail tells who is calling by looking at the caller ID, but does not require a PIN for validation. That means caller ID spoofing is enough to hack voice mail, if the user has not gone to the extra trouble to set up a PIN. So if you’re concerned about being hacked, you need to go through the extra steps of setting up a PIN.

The trouble with mobile base stations comes from transmitting signals without encryption, so passwords are transmitted in plain text and can be detected by ‘sniffers’. To be sure passwords are encrypted, log in to sites at https addresses, not just http.

The internet offers many web-based spoofing services, easy to locate by searching for “caller ID spoof”. Users enter the number they are calling from, the number they are calling, and the number being spoofed, then place calls through the Internet or a toll-free number operated by the service. One web service boasts spoofing makes calling “truly private, fun, and inexpensive!”  That sounds like just the thing for fraudsters, stalkers.