That didn't take long.
Less than 24 hours after Ipswich, Mass. resident Michael Smith hit the press with AT&T's plan to sue him over a $1 million phone bill scam, the telecommunications giant is backpedaling.
An AT&T spokesperson told the Associated Press they will drop their suit against Smith, who they personally blamed for allowing a scammer to rack up $891,470 worth of charges on his company's phone by making $22/minute calls to Somalia––all in a single weekend.
AT&T sought $1.15 million from Smith in restitution (interest and fees included) even though the company wasn't his telephone servicer.
"Nothing about this makes sense,” Smith told the Salem News in a story published Monday. “AT&T is not arguing over whether these calls were fraudulent. There’s no dispute there.”
The hackers were able to use AT&T as a sort of "dial around long distance service," according to Salem News, which let them treat Smith's eight office lines like prepaid calling cards issued by AT&T.
As it turns out, Smith's actual provider, Verizon Wireless, had noticed a similar hacking in a separate incident and erased $260,000 worth of bogus charges.
He had no such luck convincing AT&T. The company claimed Smith was on the hook because he hadn't taken enough precautions against hack attacks in the first place.
Hackers were reportedly able to infiltrate his manufacturing firm's code-protected system by simply guessing the right access key.
If AT&T had pursued their claims and won, the suit would have bankrupted Smith and dissolved his company, he said. A phone call to Smith's company was not returned Monday afternoon.
Whether or not Smith's lax phone security was to blame for the hacking, he's certainly not alone. Even retail juggernauts like Subway have been victimized by hackers that weasel their way into point of sale systems and make off with millions.
With their typically smaller security budgets, small businesses like Smith's are key targets for hackers. A Verizon wireless study on security risk found 97 percent of cases were actually avoidable, which explains why AT&T might have had a solid argument against him.
"(Small businesses) don't know how defenseless they've become, especially to automated and industrialized attack methodologies by organized crime," study author Christopher Porter told told PCWorld.
Three simple tips outlined in the study could help business owners get a head start on scammers:
- Use a firewall. Install and maintain a firewall on Internet-facing services to protect data. Hackers cannot steal what they cannot reach.
- Change default credentials. Point-of-sale (POS) and other systems come with pre-set credentials. Change the credentials to prevent unauthorized access.
- Monitor third parties. Third parties often manage firewalls and POS systems. Organizations should monitor these vendors to ensure they have implemented the above security recommendations, where applicable.
More From Business Insider