Have I been Hacked - and how to tell

I have a Freepbx 15. VM on Vultr. I have a main office and 3 remote locations. One location is rarely visited. Just visited on 12/28/2022. I went to test the phones by calling my own cell phone. At the time, my cell phone was connected to WIFI on the same network as the endpoint.

The first call to my cell phone, the endpoint rang and rang, but my cell phone showed no call.
Same for second call
Same for third call, because you know, trying the same thing over and over expecting a different result.

I then picked up my spouses cell phone and called my cell phone. Both cell phones were on WIFI. Different cell carriers. Call goes through just fine. Rings on my cell phone. I hang up before it goes to voicemail.

Fourth call from my endpoint to my cell phone. Still not ringing on my cell phone but instead of interminable ringing I get a voicemail greeting. And the Voicemail greeting that is supposed to be my cell phone was not my greeting at all. Instead it said something like “you may be trying to find a lawyer …”, it wasn’t my voice. It wasn’t my message. but I am a lawyer. My spouse was still standing there and heard the greeting on the speaker phone and we both said WTF?

Now I stopped doing the same thing over and over again. I disconnected my phone from WiFI. I called again and the endpoint rang and my cell phone rang. I think - ok, something on the WIFI network and/or my carrier - but that doesn’t explain being connected to another lawyers voicemail greeting. So then I re-connect to WiFI and try again. This time it works. Call comes through to cell phone, my voicemail greeting. Works everyday for the next week whether I am connected to WiFI or not.

So I’m still worried because of a call to my cell phone going to someone else’s voicemail, but at least calls are going through.

I look at the log files for asterisk. I can see the calls going out to my cell number but I don’t see anything that looks unusual.
I look at the call records on my trunk provider. all looks good.
I look at the cell carrier call list and learn that it isn’t instantaneously updated. So no information.

Now I’m back in the office. Calls still go through to my cell phone from the office. Great. Still worried about the strangely relevant voicemail greeting that only occurred once. I just looked at my cell carrier usage report and it shows no call to my cell phone on the test date.

Then two clients call today. They both say - “were you trying to call me. I got a call on xxx date and my caller ID say ‘my name at XXX-XXX-XXXX.’ but there was no voicemail.” The CID number is not one of my numbers. I didn’t try and call them. our outgoing CID does not use “my name” but the firm name.

the XXX-XXX-XXXX they reported appears to be a disconnected number. I just called it an got a disconnected error.

Perhaps this is all a coincidence. But someone spoofing me to clients, who you wouldn’t know were my clients unless you broke into my office computer system, is just worrying. Especially when calls to my own cell phone were redirected to a stranger voicemail just a week ago.

I’m a bit at a loss of what to check or do next

Chris