Tilted Forum Project Discussion Community - View Single Post - You got your phone hacked? Tough! Pay the Bill.

ARTelevision · 05-27-2003, 06:46 AM

You got your phone hacked? Tough! Pay the Bill.
...............................
Don't get me started about hackers...
They are destroying our ability to communicate with each other.

In the meantime, get ready to pay for the damages they incur.

...............................
'Yes scam' bilks AT&T customers
Company says they must pay for unauthorized calls

Tuesday, May 27, 2003
San Francisco Chronicle

When Susan Steel called her phone line a few months ago, she heard something strange.

Instead of her usual voice-mail greeting, a man with an accent answered: "Investment office, please hold." Then after a burst of elevator music, the voice returned to say "Yes . . . yes . . . yes." Steel kept saying "hello," but the man ignored her, then hung up.

It wasn't until the next day that Steel, a self-employed employee recruiter in San Francisco, learned what had happened: She was the victim of the "yes scam."

Someone had hijacked her voice-mail box to make thousands of dollars in long-distance phone calls to Saudi Arabia and the Philippines.

Here's how the scheme works:

In recent months, hackers have been dialing into peoples' voice-mail boxes and trying to guess the password. If successful, they then record a new outgoing message. Later on, the hacker places a long-distance phone call and asks the operator (or a computer) to forward the charges. The operator calls the hacked phone number and gets the changed message, which tricks the phone company into thinking that the line's owner has agreed to accept the charges for a long-distance phone call.

In Steel's case, before she had a chance to change her phone message, the hackers had run up more than $20,000 in long-distance charges via AT&T, including 95 hours in overseas calls.

But what came next is even worse: Even though AT&T agreed Steel was the victim of fraud, it insists she is on the hook for much of the charges.

"It is an awful thing," Steel said. "I can't sleep. I wake up and think about it."

Steel is hardly alone. Phone thieves have reportedly broken into the voice- mail systems of scores of victims nationwide, sticking them with thousands of dollars in overseas phone charges before they detect anything amiss.

Experts said AT&T is just one of several companies affected by the scam. But while SBC Communications and some other companies have agreed to reverse the charges, critics complain that AT&T is insisting customers pay for thousands of dollars in calls they never made.

"This is devastating people," said Linda Sherry of Consumer Action, a San Francisco consumer group that has heard from 13 victims so far, all AT&T customers. "I am talking with trial lawyers to see if they can do anything."

AT&T, however, blamed the customers for using easy-to-guess passwords or never bothering to change the default passwords assigned by their local phone company. (Steel, who never worried about anyone tapping into her voice-mail box, simply used the easy-to-remember code 1-2-3-4.)

"The customer is responsible," said AT&T spokesman H. Gordon Diamond. In addition, Diamond faulted SBC for not doing enough to warn customers to change their voice-mail codes.

But SBC blamed AT&T's automated system, which asked the same question exactly the same way, making it easy to fool with a recorded message.

In Steel's case, Diamond said, a human operator was fooled by the message.

But Diamond said the phone company has taken several measures to trip up the scam in the future. For instance, the company sometimes asks recipients of a collect call to punch in a random number on their key pad to make sure it's a real person authorizing the call, and not a sophisticated voice-mail recording.

Since it added the security measures earlier this year, Diamond said the company has recorded only a handful of voice-mail fraud cases.

But SBC spokesman John Britton faulted AT&T for continuing to press victims of the scam to pay for the fraudulent calls.

"It's terrible for the consumer," said Britton, adding that SBC and several other carriers have waived any such charges. "I don't know why AT&T is trying to make further victims of these consumers."

Steel's attorney, Jeffrey Keller, said he is considering suing AT&T on behalf of Steel and other victims, saying the company could have eliminated the scam altogether with tighter security.

"It's outrageous," Keller said. "There are ways to prevent this."
.................

If 1984-type measures to ferret out crime concern you, while you're blaming big brother, don't forget to blame the folks who hack our communications.

I'm not going to go on about this. It all disturbs me way too much.

05-27-2003, 06:46 AM	#1 (permalink)
ARTelevision I change Location: USA	You got your phone hacked? Tough! Pay the Bill. You got your phone hacked? Tough! Pay the Bill. ............................... Don't get me started about hackers... They are destroying our ability to communicate with each other. In the meantime, get ready to pay for the damages they incur. ............................... 'Yes scam' bilks AT&T customers Company says they must pay for unauthorized calls Tuesday, May 27, 2003 San Francisco Chronicle When Susan Steel called her phone line a few months ago, she heard something strange. Instead of her usual voice-mail greeting, a man with an accent answered: "Investment office, please hold." Then after a burst of elevator music, the voice returned to say "Yes . . . yes . . . yes." Steel kept saying "hello," but the man ignored her, then hung up. It wasn't until the next day that Steel, a self-employed employee recruiter in San Francisco, learned what had happened: She was the victim of the "yes scam." Someone had hijacked her voice-mail box to make thousands of dollars in long-distance phone calls to Saudi Arabia and the Philippines. Here's how the scheme works: In recent months, hackers have been dialing into peoples' voice-mail boxes and trying to guess the password. If successful, they then record a new outgoing message. Later on, the hacker places a long-distance phone call and asks the operator (or a computer) to forward the charges. The operator calls the hacked phone number and gets the changed message, which tricks the phone company into thinking that the line's owner has agreed to accept the charges for a long-distance phone call. In Steel's case, before she had a chance to change her phone message, the hackers had run up more than $20,000 in long-distance charges via AT&T, including 95 hours in overseas calls. But what came next is even worse: Even though AT&T agreed Steel was the victim of fraud, it insists she is on the hook for much of the charges. "It is an awful thing," Steel said. "I can't sleep. I wake up and think about it." Steel is hardly alone. Phone thieves have reportedly broken into the voice- mail systems of scores of victims nationwide, sticking them with thousands of dollars in overseas phone charges before they detect anything amiss. Experts said AT&T is just one of several companies affected by the scam. But while SBC Communications and some other companies have agreed to reverse the charges, critics complain that AT&T is insisting customers pay for thousands of dollars in calls they never made. "This is devastating people," said Linda Sherry of Consumer Action, a San Francisco consumer group that has heard from 13 victims so far, all AT&T customers. "I am talking with trial lawyers to see if they can do anything." AT&T, however, blamed the customers for using easy-to-guess passwords or never bothering to change the default passwords assigned by their local phone company. (Steel, who never worried about anyone tapping into her voice-mail box, simply used the easy-to-remember code 1-2-3-4.) "The customer is responsible," said AT&T spokesman H. Gordon Diamond. In addition, Diamond faulted SBC for not doing enough to warn customers to change their voice-mail codes. But SBC blamed AT&T's automated system, which asked the same question exactly the same way, making it easy to fool with a recorded message. In Steel's case, Diamond said, a human operator was fooled by the message. But Diamond said the phone company has taken several measures to trip up the scam in the future. For instance, the company sometimes asks recipients of a collect call to punch in a random number on their key pad to make sure it's a real person authorizing the call, and not a sophisticated voice-mail recording. Since it added the security measures earlier this year, Diamond said the company has recorded only a handful of voice-mail fraud cases. But SBC spokesman John Britton faulted AT&T for continuing to press victims of the scam to pay for the fraudulent calls. "It's terrible for the consumer," said Britton, adding that SBC and several other carriers have waived any such charges. "I don't know why AT&T is trying to make further victims of these consumers." Steel's attorney, Jeffrey Keller, said he is considering suing AT&T on behalf of Steel and other victims, saying the company could have eliminated the scam altogether with tighter security. "It's outrageous," Keller said. "There are ways to prevent this." ................. If 1984-type measures to ferret out crime concern you, while you're blaming big brother, don't forget to blame the folks who hack our communications. I'm not going to go on about this. It all disturbs me way too much. __________________ create evolution