Monday, August 21, 2006

Fantastic Scam...

As Bruce says, we know we shouldn't give our credit card details to somebody who has called us. The genius described in the linked article reminds us that we can't even safely give our details when we make the call.

Moving house recently, I've been interested to note the differing levels of security used by different companies.

BT, Water, Gas and Electricity were the worst offenders: if you call them and give an account number and name, they'll do whatever you tell them. There's probably not much scope to defraud someone (although I'm not smart enough to spot loopholes of this sort) but you could certainly cause mischief (closing somebody's account and forwarding their bills elsewhere could be a way of ruining their credit history)

From the article, it seems AT&T go a step further: you can call them and get them to redirect any number to anywhere else.... I wonder if you could redirect a landline to a premium rate number. It'd be a neat way to make some free money.

(Note: I'm not actually advocating anyone actually try this.... I quite like being employed and free. Being unemployed and/or in prison isn't currently on my "to do" list)

3 comments:

Andrew Ferrier said...

I'm assuming/hoping/praying that if you call a number, X, which is forwarded to another number, Y, that you are charged by your phone company as if you had called X. Presumably any difference in price is picked up by the customer holding phone numbers X & Y. In fact, I remember reading somewhere that this is how special rate numbers (local, premium, etc.) work in the UK - the special number is forwarded to a 'real' landline - hence the trick of using the 'international' number for your bank and paying less (see http://www.saynoto0870.com/). So I suspect this trick wouldn't work here. But I'm not an expert on the phone system, so if anyone is in a position of authority to comment?...

Richard Brown said...

Perhaps I've misunderstood. The risk I was identifying was this:

Scammer asks BT to redirect number X to Y, where X is a landline (and hence cheap to call) and Y is a premium-rate number (and hence expensive to call and, crucially, pays a percentage of the proceeds to the owner of the number).

Thus, the scammer calls number X, which redirects to Y. Therefore, the caller (scammer) pays a local rate number but his expensive number receives the call (and so he receives the percentage of the premium rate fee).

The cost of the call to Y may be borne by the victim or BT - but from the perspective of the scammer, who cares?

Even worse, if it turns out that BT pick up the fees in situations such as this (I suspect they don't), you could envisage a cascade situation where you map the "real" landline that backs the premium number to another premium number and repeat....

Andrew Ferrier said...

Ah, OK. I get it now; I think I had the scammer and the innocent roles reversed. My bad.