Feeds

AT&T lets phone fraud victims off the hook

'Yes-Yes' voicemail subversion

  • alert
  • submit to reddit

Next gen security for virtualised datacentres

AT&T said Wednesday that it would forgive all of the outstanding long distance charges that the company had been trying to collect from victims of the notorious "Yes-Yes" voicemail subversion fraud.

The announcement follows months of fierce criticism of AT&T by consumer advocates, and the filing of two class-action lawsuits charging the company with unfair business practices. "It's good news for these consumers who have been scared blind by these charges and have developed health problems and stress problems dealing with these things," says Linda Sherry of Consumer Action, a non-profit group that championed the fraud victims. "AT&T dug in their heels for so long."

Last year fraudsters began cracking weak and default PINs on individual and small business voice mail boxes provided by local phone companies, then changing the outgoing messages to say "yes, yes, yes" over and over again. The newly-agreeable voice mail could then be used for third-party billings, with AT&T's voice recognition-based billing verification system -- and even live operators -- easily fooled by the virtual yes men.

The scam left scores of victims holding the bag for thousands of dollars of long distance calls they never made -- typical bills ran between $8,000 and $12,000. AT&T insisted that the victims pay up, arguing that it was the consumer's poor voice mail security that was at fault.

Telephone Turing Test

When pressed, the company sometimes offered to absorb 35% of a fraudulent billing, but pursued collection against consumers that didn't pay the rest. "We held the customer liable because it's the customer's voice mail service," says AT&T spokesman Jim Byrnes. "If they choose not to pay, we eat the expense."

The company announced Wednesday that it's will abandon those collection efforts against consumers who "resolve disputed charges with appropriate documents and agree to cooperate with AT&T in efforts to recover damages against any parties liable as a result of the fraudulent long-distance calling," according to a statement.

"It comes as fabulous news to me," says San Francisco travel agent Maureen Claridge. Claridge was billed for $8,000 for 36 hours of phone calls made from Saudi Arabia after her voice mail was cracked last November. Claridge refused to pay, and was served with legal notice from AT&T last week. "They served me last Tuesday... This is incredible," she says.

AT&T says the amnesty offer only applies to past victims of this particular type of fraud -- the company counts less than 250 among its own customers.

To combat the scam, the AT&T recently added a Turing test to its billing verification process: to accept a third-party billing now, a customer must prove to AT&T's computer that he or she is human by repeating a randomly-chosen number, the company says. AT&T claims the measure has all but eliminated the Yes-Yes fraud on their network. "We're confident that we have implemented these measure to handle this fraud adequately," says Byrnes, who nevertheless advises consumers to secure their voice mail. "We're urging customers to remain vigilant to safeguard their systems."

© SecurityFocus

The essential guide to IT transformation

More from The Register

next story
Goog says patch⁵⁰ your Chrome
64-bit browser loads cat vids FIFTEEN PERCENT faster!
Chinese hackers spied on investigators of Flight MH370 - report
Classified data on flight's disappearance pinched
NIST to sysadmins: clean up your SSH mess
Too many keys, too badly managed
Scratched PC-dispatch patch patched, hatched in batch rematch
Windows security update fixed after triggering blue screens (and screams) of death
Researchers camouflage haxxor traps with fake application traffic
Honeypots sweetened to resemble actual workloads, complete with 'secure' logins
Attack flogged through shiny-clicky social media buttons
66,000 users popped by malicious Flash fudging add-on
prev story

Whitepapers

Top 10 endpoint backup mistakes
Avoid the ten endpoint backup mistakes to ensure that your critical corporate data is protected and end user productivity is improved.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Backing up distributed data
Eliminating the redundant use of bandwidth and storage capacity and application consolidation in the modern data center.
The essential guide to IT transformation
ServiceNow discusses three IT transformations that can help CIOs automate IT services to transform IT and the enterprise
Next gen security for virtualised datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.