Feeds

AT&T lets phone fraud victims off the hook

'Yes-Yes' voicemail subversion

  • alert
  • submit to reddit

Remote control for virtualized desktops

AT&T said Wednesday that it would forgive all of the outstanding long distance charges that the company had been trying to collect from victims of the notorious "Yes-Yes" voicemail subversion fraud.

The announcement follows months of fierce criticism of AT&T by consumer advocates, and the filing of two class-action lawsuits charging the company with unfair business practices. "It's good news for these consumers who have been scared blind by these charges and have developed health problems and stress problems dealing with these things," says Linda Sherry of Consumer Action, a non-profit group that championed the fraud victims. "AT&T dug in their heels for so long."

Last year fraudsters began cracking weak and default PINs on individual and small business voice mail boxes provided by local phone companies, then changing the outgoing messages to say "yes, yes, yes" over and over again. The newly-agreeable voice mail could then be used for third-party billings, with AT&T's voice recognition-based billing verification system -- and even live operators -- easily fooled by the virtual yes men.

The scam left scores of victims holding the bag for thousands of dollars of long distance calls they never made -- typical bills ran between $8,000 and $12,000. AT&T insisted that the victims pay up, arguing that it was the consumer's poor voice mail security that was at fault.

Telephone Turing Test

When pressed, the company sometimes offered to absorb 35% of a fraudulent billing, but pursued collection against consumers that didn't pay the rest. "We held the customer liable because it's the customer's voice mail service," says AT&T spokesman Jim Byrnes. "If they choose not to pay, we eat the expense."

The company announced Wednesday that it's will abandon those collection efforts against consumers who "resolve disputed charges with appropriate documents and agree to cooperate with AT&T in efforts to recover damages against any parties liable as a result of the fraudulent long-distance calling," according to a statement.

"It comes as fabulous news to me," says San Francisco travel agent Maureen Claridge. Claridge was billed for $8,000 for 36 hours of phone calls made from Saudi Arabia after her voice mail was cracked last November. Claridge refused to pay, and was served with legal notice from AT&T last week. "They served me last Tuesday... This is incredible," she says.

AT&T says the amnesty offer only applies to past victims of this particular type of fraud -- the company counts less than 250 among its own customers.

To combat the scam, the AT&T recently added a Turing test to its billing verification process: to accept a third-party billing now, a customer must prove to AT&T's computer that he or she is human by repeating a randomly-chosen number, the company says. AT&T claims the measure has all but eliminated the Yes-Yes fraud on their network. "We're confident that we have implemented these measure to handle this fraud adequately," says Byrnes, who nevertheless advises consumers to secure their voice mail. "We're urging customers to remain vigilant to safeguard their systems."

© SecurityFocus

Internet Security Threat Report 2014

More from The Register

next story
Webcam hacker pervs in MASS HOME INVASION
You thought you were all alone? Nope – change your password, says ICO
You really need to do some tech support for Aunty Agnes
Free anti-virus software, expires, stops updating and p0wns the world
Meet OneRNG: a fully-open entropy generator for a paranoid age
Kiwis to seek random investors for crowd-funded randomiser
USB coding anarchy: Consider all sticks licked
Thumb drive design ruled by almighty buck
Attack reveals 81 percent of Tor users but admins call for calm
Cisco Netflow a handy tool for cheapskate attackers
Privacy bods offer GOV SPY VICTIMS a FREE SPYWARE SNIFFER
Looks for gov malware that evades most antivirus
Patch NOW! Microsoft slings emergency bug fix at Windows admins
Vulnerability promotes lusers to domain overlords ... oops
prev story

Whitepapers

Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
Getting started with customer-focused identity management
Learn why identity is a fundamental requirement to digital growth, and how without it there is no way to identify and engage customers in a meaningful way.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Reducing the cost and complexity of web vulnerability management
How using vulnerability assessments to identify exploitable weaknesses and take corrective action can reduce the risk of hackers finding your site and attacking it.
Top 5 reasons to deploy VMware with Tegile
Data demand and the rise of virtualization is challenging IT teams to deliver storage performance, scalability and capacity that can keep up, while maximizing efficiency.