Feeds

Google Adwords scammer charged premium to call NHS Direct

Presumably no mirrors in his house

Internet Security Threat Report 2014

Premium-rate call regulator PhonePayPlus has fined Red Play Media £50,000 for using Adword adverts to trick surfers into using premium-rate numbers to call non-premium services.

Red Play Media bought up Adwords, and Bing equivalents, to place links alongside searches for "NHS Direct" or similar. Clicking on the advert brings up a nice big phone number which, if dialled, will cost the caller £1.53 a minute as it offers to read out the real phone number or put the caller through (at the £1.53-a-minute rate), which was enough to garner 15 complaints and trigger the fine.

All companies using premium-rate phone lines are required to register with PhonePayPlus, which regulates their behaviour and investigates complaints, though not always as quickly as one might hope. The sites being run by Red Play Media - callerhelp.co.uk and phonenumber.co.uk - had been garnering complaints since December last year, with The Guardian reporting on the scam, and naming the companies, back in March.

And the practice is still endemic - type "tax office number" into Google and you'll get two ads for fastphonenumbers.co.uk and easyphonenumbers.co.uk, both of which belong to Square1 Communications Limited and rely on the small print to keep them legitimate:

Entirely legitimate service example

An entirely legitimate service for those who don't want to call 0845 300 0627... click for small-print-friendly version

Wayback Machine archives for the Red Play Media websites indicate the company wasn't always so assiduous about mentioning its rates, and the fact that it wasn't affiliated with the service being called, but any service generating customer complaints can trigger a PhonePayPlus investigation.

Red Play Media was not the only firm doing this, but unlike the rules-abiding Square1, which only targeted those seeking tax advice, Red Play Media bought Adwords for "NHS Direct" and various hospitals - which meant it was was deliberately targeting vulnerable groups who might not be thinking entirely clearly while Googling for emergency aid, also against the PhonePayPlus rules.

So thanks to PhonePlayPlus, those searching for a hospital - or Wonga.com (which Red Play Media also bought) - will be safe until the next buyer steps up, but those looking to call their local tax office should still dial with care. ®

Internet Security Threat Report 2014

More from The Register

next story
Shellshock: 'Larger scale attack' on its way, warn securo-bods
Not just web servers under threat - though TENS of THOUSANDS have been hit
Apple's new iPhone 6 vulnerable to last year's TouchID fingerprint hack
But unsophisticated thieves need not attempt this trick
PEAK IPV4? Global IPv6 traffic is growing, DDoS dying, says Akamai
First time the cache network has seen drop in use of 32-bit-wide IP addresses
Oracle SHELLSHOCKER - data titan lists unpatchables
Database kingpin lists 32 products that can't be patched (yet) as GNU fixes second vuln
Who.is does the Harlem Shake
Blame it on LOLing XSS terroristas
Researchers tell black hats: 'YOU'RE SOOO PREDICTABLE'
Want to register that domain? We're way ahead of you.
Stunned by Shellshock Bash bug? Patch all you can – or be punished
UK data watchdog rolls up its sleeves, polishes truncheon
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
The next step in data security
With recent increased privacy concerns and computers becoming more powerful, the chance of hackers being able to crack smaller-sized RSA keys increases.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.