Scammers posing as representatives of phone service providers, such as BT, are calling up UK subscribers in an attempt to trick prospective marks into handing over credit card or bank details under threat of disconnection. Plausibility is added to the scam by a trick designed to fool people into thinking that their line has been …
Catching them would be trivial...
If BT are serious about catching these people, why don't they publish a hotline number that victims can call from a mobile WHILE THE SCAMMERS ARE ON THE LINE. Then BT can instantly check the number of the caller (withholding caller ID only prevents the customer from seeing the originator's number, not BT) and they will immediately know exactly who they are and where they are. Pass it on to the police, and hey presto; nasty scummy scammers behind bars. Simple.
Simlar to the old practice of rival cab firms ringing each other and leaving the line open to block any customers calling.
It's an education problem
I'm surprised people don't have basic knowledge about phone call safety.. it's not like it's a new technology.
1. Never, ever, believe someone when they call you saying they're from a bank, credit card company, etc. Always hang up and phone a publicly available number to verify (not one they tell you). Preferably use a different line (a more sophisticated version of this scam would be to present a fake dialtone). Also - callerid is easy to spoof.. it's no proof of anything.
2. Use the recall button. That defeats this scam (technically, it puts them on hold, but you have a clear dialtone afterwards).
How to end a call when the other party won't hang up
Press the Recall button, or if you don't have one, tap the receiver rest. You'll get a dialling tone. Put the receiver down. The phone will ring. Don't answer it (if you do, you're back to the original call). When it stops ringing, the call will have been ended.
Scam probably wouldn't work in the US...
In the US, AFAIK, either end can terminate a call since the phone company can detect the hook status of either phone. Once the phone company detects that either end has been on hook for a certain time (usually, ten seconds), it terminates the call. If the other end is still there, the phone company will then go into its "phone has been left off the hook routine" ("If you would like to make a call...", followed by that VERY annoying series of beeps).
Perhaps BT should consider altering its telephone call policy to allow either party to terminate a call.
"fraudster stays on the line"?
I don't use BT, so could someone clarify? Does this attack rely on the victim trying to make an outgoing connection within the "disconnect clear time" (less than a sec)?
"In reality, the fraudster stays on the line with the mute button on. Because the person who initiates a call is the one to terminate it, a prospective mark is left unable to make a phone call, or even obtain a dial tone."
This is absolute nonsense -- either party can terminate a call on a line, so if you terminate the call the 'fraudster' is disconnected
Can't hang up ?
Press the R button and initiate another call, then press R again and press 3 - you can conference in the person you dialled with the criminal - it'd be good if you called the local police and conferenced them in with the criminals.
If only there was the capability of the local exchange to keep call logs for 24 hours so these guys could be tracked down and prosecuted.
This has been going on for years
I received one of these two years ago while at work, so I recorded the call.
"This call is now being recorded. For the benefit of the recording, can you please repeat what you've just told me?"
Surprisingly, they didn't hang up and apparently happily repeated most of it.
I was very disappointed with BT that they did absolutely nothing about it afterwards - they most definitely had the caller's number, as it turned up on our caller ID!
Maybe this time around they'll be bothered.
Doubt it though.
Supposing they do get caught, you can be sure they'll get off with a slap on the wrist and do the same thing again in another couple of months.
Never give out your details to ANY incoming caller... because whatever "proofs" they offer, they could be anyone. Always tell any incoming caller very clearly that to contact you about your account they MUST write to you and please could they refrain from calling this number again. Harrassment Law refers here; if they call another TWICE having clearly been requested to stop, they are potentially harrassing you.
If it's a bogus caller of course they will never write to you...
Crust Phone System?
I don't know about the rest of the U.S., but all you have to do here (in the D.C.) area is hang up and leave stay that way for more than 45 seconds and the call is automatically terminated, not matter who initiated the call.
When I was a kid it was common practice to prank people like this but that was a long time ago - right after then end of rotary phones and the introduction of the mute button.
This article seems to be saying that the UK's phone system is crusty and old - is that true?
I am amazed
that this has only been going on for a couple of months. Mute has been available on phones for decades!
Even assuming they were waiting for something like VOIP linked to the PSTN (no caller ID, cheap, capable of calling from around the world- it's pretty much the one type of fraud where an Indian accent would make it more believable!) they'd have been able to do it for years.
The solution, though, is to make sure that you've got a call-length counter on your phone. If it's still counting up when they've "hung up", swear profusely down the line.
I'm off to try this on my parents...
Too much to ask,
It is of course far too much to ask for BT to set up a hotline for reporting this stuff?
An entry on their labyrinthian voice menu for example?
Try reporting this to customer services and I'd bet my right nad that you'd just get a canned speech about BTs disconnection procedure, or puzzled comments about your account being healthy, there is no way you'd actually be able to report what is essentially a criminal act in progress.
You can try telling the police, but they won't have any better time dealing with BT than you do.
Why does the phone system work this way? Why can't the call end automatically when either party hangs up?
Apart from the scam aspect, the current system also allows a complete stranger to prevent you from using your phone (it won''t even cost them anything if they have free calls). That, to my mind, is a more serious abuse than nuisance calls.
Here we go again...
Having read several accounts of this scam I'm amazed that anyone would fall for this amateurish trick. But then again some people fall for 419 scams so I shouldn't be surprised by anything.
Cant believe they havnt fixed this
In the good old days of mechanical exchanges I can understand why the line does not drop until the caller hangs up, thus blocking the line.
But come on now, we are all digital now, if I hang up on a call it should drop the call, its my line not the callers!
Saw this on the TV news this morning, I thought it was quite cunning.
What I did think was pretty strange was the BBC insisting on showing a map of the UK and highlighting counties where it had been reported.
Ummm... Does anyone want to point out that telephone cons aren't exactly geographic! Come to think of it, the same goes for the Police, why are West Midlands investigating and not national?
Quick guys, West Midlands Police are investigating, we're moving to Scotland, stop dialling 0121 use 0131...
For once I have some sympathy for the scammed
Hopefully these fraudsters are leaving a trail behind them. I did read somewhere that they are operating from abroad which might make it more difficult.
I'm puzzled how they are getting the money. The best I can come up with (by deduction) is...
They are not getting internet log ins, that would be too difficult to get marks to give them.
They are not taking card payments on the telephone, that would need merchant services, which would make them easy to catch.
So they must be collecting card numbers, expiry dates and the third security digits from the back of the card. That means the card will be cloned and used in a third world country with low security such as Malaysia, Egypt or the United States of America to make dodgy purchases...
In those cases, thankfully, the person being defrauded should get their money back from their bank or credit card company.
"Because the person who initiates a call is the one to terminate it"
What phone network is this pertaining to? Not on any network I've used and certainly not on any public telephone network in the UK.
Isn't the first thing anyone does...
...when they have problems with a call, to hang up and pick up a couple of times to 'reset' the dial tone? Hell, people were doing that in the movies in 1930; seems to me that the young would be more likely to get nailed by that than the elderly, for whom it should be second nature...?
great advice from BT
"If there is any doubt at all, a BT employee will be able to give the customer their employee ID number and an 0800 number to call, where the customer can check that they are who they say they are."
as a fraudster couldn't possibly set up an 0800 number and pretend to be BT verifying their own identity.
Yeah nice idea of security that...
"If there is any doubt at all, a BT employee will be able to give the customer their employee ID number and an 0800 number to call, where the customer can check that they are who they say they are. The customer can also check their identity by calling 0800 800 150."
Because that cant be faked at all...
You have to wonder dont you? My bank (HSBC/First Direct) will still call me and ask security questions to prove who _I_ am!!
Bank account details.
"some people have been persuaded into giving the fraudsters their bank account details"
Why do so many people seem to think that giving a bad guy your account details is tantamount to giving them all your money? Probably because it keeps being reinforced by statements like the above.
Almost got me...
I was almost a victim of this scam a few months ago when some "manager" from BT phoned to say that my direct debit had inexplicably been cancelled by my bank and I was now in breach of BT's terms and conditions. I was given this one incoming call to pay off the balance to date (via credit or debit card) or else I would be cut off and face a reconnection fee. The scammer went through his "proof" that he was in control of my line but I told him that his demonstration proved nothing.
However, I did believe he was from BT because of the company's recent bad behaviour (Phorm etc.) ,I really believed they were capable of using this sort of bullying tactic. I ranted at the bloke for a few minutes and he eventually gave up and hung up on me. I immediately phoned BT's customer service dept to complain (expecting to be cut off at any moment) only to be assured that there was no problem with my account. I phoned my parents to prepare them in case they received a similar call (which they later did). It seems the scammers were making their way through the phone book.
Nationalise BT and the whole telecoms industry.
Give it to the post office to run.
Stupid, Stupid advice.
If there is any doubt at all, a BT employee will be able to give the customer their employee ID number and an 0800 number to call.
For Fucks sake, BT, if they've given you the number to call, it is WORTHLESS.
"If there is any doubt at all, a BT employee will be able to give the customer their employee ID number and an 0800 number to call, where the customer can check that they are who they say they are."
WTF? And what exactly prevents a fraudster from handing a fake ID and an 0800 number, where they can then 'confirm' their legitimacy?
If anyone contacts me regarding my credit cards, unpaid bills or otherwise demanding payment, my first act is to look up the stated organisation in the PHONE BOOK. That's the number I dial for confirmation, and if it isn't forthcoming - no information or money changes hands.
I certainly wouldn't put credence in a number given to me over the phone by someone who has just called me saying I need to update my details or hand over money. What a joke!
I'd terminate their services
Grrr, these rat bags need exterminating.
Still, it's an old trick we used to play as kids.
The not hanging up bit, not the fraud...
Call a trusted number
'a BT employee will be able to give the customer their employee ID number and an 0800 number to call'
Isnt that the next level of the scam, set up an 0800 number with an associate so that the employee id can be verified?
Doing business with someone on an inbound call is the same as clicking on every link offering to increase the size of your manhood, it will just end in tears.
Paris, because if she gave me a call I would believe every word
Criminals tapping into "phone trust"
Thanks for bringing some light to this. Sounds like Phishing via phone has become a reality and its more widespread than I thought: There is already an anti-phone-spam community (www.numbercop.com) in US and UK, which works like a early phone spam warning system among consumers. They also give away a free Phone Spam Blocker software for BlackBerry.
This "Because the person who initiates a call is the one to terminate it, a prospective mark is left unable to make a phone call, or even obtain a dial tone." is nonsense.
Stating the obvious
Surely this just re-iterates the need for, what seems to me, a very obvious piece of security for any company that deals with banking or billing.
That is for you to have a pass phrase lodged with them that they must state when contacting you, and before you divulge any details.
Reprogram the phone system!
If I disconnect a caller, for whatever reason, I want him disconnected and my phone line to then work for outbound calls!
What's to stop housebreakers using this DoS technique to prevent victims from calling the police?
I think I'd just
pick my phone up again and leave it next to the radio until they got fed up (and had to pay to keep the line up in the meantime)
But then I'm childish.
I'd have thought in this age of everything being logged it would be a trivial matter for providers to work out who made the calls and send plod to investigate. As a minimum suspend the caller's service pending investigation. Bastards who con the vulnerable deserve everything they get.
It always puzzled me why they wont let either party terminate a call. With this day and age of free calls you could easily get cut off by a part of people holding your line open....
I am actually surprised this doesn't happen more. So many companies, banks included, call you with no Caller ID and then ask YOU to provide THEM with ID!! There is no way to prove who they are and it is them who called you!
One way to check...
...would be to whip the phone plug out of the wall for a few seconds? Would that work?
Dunno. Haven't had a landline (except for ADSL) for over 10 years. Not at home nor at work. That's Finland for yer.
It's about time ...
... that the ability of a caller to tie up your line is removed. One could disable a landline by calling it on an unregistered mobile prior to a burglary or other nefarious business. Thank goodness mobiles don't suffer from the same problem.
my aunt sent me this in a mass mailer about two weeks ago
didnt actually beleive it !
stupid advice from BT (no surprise!)
They are reported above as saying "If there is any doubt at all, a BT employee will be able to give the customer their employee ID number and an 0800 number to call, where the customer can check that they are who they say they are."
NEVER verify a callers identity by calling back on a number the caller provides, if it's a scam you'll be calling the scammer and asking him to verify himself.
Best practise for BT or anyone else making outgoing calls which might lead to the caller wanting to verify their identity should be "call the number on your bill or use the phone directory and quote this reference....". Of course the problem is that we know that the number on our bill will lead to an interactive menu and a call queue and it's going to take ages so if the caller says "to avoid that use this number..." they've got you.
Of course if the telecoms operators placed the needs of their customers higher they'd offer an inbound calls blacklist, and would disconnect anyone lines reported as the source of scams and those making sales calls to TPS registered numbers. They would offer complaint handling for "number withheld" calls so customers can report time and date of an incoming number witheld call. If several complaints were made against the same number the underlying subscriber line woukd be black-listed or at least no longer permitted to make number withheld calls (not disclosed to complainants).
That would of course mean that BT would have to disconnect themselves as they make "Market research" calls to TPS registered numbers.
TPS permits "genuine market research calls". Note the word "genuine". So when someone purporting to be representing BT call to ask me some "market research" questions like "would you like more customers", insisting they're not selling anything and then lead into "When can our consultant to visit to tell you about ways of getting more customers" and of course "No he's not a salesman". Maybe I'm just a jaded old cynic but my opinion is that BT aren't going to be paying a "consultant" to spend time with me out of generosity. I bet he's not just going to advise me to put an ad in the local newspaper, I suspect he's going to be under a strong imperative not to come away without having sold me a BT service.
This ones giving me grief!
Given that I work in IT (Albeit supporting the IP phones), a lot of users are calling me about this as they get the call on their home phones, either from the scammers or in a few cases, from friends and family who have heard about the scam and are messing about.
Undocumented feature / nice little earner for BT
Once or twice after failing to hang up a cordless phone correctly, I found the line was still open - quite some time later.
For how many minutes do you continue to pay for the call if the other party has hung up? Nice litter earner / undocumented feature for BT, though.
"So many companies, banks included, call you with no Caller ID and then ask YOU to provide THEM with ID!! There is no way to prove who they are and it is them who called you!"
Absolutely spot on. I was contacted by <big bank> last week by text to say my card was being used fraudulently and would I contact them on 08nnnnnnn. I did so, then we had this sort of dancing routine where they asked for my DOB to prove my identity to which I replied "Yes of course, just as soon as you have proved to me you are <big bank>. It was almost laughable really, a stalemate, but eventually, they provided a piece of info that only they and I would know and off we went. Hardly anyone ever checks though.
I had a similar thing several years ago in B&Q at the front of a large queue of people, where the card company rep, who the girl on the till had rung, apparently in response to a system mesaage, expected me to read out my card number, expiry, last 3 digits, home address, DOB, credit limit etc in front of all those people who were by now listening intently with curiosity. Not that I am suggesting any of them was dishonest, but... Incredible.
Nice try Gordo, but no cigar!
Well he's got to fill the coffers somehow!
BT disconnect delay
BT will keep a line open for two minutes to allow the called party to move to another room and pick up a different handset - caused major problems with an important client when i was working with predictive diallers as their previous vendor had fudged all the figures and convinced them they could disconnect a call immediately - untill we compared results with a side by side comparison using identical data.
Small outsourcing company 1, large dialler vendor 0 :)
Dialing in to keep your line busy?
Wait the maximum ammount of time (38 minutes) then dial out once it disconn.....wait, wrong show
@ John H Woods et al
The call hold time is there to allow people without cordless phones to move from one phone to another - if for example a phone is answered in the kitchen and the person being called wants to move into the lounge. It only holds for two minutes and it can be terminated early using the recall button trick others have mentioned. The only person who can properly tie up your line is an emergency operator who can hold it for as long as they like.
re: call timer on phone - this only works by counting from when the phone goes off hook, it won't show you if a call is connected.
@ Rick Axon - That would be every fixed line network in the UK then that you've never used.
Actually, that's rather bloody useful. Some of the people I call regularly are of an aged persuasion and have yet to aquire a suite of interconnected DECT phones with one basestation (God forbid, the fuckup possibilities here are endless). Thus they answer phone A and, needing to be elsewhere in the house, can hang it up, move and pick up phone B without cutting me off. The alternative, leaving phone A off hook to pick up phone B, invariably results in phone A being off-hook until such time as I can get a friend or neighbour to go round and remind them to hang it up.
@Nigel R. When whoever initiated the call (i.e. the one paying) hangs up, the call terminates. Therefore you can never end up paying while you wait for someone else to hang up. If you ever end up paying for a call for any length of time with nobody else on the line, hang the phone up (terminating the call) and kick yourself for being such a complete pillock.
Re: Call Hold Time
We have that here in the US as well, but the hold time is considerably shorter, probably on the assumption that one can reach another phone more readily in the US or have better means to keep the line held (such as "Holding" phones and roommates).
- Fee fie Firefox: Mozilla's lawyers probe Dell over browser install charge
- Did Apple's iOS make you physically SICK? Try swallowing version 7.1
- Pics Indestructible Death Stars blow up planets with glowing KILL RAY
- Video Snowden: You can't trust SPOOKS with your DATA
- Review Distro diaspora: Four flavours of Ubuntu unpacked