[jdee]

Back in the day when 0898 numbers existed in the UK you could make £1.50 per minute.

I knew a guy who made a LOT of cash by hooking one up to a fax machine and then calling window companies and telling them "I'm about to go into a meeting where we are going to decide which windows to buy for a skyscraper we are building, please can you fax me your brochure immediately". He then gave them the 0898 number to fax the 200 page brochure to...

[nwh]

I'll bite.

With the original story there's some feeling of comeuppance, and it's not really a huge financial burden on the company making thousands of calls a day.

In your story—illegalities aside—they're just being a complete asshole.

[jdee]

Agreed. I didn't suggest otherwise. I'm just recounting a similar story about premium rate numbers in the UK.

[vidarh]

Which is the very reason why most of the expensive premium rate numbers are now only in the 09 range and heavily regulated. You can still try doing this, but people would immediately question why you were giving them an 09 number.

The remaining premium rate problem in the UK is mainly 070 numbers, which are "personal numbers" used for forwarding services, and while there are some legitimate users, most uses these days are scammers trying to confuse people to think they're cellphone numbers.

[stevewillows]

In a sense it's no different than sending false invoices to large corporations in hopes that they won't double check for a service or product.

[eli]

Sounds pretty unethical.

[carleverett]

Yeah, it's one thing to charge companies for phone calls when they were going to call you anyways, it's another thing to suggest to a company that you're interested in a bulk order, and then charge them to send you the information that you requested. That's sounds more just like theft.

[jdee]

You are correct. I'm pretty deeply involved with telco fraud and it's countermeasures. This is really tip of the iceberg as to what goes on.

The latest scams involve making your iPhone show missed calls even though your phone didnt ring by sending it a really short call attempt. Guess what the caller ID of the missed call is? Premium rate number. The amount of people who ring back these calls is incredible.

When you call the line you hear a long dial tone. You think its dialling the number but its already been answered and is charging you per minute...

Again, I'm not making any representations that these things are ethical, but they absolutely go on today, and these are the only kinds of scams I feel comfortable sharing - the reality is a lot scarier.

[joshaidan]

That's very interesting.

I've seen lots of toll fraud at my work. Often a VoIP device like an Asterisk server or a VoIP phone will be compromised and used to send calls to a premium rate number, usually at a very high call rate. This is their downside, they're exploited by people who want to make a quick buck. And carriers are forced to pay them because they have contracts with their toll trunk providers that all calls sent through those trunks are legitimate calls.

jdee, have you ever had any success prosecuting anyone committing fraud? Wonder if that's even possible.

[jdee]

Some of the offices in our building are serviced and come with telephony systems included. The owner of these offices has been hit with exactly this attack and ended up with a bill for £150k . Nearly ruined his business and the carriers are not at all sympathetic.

I've not heard of a single case where successful prosecution has occurred. I think OFCOM and the police view these attacks against financial institutions as a 'cost of doing business' - if you dont want fraud, dont run a bank - attitude.

[ballard]

The whole point of publicizing gambits is to make them less effective. (Sounds like you could write a book and make a killing on this topic.)

Edit: An obvious hack in the US would be to spoof a bank's caller id and start calling as the "fraud department" ... Leaving the rest to the imagination.

[sciguy77]

Well now you have to tell us about the really scary ones!

[jdee]

Without going into details there are vulnerabilities that are being exploited today that are netting fraudsters millions a day and there is very little can be done to stop them.

The most interesting thing you learn about these fraud teams is that it is a job to them - meaning they work 9-5.30, dont work weekends or holidays. This is industrialised fraud on an enterprise scale.

If you wanted my advice: Dont trust any 2 factor authentication system that uses your mobile unless its for a large bank

Dont data roam with your mobile when abroad, better still, leave your mobile at home.

Before doing anything secure with your phone, call it to ensure its not been redirected

Dont say anything in a call that you wouldnt want played back to you at some point in the future...

[616c]

I do not offer to buy things often from stuff posted on HN.

PLEASE WRITE A BOOK. I would most definitely buy your anecdotes, and even more for anecdotes that motivated this advice to pass of to people.

Also, how did you get into the line of work you are in?

[noelrock]

We had a whole spate of these in Ireland recently. A large % of mobile users on a particular network woke up to missed calls: http://www.thejournal.ie/mobile-phone-scam-slovenian-number-...

[Ziomislaw]

Like cold calling?

[rmc]

Sounds like he committed a crime (fraud). Be careful with that tactic.

[niuzeta]

very, very unethical; you should write a book.

[hnncl]

Very sneaky! I wish I'd thought of it!