Warning about mobile phone scam/fraud

[Switch]

I received this email today from a friend, please see below.

 

Dear All,

 

If you receive a phone call on your mobile from any person, saying that, he or she is a company engineer, or telling you that they're checking your mobile line, and you have to press #90 or #09 or any other number. End this call immediately without pressing any numbers. There is a fraud company using a device that once you press #90 or #09 they can access your "SIM" card and make calls at your expense. Forward this message to as many

colleagues, relatives and friends as you can, to stop it.

 

Many thanks for your time regarding this matter, take care and regards.

 

Phil Corris

 

Police Constable/Crime Prevention Officer

[buzby]

[GROAN]

 

Yet another urban legend that first appeared in 1998 on the Cellnet network (because the code was 1 digit away from Voicemail retrieval).

 

Even assuming anyone was daft enough to call and ask you to press digits (whether #90 or #09 or indeed #*06#,) all the caller will hear are the 3 or 4 'tones' the phone plays down the line to them. The SIM card is only read by the phone, and you cannot provide access to it over-the-air by doing this.

 

That said, it IS possible to modify SIM cards using SMS text messages, but only the networks have the technology to do this.

 

So, will all due respect to this Police Constable/Crime Prevention officer, the only crime being commited here is of time-wasting and at worst deception, of those who believe in these hoary old chestnuts.

[meagain]

It's not entirely an urban legend. It was possible to hand over control of the line with this code. Snopes has this down as "Multiple", meaning there are several versions of the [problem], and some of them did work.

 

It was a known exploit of certain analogue PBX systems (typically out in the US) that allowed you control of the call without "stepping up" first (most modern systems require that you hit a button - typically "recall" - before they'll let you do anything like this). In many cases, it will only allow the one call to be made at a time. It has never worked on mobile phones, however, and most of the vulnerable PBXs are now obsolete, and even if you can put the caller in "limbo" on a modern PBX, it won't accept the tone dialling from the inbound end.

 

Either way, it won't affect most people here, and those that it would affect are unlikely to ever get such a call (as the switching system in general prevents it from happening these days).

[buzby]

Not just analogue PBX's, I understand even digital switches had a similar star code - effectively transferring the line to the distant party, but the urban legend I refer to here is that it has mutated from fixed to mobile and now somehow 'unlocks' your phone to permit a fraud using the SIM card (adds a bit of believeability to it). That's of course arrant nonsense, and the Crime Prevention constable should have checked the *real* situation out, either with this peers in IT or Communications, or the networks themselves. Switch passed it on in good faith, but our PC Corris needs to realise he shouldn't believe what he hears!

[meagain]

Not just analogue PBX's, I understand even digital switches had a similar star code - effectively transferring the line to the distant party, but the urban legend I refer to here is that it has mutated from fixed to mobile and now somehow 'unlocks' your phone to permit a fraud using the SIM card (adds a bit of believeability to it).

 

Agreed. As I said, that part is bunk. That said, it's a great example of how things like this can get blown out of proportion, and a perfect demonstration of why, as you say, warnings such as this shouldn't be taken at face value.

[StudentInDebt]

I doubt PC Corris exists, I would say that his name has been made up and used to give the original email extra gravitas.

[meagain]

Hmm... there's a thought. Seems almost reminiscent of Mrs. Trellis of North Wales, come to think of it.

[buzby]

Well, I phoned the number given and it connected to the Force answering machine, but I have no call back, which in itself is unusual.

[abbafan]

I would be more worried by thieves who log onto your phone using bluetooth, and ring a premium rate number.

[buzby]

I remember asking this at an Ericsson conference years ago - they said it would require software on the target phone to enable the call to proceed in this way - which would hardly be likely. However, accessing GPRS wouldn't be so difficult, so a VOIP client could be used on the spoofers phone, with the bandwidth being provided by the Bluetooth link. Their advice was to not make your handset 'discoverable' unless you were actually pairing kit. Having seen how quickly battery power lasts with BT enabled (in any mode), I just keep mine off 99.9% of the time!

[meagain]

I would be more worried by thieves who log onto your phone using bluetooth, and ring a premium rate number.

 

That's a nasty one - while the cost is restricted to "only" £1.50/min, there's the fact that you often wouldn't know if your phone has been hijacked.

 

As Buzby says, switch Bluetooth off unless you're actually using it (friend of mine has his phone set up to control music software on his PC for when he's too lazy to walk the 6 feet to his desk). If not for security, then to preserve the battery life

[wemfish]

What’s this about Blue Tooth using up your battery, all our phones, PCs and Laptops have Blue Tooth on all the time, I have never noticed poor battery life particularly from my phone and laptop??

[meagain]

It's a part that uses power. Understandably, when you turn it off, the whole kit uses less power. Try it some time. I have an old "brick" (comes to something when people are calling a 3330 a "brick"), and people don't believe me when I tell them I can go for over a week without charging the battery.

[buzby]

Not so much a laptop problem because the battery capacity is huge in comparison - but my Orange HTC Typhoon handset (SPV 600) will manage 4 days on standby, but only 10 hours with BT on - it really is power-hungry!

[wemfish]

I have a nokia 7610, the blue tooth is left permanently on, I charge it up about once in every 3 days. Leaving the blue tooth on does not affect the battery life, using the blue tooth might do, but as it’s only doing something for a few seconds at a time, its not noticeable.

[buzby]

Your phone should last at least a week on a full charge, not 3 days! Switch it off for a few days and see the difference!

[willrubins]

There are some codes that can be used to tell the network for a enable/disable a feature or functionality via SMS. But, that depends on the network carrier/provider.

[locutus]

 

[sillygirl1]

Out of intrerest I put bluetooth on my phone on the bus going home last night, 16 phones showed up! I don't use bluetooth on my phone at all.

 

These scams have been doing the rounds for ages, the latest one I heard is you get a text asking you to confirm that the text has been recieved, and then you get bombarded with other texts at premium rates....