AT&T forgives outstanding customer telephone bills related to voice mail message fraud, implements new authentication procedure
Incident Date: 2003
Incident Location: USA
AT&T announced on June 19, 2003 that it would cease efforts to collect on outstanding phone bills where a customer was victim of collect calling fraud. Many of these customers found themselves with thousand dollar phone bills after their voice mail was taken over by criminals. Often the customers left their voice mail PINs at the default (often the last 4-digits of the telephone number) or to an easily guessable string (such as 1111).
Once the criminal had guessed the voice mail PIN, they would change the outgoing message to say "yes" repeatedly. When an operator called the number to request permission to bill a third-party collect call, they would hear the voice mail message saying "yes" and permit the call. Customers were left with the bill, typically running between $8,000 and $12,000. AT&T billed San Francisco travel agent Maureen Claridge for $8,000 associated with 36 hours of phone calls made from Saudi Arabia after criminals guessed her voice mail PIN in November of 2002.
AT&T originally required that the customers pay the bill, blaming their poor voice mail security for the fraud. The companyís policy change followed fierce criticism of its practices by consumer advocates and the filing of two class-action lawsuits charging AT&T with unfair business practices. The company claims that less than 250 of its customers were victims of this particular type of fraud.
To hinder future fraud, AT&T implemented a Turing test to its call billing verification process. To accept a third-party billed call now, a customer must prove to AT&Tís interactive operator system that he or she is human by repeating a randomly chosen number. AT&T claims that this measure has all be eliminated the recorded voice mail message fraud on their network.
Title: AT&T lets phone fraud victims off the hook
Author: Kevin Poulsen
Publication Location: USA
Publication URL: http://www.securityfocus.com/news/6158
Do you have additional information to contribute regarding this story? If so, please email firstname.lastname@example.org with the details and source.