TELECOM Digest Tue, 12 Jan 93 01:37:00 CST Volume 13 : Issue 20 Index To This Issue: Moderator: Patrick A. Townson Re: Calling 1-800 Can Cost You a Fortune (Steve Forrette) Re: Calling 1-800 Can Cost You a Fortune (Mickey Ferguson) Re: Calling 1-800 Can Cost You a Fortune (John Sullivan) Re: Calling 1-800 Can Cost You a Fortune (Liron Lightwood) Re: Calling 1-800 Can Cost You a Fortune (Curtis Sanford) Re: Calling 1-800 Can Cost You a Fortune (Dave Levenson) Re: Calling 1-800 Can Cost You a Fortune (Lou Taff) 1-800-RIP-OFFS (was Calling 1-800 Can Cost a Fortune) (Paul Robinson) Re: 976 Fraud in Toronto (Troy Frericks) Re: 976 Fraud in Toronto (John David Galt) Re: 976 Fraud in Toronto (Brian Onn) Re: Good Opportunity For Fraud (Rob Boudrie) Re: Good Opportunity For Fraud (Anthony E. Siegman) Re: Good Opportunity For Fraud (Ed Oliveri) Re: It's Not a Bug, it's a Feature ... (Ben Cox) Re: It's Not a Bug, it's a Feature ... (Paul Robinson) Re: It's Not a Bug, it's a Feature ... (Barry Mishkind) ---------------------------------------------------------------------- From: stevef@wrq.com (Steve Forrette) Subject: Re: Calling 1-800 Can Cost You a Fortune Date: 11 Jan 1993 22:33:27 GMT Organization: Walker Richer & Quinn, Inc., Seattle, WA In article udi@cs.washington.edu (Udi Manber) writes: > I learned this the hard way after being charged for (apparently) > dialing the wrong 800 number. How did this charge appear on your bill? Was it a call to a 900 number, or perhaps a collect call? Steve Forrette, stevef@wrq.com ------------------------------ Date: Mon, 11 Jan 93 16:41:12 PST From: mickeyf@clipper.zfe.siemens.de (Mickey Ferguson) Subject: Re: Calling 1-800 Can Cost You a Fortune Reply-To: mickeyf%clipper@pnsts412-sun.zfe.siemens.de > If you always thought that 1-800 numbers (in the US) are toll free, > think again. With new technology and the lack of regulations, people > are finding new ways to make money. [stuff deleted] > It is possible, and apparently perfectly legal, to set an 800 number > such that when you call you hear a recording that tells you that there > will be charges for the call. [more stuff deleted] > So here are some scam ideas (these are all fiction; do not try it at > home): [more stuff deleted] How long will it be before the COCOTs jump into the calling card fraud? How difficult would it be to program a pay phone to look for when a caller dials the 800 number which is associated with one of the long distance providers, and then just capture the calling card digits, but pass on the digits and complete the call? Then the COCOT software just writes the calling card digits and the long distance provider into its private database, which is then dumped and sold off to the drug dealers, etc. The more I think about this, the more I get terrified at just how easy such a scam would be. Hmmmm, maybe I'll just go out and buy a pay phone and modify the software ... NOT! Maybe one idea to regulate COCOTs without too much difficulty or paperwork would be to require them to be bonded, just like a home contractor is. Since the possibilities are just sitting there, this would at least help to pay for any fraud that could result. Or am I being too paranoid? Mickey Ferguson -- PhoneMail Development -- ROLMfax and Eclipse ------------------------------ Date: Mon, 11 Jan 93 18:37:11 CST From: sullivan@geom.umn.edu Subject: Re: Calling 1-800 Can Cost You a Fortune I'm now confused. I don't always read TELECOM Digest, so I may have missed something, but I have seen previous posts about INTEGRETEL, etc., and I always got the impression that people trying to bill you for 1-800 calls would get your number from their ANI, and send you a separate bill for whatever they wanted. I hadn't heard of getting actual phone charges from calling 1-800. If I forward calls to some other number _I_ pay the charges on the resulting call, not the person who called my first number. Why would any telephone company agree to provide billing services to anyone like INTEGRETEL anyway? The other thing that has always confused me is why alternative long-distance companies (AOSs?) can charge things to an AT&T calling card. I realize that Ma and the Baby Bells have some sort of agreement to allow charges to each others' calling cards. And I gather that this all has something to do with the fact that there is some standard way to determine if a calling card number is valid. But again, why does AT&T agree to provide billing service for these people? I can't imagine if Sears suddenly decided to accept payments by JCPenny credit cards that JCPenny would actually let them collect on the bills. Sorry if this is all old hat, but I haven't seen good answers to these questions here or elsewhere ... John Sullivan sullivan@geom.umn.edu ------------------------------ Date: Mon, 11 Jan 1993 14:24:24 +1100 From: Liron Lightwood Subject: Re: Calling 1-800 Can Cost You a Fortune So, what happens when you call one of these costly 1-800 numbers from a payphone? Do the phone company pick up the bill? Do you get asked to insert money? Or do you get a recorded message saying the number cannot be dialed? I understand that 1-900 numbers cannot be called from US payphones, but 1-800 numbers can. Does this apply for all 1-800 numbers available in the area where the call is made from? [Moderator's Note: What happened in the past was that the information providers resorting to this sleazy tactic (of issuing a bill to the caller after the caller dialed the 800 number) did attempt to send a bill to the owner of the payphone ... and of course, the 'owner' of the payphone (in effect, the subscriber) was telco itself ... telco would not pay the IP's, and the IP's quickly learned to consult a data base which lists payphone numbers, then refuse to do business with the folks calling from them. The IP's still get tripped up occasionally by COCOTS, (or actually, the COCOT owner gets the bill, he squeals like a pig and the IP has to eat the charges) so when these numbers get iden- tified, they also get added to the list of numbers not to be dealt with. I think the IP's have begun to circulate the 'untouchables' list among themselves as a mutual protection kind of thing. But in the early days of the 800-converted-to-900-or-worse racket, it sure was fun seeing how many charge-backs could be shoved up Mystic Marketing's corporate waste eliminator at one time. Calls went through to those astrologers, Tarot practitioners and 'counseling services' from every payphone in Chicago, I suspect, and probably from other cities as well. So how come the astrologers could not detect this little shortcoming in their scam from the beginning? :) PAT] ------------------------------ From: sanford@ascend.com (Curtis Sanford) Subject: Re: Calling 1-800 Can Cost You a Fortune Date: 11 Jan 93 16:36:11 GMT Organization: Ascend Communications, Alameda CA In article udi@cs.washington.edu (Udi Manber) writes: > If you always thought that 1-800 numbers (in the US) are toll free, > think again. With new technology and the lack of regulations, people > are finding new ways to make money. > It is possible, and apparently perfectly legal, to set an 800 number > such that when you call you hear a recording that tells you that there > will be charges for the call. Typically 800 numbers are not blocked from pay phones. What happens if you call such a number from a pay phone? Is this a way to have sweet revenge on the COCOT industry? [Moderator's Note: See my comments in an earlier message in this issue. The IP's have begun keeping a data base of payphones, and they refused to service callers from those places. PAT] ------------------------------ From: dave@westmark.com (Dave Levenson) Subject: Re: Calling 1-800 Can Cost You a Fortune Organization: Westmark, Inc. Date: Mon, 11 Jan 1993 19:20:19 GMT I think that the public, or at least, the readers of this Digest, can help correct this problem ... for every non-toll-free 800 number you can find, share it with as many friends as you can. Then, whenever you have some time to kill and you're near a public telephone, place lots of calls to these numbers. When the telco or other public telephone provider starts getting these bills, they'll probably use their clout with regulatory agencies to suppress such use of the 800 service access code. Any thoughts on this? Dave Levenson Internet: dave@westmark.com Westmark, Inc. UUCP: {uunet | rutgers | att}!westmark!dave Warren, NJ, USA Voice: 908 647 0900 Fax: 908 647 6857 [Moderator's Note: And you also are invited to read my comments on this in an earlier message in this issue. It just won't work any longer; the astrologers and Tarot practitioners don't want any more BS from the deadbeats of the world (like all good TELECOM Digest Moderators) ... Mystic Marketing says cut it out, now! To be sure you do, they've got the number of the payphones at the local 7/11 or bus station, or wherever you are when you get the urge. :) By all means though, keep trying; let's be sure they get their data base as complete as possible. :) PAT] ------------------------------ From: lmt@homxb.att.com Date: Mon, 11 Jan 93 13:20 EST Subject: Re: Calling 1-800 Can Cost You a Fortune Pat: With reference to a recent article in comp.dcom.telecom, I wonder if you could refer me to (or send me a copy of) a telecom discussion detailing just how calls to 800 numbers are charged for and end up on someone's bill. I'm having a hard time understanding it. Thanks for any help. Lou Taff, AT&T Bell Laboratories 185 Monmouth Parkway West Long Branch, NJ 07764 (908) 870-7584 lmt@homxb.att.com [Moderator's Note: I'll do better than that, Lou. I'll print another whole issue on the topic -- you are reading it now. Perhaps some of the people who have raised the topic in the past will share their wisdom with you. PAT] ------------------------------ Reply-To: TDARCOS@MCIMAIL.COM From: Paul Robinson Date: Mon, 11 Jan 1993 19:02:51 EST Subject: 1-800-RIP-OFFS (Was Calling 1-800 Can Cost a Fortune) In TELECOM Digest Vol 13 #12, Udi Manber suggested: > You can get an 800 number that is one digit away from > a widely used 800 number and rip off anyone who makes > a mistake...You can put ads for information on how to > make $10 a minute - just call 1-800-747-6337. That's > 1-800-Rip-Offs... From a Government Centrex number in Maryland that is authorized to dial 1-800 numbers, I got the message: "Recording C2. We're sorry, the number you've dialed is not authorized from this location. C2." And this repeats several times. So it looks like some of us are protected from RIP-OFFS! :) Paul Robinson -- TDARCOS@MCIMAIL.COM "If I or anyone else is caught making opinions, the Secretary will disavow any knowledge of our actions..." ------------------------------ From: troyf@microware.com (Troy Frericks) Subject: Re: 976 Fraud in Toronto Organization: Microware Systems Corp., Des Moines, Iowa Date: Mon, 11 Jan 1993 16:16:28 GMT > A similar scam has been going on in New York City. A messenger will > show up at a company with a package, and when no one there seems to > match the addressee, he asks to use the phone. Calls a "540" exchange > (one of the extra charge numbers; the others are 550, 970, 976, and > another about to be announced) and the company gets billed for $50 or > so. Please explain. I thought that 1-976-xxx-xxxx and 1-900-xxx-xxxx were the only way for the called party to gain $$$ from the call. What other ways are there? Do the above reference calls area code 212: 1-212-540-xxxx, 550-xxxx, 970-xxxx, and 976-xxxx? If so, how am I going to know that an extra charge applies (being from Iowa)? Troy Frericks Internet: troyf@MICROWARE.COM Microware Systems Corporation UUCP: uunet!mcrware!troyf 1900 NW 114th St Phone: (515)224-1929 Des Moines, IA 50325-7077 Fax: (515)224-1352 [Moderator's Note: Being from Iowa you don't have to worry about it, as your telco will not connect you to a 212-540/550/etc number. In that sense, they (540 numbers) are like 976; since the host telco has no way to legitimatly collect for these numbers from interstate callers (one could question the legitimacy of the whole concept, but that is another issue), telcos simply do not put them through to each other. In the case of 900, specific tariffs apply for interstate calls; for 976 and its kin, they do not. Many of the IP's from a few years ago can tell you how they begged and pleaded with telco to not allow calls to their 976 numbers from out of state: callers from Chicago and elsewhere would dial into (as an example) 415-976-GAYS -- a gay bridge operating in SFCA at 13 cents per minute interstate night rates -- and tie up all the ports so none of the locals could get through at two dollar or more per minute rates. If you are not in NY Tel's territory, you will not connect with 212-540 et al; if you are not in Illinois Bell's territory you will not connect with 312-976. Ditto PacTel and their premium lines. That's why whenever I see these 'urgent memos' from security personnel at various corporations warning their employees against 'a scam originating in New York where they call your beeper number and you call back, getting charged X dollars' I always get a big laugh. It WILL NOT work (to the benefit of the scammer) unless the victim is in the 212/718/914/516 area codes. PAT] ------------------------------ From: John_David_Galt@cup.portal.com Subject: Re: 976 Fraud in Toronto Date: Mon, 11 Jan 93 10:18:02 PST I have an idea that would make us more secure against this type of fraud. I wonder if any of the telcos would be willing to implement it. What I'd like to do is get my phone blocked so that direct-dialed calls to a 900, 976, ... number won't go through, but calling-card calls will. That way if I really want to try one of these services, I can get through, but a visitor can't (unless he uses his own card, and then he pays). John David Galt ------------------------------ From: brian@ganglion.Canada.Sun.COM (Brian Onn - OpCom Staff) Subject: Re: 976 Fraud in Toronto Organization: Sun Microsystems of Canada, Inc. Date: Mon, 11 Jan 1993 23:28:32 GMT On Wed, 06 Jan 93 00:56:39 EST, Tony Harminc said: > This past November, a company I consult for had three > unauthorized calls to (416) 976-9467 made on one of its lines. [...] > Bell Canada has agreed to remove the charges, but will not tell > us the name of the owner of this number. In Toronto, you can call the Bell Canada Customer Listing Bureau at (416) 446-3090, between 1100 and 1400 EST, and if you give them the phone number, the operator will tell you who the number is registered to. The rules for 976 numbers may be different, however. The process works for most "normal" numbers. Give it a try. Brian Onn. Internet : Brian.Onn@Canada.Sun.Com Operation Commitment, Uucp : uunet!sun!suncan!brian Product Support Specialist. Voice : (416) 477-6745. [Moderator's Note: I just now tried it for 312-976-WAKE, our local wake-up service (if their bill doesn't cause you to jump out of bed, I don't know what would). IBT-CNA (312-796-9600) would only say it is a "Public Announcement Service"; no record as to owner, etc. PAT] ------------------------------ From: rboudrie@chpc.org (Rob Boudrie) Subject: Re: Good Opportunity For Fraud Organization: Center For High Perf. Computing of WPI; Marlboro Ma Date: Tue, 12 Jan 1993 05:59:39 GMT > I believe the bankcard passwords are also often in the clear in the > ISO mag stripe. Shudder! Remember having read something to that > effect on the net. Could some please deny ... please .. please! Denied. (You're welcome!) Bank card passwords are stored in encrypted form (one way encryption using the DES algorithm on a combination of the account number, user selected PIN and a few other things) which allows for local verification of passwords but only by your own bank. There are two different standards by which this is done, but each has a bank-specific encryption key (often refered to as the Pin Verification Key, or PVK). This key is kept highly confidential -- anyone with the key could generate the hashed pin for each possible password (only 10,000 in the typical four digit password) , compare each to the hashed value on the card, and decode the PIN that way. Your own back can verify the password within the ATM; other bank's ATM's must query your bank via the network. rob boudrie ------------------------------ Date: Mon, 11 Jan 93 14:08:00 PST From: Anthony E. Siegman Subject: Re: Good Opportunity For Fraud Organization: Stanford University > [Moderator's Note: I think the banks here which give money on trust > when the network is down do have something called a 'negative listing' ^^^^^^^^^^^^^^^^ > of cards which should not be honored in that way. Here in the Chicago I believe another more generic term for this kind of list, made available in any form, is "derog list" (with obvious interpretation). ------------------------------ From: eo@cbnewsb.cb.att.com (Ed Oliveri) Subject: Re: Good Opportunity For Fraud Organization: AT&T Date: Mon, 11 Jan 1993 17:00:48 GMT In article johnl@iecc.cambridge.ma.us (John R. Levine) writes: > Citibank machines in New York City at least used to have a similar > feature. For a long time, over a year, someone who clearly had inside > information was using an old invalid Citicard to make $100 withdrawals > from machines all over the city when the machines were offline while > their network nodes were down for maintenance. The maintenance > schedule was deliberately erratic and quite secret. Had the guy used > the card even once in an on-line machine the card would have been > eaten and that would have been that. I never heard whether they > managed to catch him. I'd think that it would have been > straightforward to set up a sting to catch him in the act. Are you sure this was Citibank? Every Citibank ATM I've seen CANNOT eat a card since the card is dipped into the card reader, never leaving the user's fingers. Ed Oliveri, eo@cbnewsb.att.com OR att!cbnewsb!eo [Moderator's Note: The Citibank ATM's in Chicago eat the card for a minute and spit it out when finished with it. PAT] ------------------------------ From: thoth@uiuc.edu (Ben Cox) Subject: Re: It's Not a Bug, it's a Feature ... Reply-To: thoth@uiuc.edu (Ben Cox) Organization: Ancient Illuminated Sears of Bavaria Date: Tue, 12 Jan 1993 01:05:40 GMT kenny@osf.org (Kenneth Crudup) writes: > winding pulses to compensate for the increased requirements. This > period of additional supply registers in the cores of the transformers > as a slight "bleep", and a bunch of them together produce the "music" > you hear. I used to troubleshoot Sun-2's aurally as well. If you don't configure the device driver for the /dev/audio device on a SPARCstation 10, you can hear interesting music on SpeakerBox, too ... :-) Ben Cox thoth@uiuc.edu ------------------------------ Reply-To: TDARCOS@MCIMAIL.COM From: Paul Robinson Date: Mon, 11 Jan 1993 22:32:27 EST Subject: Re: It's Not a Bug, It's a Feature ... kstox@admips2.berkely.edu writes in TELECOM Digest 13 #14 about how someone programmed the IBM 1130 to generate tones on an AM radio. I've got one better than that. I was in the computer center at Orange Coast College in Costa Mesa, Ca., when someone got the *line printer* to play the five tones from "Close Encounters of the Third Kind"! I was there, I heard it. Slick; it used exactly ONE piece of paper to do this. Do not ask me how. Try *that*, Hewlett Packard! Paul Robinson -- TDARCOS@MCIMAIL.COM ------------------------------ From: barry@coyote.datalog.com (Barry Mishkind) Subject: Re: It's Not a Bug, it's a Feature ... Organization: Datalog Consulting, Tucson, AZ Date: Tue, 12 Jan 93 01:50:24 GMT kstox@admips2.Berkeley.EDU (Ken Stox) writes: > Back in the "old" days, we used to leave an AM radio next to an IBM > 1130, you could actually pick up the CPU activity. One clever > programmer started writing some very interesting compositions. Of > course, with the advent of modern synthesizers, it would be totally > unimpressive. Radio Shack actually sold several tunes that played on the TRS-80 and made noise on a radio held near. This was late '70s Regards, Barry Mishkind barry@coyote.datalog.com FidoNet 1:300/11.3 ------------------------------ End of TELECOM Digest V13 #20 *****************************