Monday, October 26, 2009

Nine Zero Hash (90#) Phone Scam Hoax


Be Ware! It's a Cyber World - - Brief Summary:

Many Emails claims that a scammer can take control of you phone if you key in 90#.

Actually the status of this mail is false for the great majority of domestic fixed phone systems and mobile phones. Can be true for certain types of business phone systems that are configured in a particular way.

===================================================
Australian Version:

FYI - Phone Scamm

This has been confirmed by Telstra: DO NOT push 90# on your home phone. Got a call last night from an individual identifying himself as an AT&T Service technician who was conducting a test on our telephone lines. He stated that to complete the test I should touch nine (9), zero(0), hash (#) and then hang up. Luckily, I was suspicious and refused. Upon contacting the telephone company, I was informed that by pushing 90#, you give the requesting individual full access to your telephone line, which allows them to place long distance telephone calls billed to your home phone number. I was further informed that this scam has been originating from many of the local ails/prisons. DO NOT press 90# for ANYONE. PLEASE pass this on to your friends. If you have mailing lists and/or newsletters from organisations you are connected with, I encourage you to pass this on.

Stephen Cooper
Detective Sergeant
Major Fraud Investigation Division
[NUMBER REMOVED]
================================================
Mobile phone version:

If you receive a phone call on your mobile from any person, saying that, he or she is a company engineer, or telling that they're checking your mobile line, and you have to press # 90 or #09 or any other number. End this call immediately without pressing any numbers. There is a fraud company using a device that once you press #90 or #09 they can access your "SIM" card and make calls at your expense.
=================================================
One US Version:

I received a telephone call last evening from an individual identifying himself as an ATandT Service technician who was conducting a test on telephone lines. He stated that to complete the test I should touch nine(9), zero(0), the pound sign (#), and then hang up. Luckily, I was suspicious and refused.

Upon contacting the telephone company, I was informed that by pushing 90#, you give the requesting individual full access to your telephone line, which enables them to place long distance calls billed to your home phone number.

I was further informed that this scam has been originating from many local jails/prisons. I have also verified this information with UCB Telecom,Pacific Bell, MCI, Bell Atlantic and GTE. Please beware.

DO NOT press 90# for ANYONE.

The GTE Security Department requested that I share this information with EVERYONE I KNOW.

PLEASE pass this on to everyone YOU know.

If you have mailing lists and/or newsletters from organizations you are connected with, I encourage you to pass on this information to them.

After checking with Verizon they said it was true, so do not dial (9),zero(0), the pound sign # and hang up for anyone.

==================================================

Be Ware! It's a Cyber World - - Explanation:

There have been a number of versions of this warning email. The original version began circulating in 1998 and variants of this original, set in several countries, have continued to circulate ever since. Although the original version of the message was based on fact, the information in more current versions is false for the vast majority of phone users. Only business users who have certain configurations of PBX or PBAX phone systems are potentially vulnerable to the scam described in the warning messages.

The messages warn recipients that they may receive a call from a fraudster posing as a phone technician who will advise them to key in "Nine-Zero-Hash" or a similar sequence of numbers. According to the email, once you key in the sequence provided, the fraudster has immediate access to your phone and can use it for making calls that will then be billed to your account.

In late 2003, an Australian version of the hoax claimed to be a "police warning" and used the name and contact number of Stephen Cooper, a real Victorian police officer. Although the officer did not send the email, he was inundated with calls and emails about the hoax. Australian telecommunications giant, Telstra, has repeatedly denounced the email as a hoax. A July 2003 article in The Age notes:

One of the oldest email hoaxes on the internet has returned to Melbourne - the "police warning" of fraudsters who trick people into handing over access to their telephone accounts.

Hundreds of the email "warnings" purporting to come from Victoria Police, have been turning up on computers all over the city in the past two or three weeks and annoying a detective at the St Kilda Road police complex.

The emails are signed with the name of Stephen Cooper, a detective senior constable at the St Kilda Road police complex, and give his phone number and email address there. Mr Cooper's telephone is now on voicemail, with a message advising people to delete the email and ignore the hoax.

The hoax email warns people that they may "get a call from someone posing as a telephone technician testing your line. He will ask you to press nine-zero-hash. If you do, you will give him access to your telephone line so he can place long distance calls that will be billed to your account".

A Telstra spokeswoman said the message was a hoax. The nine-zero-hash code could not give access to a telephone account. The hoax first turned up about four years ago, had not been seen for about 12 months, but had suddenly reappeared.

An earlier US version claimed the supposed scam calls were coming from prisons. Yet another version of the hoax targets mobile phone users.

While most of the information in modern variants of the warning message is untrue, it should be noted that some business telephone switching equipment that has been configured in a certain way may be vulnerable to a scam like the one described in the message. If a particular type of PBX or PABX phone system requires users to dial "9" to get an outside line then it is possible for a scammer to take control of the line and such scam attempts have indeed taken place in the United States. Information about the warning message published on computer programmer Jonathan de Boyne Pollard's website explains:

The original scam warned about in the original message only applies in the United States, and only to organisations with particular types of PABX that have been configured in a particular way. The essence of the original scam was the ability of these PABXes to connect two outside lines together, using call forwarding. This is why the Recall button is involved. The sequence R90# places the original call on hold (R), makes a new call to an outside line (9), dials the operator (0), and then connects the original call to the new call (#). The PABX thus needs to have been configured to allow an outside call to be forwarded to an outside line, which most PABXes do not allow, for obvious reasons.

A consumer advisory published on the FCC website also provides details about the scam, warning that office workers using PBX and PABX business phone systems should be aware of such tactics. It notes that "this scam only works if your telephone is served by a private branch exchange (PBX) or private automatic branch exchange (PABX)".

Clearly, the inaccurate and misleading warning messages that are currently circulating are mutated versions of the original, factual versions of the warning that were correctly aimed only at users of PBX and PBAX business phone systems. In reality, the information in the warning message is false for the vast majority of home phone users, and certainly for all mobile phone users and, therefore, the email can not be considered a valid warning and it should not be forwarded.

No comments:

Related Posts Plugin for WordPress, Blogger...