A few days ago, I mentioned an email chain letter that’s going round in the UK about a scam where where "the bad guy poses as a telephone company operative and threatens to cut off service unless the panicked recipient of the call immediately pays an allegedly unpaid bill. Faced with a sceptical potential victim, the caller "proves" that he can cut off service immediately by telling them to try putting down the receiver and then trying to make another call."
The Register’s John Leyden has today picked up on the same story, having been alerted by a reader called Alex, who told El Reg that it happened to a friend of his. Well, that may well be, but the story sounds very like the chain letter that’s being circulated, even to the fact that the friend is apparently a subscriber to Virgin Media. Nevertheless, the Register article is well worth reading: BT seem to have confirmed that this type of scam is not only possible, but actually being carried out against subscribers to a number of telephone services*, and Leyden has quoted a statement at length from the company. He also noted a similar scam being carried out by criminals claiming to represent Ofcom, the UK telecom regulator (since when did they handle digital upgrades?), and also using the temporary disconnection trick I described in my earlier post.
*I don’t know if this means that people are getting these calls irrespective of which service they subscribe to, or that scammers are claiming to represent providers other than BT. I suspect the former, though, since other providers don’t usually provide infrastructure to each other.
Finally, here’s a copy of the chain letter (thanks, Genna!), with comments in italics.
Subject: URGENT – New BT phone scam – BEWARE
— PLEASE PASS ON TO YOUR FRIENDS & FAMILY…
I detest chain letters in principle, but it does seem to be genuine, although not particularly common at the moment. I suspect that the proliferation of the chain letter will actually encourage other scammers to try variations on the same scam (which is why I didn’t publish the full message before), but I guess that cat is out of the bag.
This new telephone ‘scam’ has arrived.
I received a call from a ‘representative’ of BT, informing me that he was dis-connecting me because of an unpaid bill. He demanded payment immediately of £31.00 , or it would be £ 118.00 to re-connect at a later date.
The guy wasn’t even fazed when I told him I was with Virgin Media, allegedly VM have to pay BT a percentage for line rental!
I presume this is true, but BT are not going to ask subscribers to pay directly because of an alleged shortfall (and I suspect that the payment model is less account-specific anyway).
I asked the guy’s name – the very ‘English’ John Peacock with a very ‘African’ accent – & phone number - 0800 0800 152 0800 0800 152.
That’s very close to BT’s general enquiries freephone number, but I can confirm that it isn’t a recognized service number. (See end of quoted email.)
Obviously the fella realized I wasn’t believing his story, so offered to demonstrate that he was from BT. I asked how & he told me to hang up & try phoning someone – he would dis-connect my phone to prevent this.
AND HE DID !! My phone was dead – no engaged tone, nothing – until he phoned me again.
Very pleased with himself, he asked if that was enough proof that he was with BT. I asked how the payment was to be made & he said credit card, there & then.
I said that I didn’t know how he’d done it, but I had absolutely no intention of paying him , I didn’t believe his name or that he worked for BT.
As we’ve previously discussed, you don’t need to be a BT engineer to fake a temporary disconnection, though it won’t work as dependably as it did over analogue lines.
He hung u p.
Did 1471 & phoned his fictitious 0800 number – not recognised.
1471 is a UK service number that gives you the number of your last caller, if Caller ID wasn’t blocked. Unfortunately, it’s not difficult to spoof a Caller ID, and in fact, it may be done legitimately (by organizations that use VoIP, for example).
I phoned the police to let them know , I wasn’t the first! It’s only just started apparently but it is escalating.
Their advice was to let as many people know by word of mouth of this scam. The fact that the phone does go off would probably convince some people it’s real, so please let as many friends & family aware of this.
I’d like to think that the police are not really advocating the use of chain letters for passing on alerts, but who knows? I would strongly recommend that if you feel it’s necessary to warn people about this scam (and I can see why you might) that you send them links to this blog and the Register article, rather than forward the chain letter.
David Harley BA CISSP FBCS CITP
Director of Malware Intelligence
ESET Threatblog (TinyURL with preview enabled): http://preview.tinyurl.com/esetblog
ESET Threatblog notifications on Twitter: http://twitter.com/esetresearch
ESET White Papers Page: http://www.eset.com/download/whitepapers.php
Securing Our eCity community initiative: http://www.securingourecity.org/
Author David Harley, ESET