backtop


Print 61 comment(s) - last by lyeoh.. on Oct 26 at 10:28 AM


Premium text messages are a dream come true for scammers.  (Source: Discover)
Industry needs to ban fraud-friendly premium text messages, customers need to preemptively block PSMS

Last year I covered about how some malicious parties were attacking Android users by trying to get access to premium text messages.  But most of these reports were coming from regions like Russia.  I didn't think U.S. telecoms would allow this thing to happen.  I was wrong.

Premium short messaging service (PSMS) messages are the perfect tool for fraud.  Costing as much as $10 per message, they fall under a gray region of U.S. laws.  And as some readers pointed out to me after I wrote this piece originally, telecoms profit off their users being defrauded.

Carriers get 30 to 50 percent of the fee for each premium message the user pays for.  Some companies -- such as AT&T, Inc. (T) -- have adopted stricter guidelines to try to prevent abuse of this technology, but only after they were sued for it [source].  Others -- like Sprint Nextel Corp. (S) -- are still leaving customers wide open for fraud.

I. How I Got Hit By the Frauders

Well, I have discovered first hand that this kind of scam is alive and well here in the states.  And after digging I discovered sadly it's the policies of Sprint-- a company I've typically had only good things to say about because of its low prices and relatively good service -- that allowed this mess to happen in the first place.

It all started with a message from a number "74248" which read, "Guess What?  Instead of a Birthday Cake, many Russian children are given a Birthday Pie"

"Well, that's odd," I thought.

But occasionally I've received odd promotion texts from standard numbers who somehow mined my data.  And I've been condition just to delete or tag spam so I honestly just ignored it.

Over the next couple months more messages rolled in -- at a pace of exactly one message per month.  A couple of the other messages read:

Guess What?  The reason why flamingos are pink is because they eat shrimp which have a red pigment.  For HELP call 18668611606

Guess What? The placement of a donkeys eyes on its head enables it to see all four feet at all times!  For HELP call 18668611606.

 
Mobsetter IQ

And then the most ominous message rolled in, in October (after three months and three messages), reading:

MOBSETTER IQ Fun Facts has billed @ $9.99/mo.  Reply HELP for help, Reply STOP to cancel.  Msg&Data Rates May Apply.
 
Again, I've been conditioned to reject spam, but at this point a lightbulb went on in my brain and I recalled those stories on premium text messages and got a sinking feeling.  So I dialed Sprint.

II. Sprint Condones its Customers Being Scammed

The Sprint customer service rep confirmed that those were premium text messages, at a cost of $9.99 USD each.  The rep asked, "Have you ever signed up for this service?"

"No.  I've never seen or heard of this service in my life.  Clearly this is some sort of data mining/fraud scheme."

The Sprint rep tells me, "Well if someone had access to your phone, they could have sent a message signing you up for this service."

Sprint Sign
[Source: Lisa Poole/AP]

No, I explained, I kept my phone on me at all times, locked, and only I have used it. And I never signed up for "MOBSETTER IQ". 

Eventually the service rep agreed to refund the premium texts.  But I wanted to get to the bottom of this so I probed deeper.  I asked why there was this option in the first place.  I was told that Sprint customers were automatically "opted in" to allow premium texts and I had to specifically opt out (which, at this point I did).  I asked them to double check this with their supervisor.

Indeed, the supervisor confirmed (or at least was of the belief) that Sprint automatically opts its customers into allowing premium rate text messages.

Shocked and beginning to sympathize for the plight of my fellow Sprint subscribers I asked, "Well are you at least going to block this number from sending messages to other Sprint customers?"

"No.  Some people want to use this kind of service," the rep replied.

Really?  People want to pay $9.99 per text to get nonsensical, grammatically incorrect text messages from a company that clearly engages in fraud?  That's pretty hard to believe.

I asked them to get their supervisor and confirm to me what kind of policy was in place for eventually dealing with scammers.  There had to be some kind of system in place.

The supervisor informed me that indeed, if enough customers called (like I had) to report fraud from a particular premium number, Sprint would block it.  But this blocking was purely reactionary.  

This was about where our conversation ended and it left me very concerned about the safety and financial security of my fellow Sprint subscribers.

Let me summarize:
  1. It's easy to mine people's phone numbers -- many seemingly legitimate Android apps even do this (technically they have to ask for permission, but if apps like Angry Birds ask for your number, you tend to falsely trust them).  Further, many people give out their numbers for business (as I do as a journalist), so there's yet another source of exploitable numbers.
  2. Once a scammer has your number, on Sprint's network, they can freely send you premium rate texts without warning or opt in, billing you $9.99 per text.
  3. Let's assume that only 50 percent of customers notice this and respond.  After all, if you're paying $120/month for a 4G smartphone + tethering + fees, $10 is somewhat easy to miss, particularly if you're a busy person.
  4. So taking the 50 percent rate, assume that the spammers send 20,000 people one premium text message.  Of those people, 10,000 complain about the message, while the other 10,000 unwittingly pay for it.
  5. Sprint has now handed the scammer ~$100K USD, which the scammer can merrily wire off to a Swiss bank account, as they light up a cigar in their shack in Russia or whatever other region they happen to reside in.
I am apalled that Sprint is letting this happen and any subscriber should be too.  Sprint is absolutely condoning -- effectively supporting, even -- this kind of fraud.

Update:
A Sprint employee emailed me after this article went live, pointing me to this webpage.  It claims:

One of the handy things about a Sprint device is how easy it is to receive mobile content via text message. Premium Text Messaging allows you to enjoy a variety of mobile content supplied by third-party providers, and pay for that content via your cell phone bill. Since you will later be billed for this content, you must subscribe (opt-in) to any Premium Messaging service.

That's nice, but it appears that:
a) At least some of Sprint's customer service representatives are unaware of this policy.
b) People are still getting these messages without opting in.

I find it highly fishy that Sprint's "opt in" system magically stops working on a form of fraud that the company reportedly directly profits off of.  At best Sprint is misleading customers by claiming they're safe if they don't opt in (again in my experience you can get these messages and charges on Sprint without ever opting in).  At worst it's lying to customers in order to participate in a deliberate profit-driven fraud scheme.

III. Verizon and AT&T Offer Stronger Protections

So I wanted to get some perspective so I contacted customer service representives at Verizon Wireless -- a joint venture of Verizon Communications Inc. (VZ) and Vodafone Group Plc. (LON:VOD) -- and AT&T.  

What I found, interestingly is that both companies offer stronger protections than Sprint.  Most importantly, both offer premium text messaging as opt-in only, unlike was Sprint does.

States AT&T:

Customers phone accounts are not automatically opted into these messages. A growing number of companies and organizations offer opt-in alerts which, like spam, are also received as messages on mobile devices. "Signing up" can be as simple as texting a code to a number to request more information, receive updates, or enter a sweepstakes. The confusion with spam occurs when subscribers either forget they have signed up for alerts or don’t know how to cancel their subscription.

States Verizon:

Verizon Wireless customers must double opt in to premium SMS programs -- meaning when they send a message to a short code, they are asked to confirm, then they are asked again if they are sure they want to opt in.  Programs must offer options for customers to opt out (for example, "quit" or "stop").  These are industry guidelines organized by the Mobile Marketing Assn.

While this is better than the lax policy I experienced at Sprint, there's still significant issues in that a malware program could in theory send the text opting in and then send the confirmation text, deleting the messages to hide its trail.

As for customers who have experienced fraud, these firms' policies are similar to what I experienced at Sprint.

States Verizon:

Customers who think they have fraudulent charges can call Customer Service to discuss credits.  Verizon Wireless also offers a premium SMS BLOCK at no charge for customer who want to opt out of all of PSMS.

States AT&T:
 
AT&T has been the industry leader in addressing the challenge of cell phone spam. They’ve has installed an aggressive "behind-the-scenes" spam-defense system with state-of-the-art network filters, virus traps and other blocking methods that have proven to be effective at screening unwanted messages. In addition, AT&T works closely with lawmakers and regulatory authorities to improve anti-spam laws -- and helps law enforcement agencies identify spammers.

Customers can also sign up for AT&T Smart Limits for Wireless to block phone calls and SMS from specific 10-digit phone numbers as an additional measure to stop unwanted calls and/or messages: http://att.com/smartlimitsforwireless" rel="nofollow ($4.99 per month/ per subscriber). Customers can also contact AT&T Customer Care for assistance with specific issues.

The latter part is a bit noteworthy as AT&T is the only company that suggested it was pursuing law enforcement action against these spammers.  Sprint and Verizon simply seemed to cast a blind eye to this type of fraud (although Verizon had better initial defenses with its double opt-in process).

Police officer
Only AT&T indicated that it reports PSMS frauders to police. [Source: iStockPhoto/Jeff Griffin]

As for whether frauders are blocked, Verizon tells me:

While I can't share any specifics on what would cause us to disable a PSMS short code, we do monitor the content providers on a regular basis to ensure they are in compliance.

And AT&T comments:

When customers notify AT&T about being charged for spam, AT&T works with them to resolve the charges. AT&T provides customers who receive SMS and MMS spam with credits to offset the charges. It’s important to note that often AT&T cannot determine if a message is subscribed or unsolicited until the customer brings it to their attention.

Additionally, customers can get more info on how to control spam by visiting: www.att.com/wireless and search "spam."

It was refreshing to see that these companies are at least trying a little harder than Sprint appeared to be.

Note: I reached out to Deutsche Telekom AG's (ETR:DTE) T-Mobile USA, inquiring about their policies, but they did not respond.  I also emailed Sprint's press contact, to confirm the policies that the service manager claimed to me, but received no response.

IV. What Needs to be Done

If you haven't already, I strongly suggest you call your carrier and ask them to block premium text messages to your phone.  

That's a temporary solution, albeit one that requires a bit of effort.  The real solution would be for the government -- or better yet carriers -- to ban these kind of premium texts.  A text does not cost $0.10, much less $10 and it's ridiculous to think there's virtually any sort of valid use for premium texts.

The industry should ban this type messaging.

Failing to do so is simply asking for customers to fall victim to frauders.  Again remember, premium text frauders -- on Sprint at least -- only need your number.  They don't need your permission.  And in theory even if they did need your permission (i.e. AT&T and Verizon subscribers), smart phone malware could give them that permission.

Adopting smartphone antimalware software can help prevent this.

But again, I can't emphasize enough.  Premium messaging should be banned by the industry.  It's basically asking for customers to be defrauded.


Comments     Threshold


This article is over a month old, voting and posting comments is disabled

Happened to me
By Belarios on 10/21/2011 11:01:56 AM , Rating: 6
You forgot to post the reason that carriers allow this. Because the carriers get 30-50% of the charge themselves. The carriers are making huge profits from fraudulent charges.

I had a $9.99 charge appear on my T-Mobile family plan. I searched the name on the bill and found the Florida AG was settling a fraud investigation with this same company for $600,000. The Florida AG also settled a case with AT&T where they agreed to change their policies. Florida may have the biggest problem since these companies prey on senior citizens.

Google it yourself.

This is real, and the carriers are making big bucks off of allowing 3rd parties to fraudulently claim that you requested the charge when you really didn't.




RE: Happened to me
By Belarios on 10/21/2011 11:04:10 AM , Rating: 2
Just search for "Florida Attorney General cramming".


RE: Happened to me
By JasonMick (blog) on 10/21/2011 11:05:29 AM , Rating: 5
quote:
You forgot to post the reason that carriers allow this. Because the carriers get 30-50% of the charge themselves. The carriers are making huge profits from fraudulent charges.

Thanks for the info, I was unaware of this.

It's absolutely critical to try to put this as far out in the public eye as possible because this stinks like a rat, and sure seems like one.

It'd be kind of like if all the ISPs started accepting payoffs from spammers and then began taking more liberal stances in allowing spam email.

If carriers are indeed complicit in defrauding customers, then -- and only then -- the government should step in, in my opinion.


RE: Happened to me
By tekzor on 10/21/2011 12:53:22 PM , Rating: 2
This happened to me on verizon. I notice my monthly bill was $10 higher. Called up the rep and got the charge immediately "credited" and the number blocked. No questions asked.


RE: Happened to me
By Samus on 10/22/2011 2:07:12 AM , Rating: 1
Happened to me on US Cellular over a year ago. A little bit of bitching got the charges reversed. They claim I signed up for the service.

I've never texted any company, signed up for any services or "promotions", not even snapped a QR tag. So how they got on there is beyond me...

It definitely seems more rampant with the smaller carriers, though, presumably because they get a significant cut, and need the income when competing with AT&T.


RE: Happened to me
By TheRequiem on 10/21/11, Rating: -1
RE: Happened to me
By Camikazi on 10/21/2011 5:51:33 PM , Rating: 2
Any premium paid for service that is separate from the monthly billing charge for the line should ALWAYS be blocked unless specifically asked by the custom to be allowed. By not only allowing them, but also letting them be activated WITHOUT the customers direct consent is fraud on Sprints part. The fact that Sprint will refund the money makes no difference, the fact they they allow this to knowingly happen is the problem and the fact they they get a cut from it is the fraud.


RE: Happened to me
By rudy on 10/24/2011 12:55:55 AM , Rating: 2
This is false the entire point of post paid customers is that they do not want to have any limits should they need to use it. And the game with post paid has always been over charges, and I mean always and still is. What you are suggesting is the opposite you want a prepaid phone where you have limits in service up front and should you need more service you will need to go buy it or enable it.

I also know of people who have complained about this on almost every carrier so I think the title itself is misleading because it suggest sprint is the only company doing this. I know people who were hit on verizon. Back in the old days of 900 numbers you were just screwed but sprint and other companies now days are all in every case I know of removing the charges and disabling the service at the request of the customer.


RE: Happened to me
By lyeoh on 10/26/2011 10:28:39 AM , Rating: 2
Seems closer to theft than fraud. But I guess the courts will treat it as fraud.

It's not the same as spam email because you get charged USD9.99 for each message.

So how do telcos keep getting away with aiding and abetting a crime, while Facebook, Twitter, Google, etc may soon be liable for infringment by their users?
http://www.techworld.com.au/article/405288/group_n...

So _stealing_ from the small guy is OK but copying stuff from the **AA isn't?


RE: Happened to me
By guffwd13 on 10/21/2011 12:57:51 PM , Rating: 2
Woah... is that new?? A green bar and level 6? Been here almost everyday for 5+ years and have never seen that.... Is it a special editor bump?


RE: Happened to me
By leexgx on 10/21/2011 1:17:56 PM , Rating: 2
I have seen it before, you get some times when your giving good info or very good post (getting green/6 is rare thought)


RE: Happened to me
By StevoLincolnite on 10/23/2011 12:58:16 PM , Rating: 2
I've gotten a 6/green only once since 2006.

They used to be allot more common.


RE: Happened to me
By grandpope on 10/21/2011 1:20:04 PM , Rating: 2
I too have seen this happen before. Previously, the +6 is only handed out by the founder of DT, Kristopher Kubicki.

I dunno if this is still the case, as I understand he is less involved these days.


RE: Happened to me
By Camikazi on 10/21/2011 5:52:49 PM , Rating: 2
I think any mod can give a 6 now but they don't do it often. I've seen maybe 3 since I started reading articles here.


RE: Happened to me
By The Raven on 10/21/2011 1:30:09 PM , Rating: 1
quote:
Because the carriers get 30-50% of the charge themselves.
Do you expect them to do it for free?

I actually do since I think the whole text message (SMS, not just PSMS) scheme (across all providers) is a scam. But this question needs to be asked before you come up with some comspiracy theory that Sprint is behind this all.


RE: Happened to me
By The Raven on 10/21/2011 1:33:09 PM , Rating: 2
quote:
comspiracy
= Communications Conspiracy ;-) Whew!


RE: Happened to me
By NellyFromMA on 10/21/2011 2:02:24 PM , Rating: 2
This happened to me also. After 2 months of Sprint telling me I would no longer receive the messages, only to continue receiving them, finally they claimed they could do nothing about it.

I had been pretty upset at this point and told them I would be be terminating service and refuse to pay the fees. Today it sits on my credit report negatively.

This was about 2 years ago. Eh, I guess 5 more to go til my credit looks a little better... lame.


RE: Happened to me
By fic2 on 10/21/2011 3:26:12 PM , Rating: 2
You should add a note to your credit report about why you have a negative report from Sprint and how they tried to defraud you. You could also dispute the claim.


RE: Happened to me
By The Raven on 10/21/2011 4:32:41 PM , Rating: 2
I would also recommend that you go prepaid in the future. There is no risk of such thing happening and there is certainly no way they can touch your credit report.


RE: Happened to me
By sleepeeg3 on 10/23/2011 11:29:47 PM , Rating: 2
AT&T's response = BS!

Same thing happened to me under AT&T. About once a month I started randomly receiving messages from a company called FoneSocial. I ignored it as spam. There was never any charge mentioned. Finally, one month my bill seemed abnormally high. The bill is not under data, not under messaging, but under it's own category.

I never signed up for anything, never downloaded any suspicious apps, yet I was magically being charged $9.99/month.

Called AT&T and the rep said, "No problem, I have credited your account for January, December & November. Is there anything else I can help you with, Mr. X?"

Except this charge went back to October - the clever girl was trying to pull a fast one.

I asked to talk to her supervisor and magically she came back, apologized to me and credited me an extra $20. All was peachy.

However, when I recently went to cancel my wireless account, I discovered I was magically under a contract and they wanted me to pay an early termination fee! The contract started around the time that I first started receiving those FoneSocial messages. Either the rep's activity or the spammer triggered this.

Either way, beware the telephone companies and their premium messages. Makes sense that they receive a credit from them. Thanks for the research, Mick.


"You can bet that Sony built a long-term business plan about being successful in Japan and that business plan is crumbling." -- Peter Moore, 24 hours before his Microsoft resignation














botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki