Print 61 comment(s) - last by lyeoh.. on Oct 26 at 10:28 AM

Premium text messages are a dream come true for scammers.  (Source: Discover)
Industry needs to ban fraud-friendly premium text messages, customers need to preemptively block PSMS

Last year I covered about how some malicious parties were attacking Android users by trying to get access to premium text messages.  But most of these reports were coming from regions like Russia.  I didn't think U.S. telecoms would allow this thing to happen.  I was wrong.

Premium short messaging service (PSMS) messages are the perfect tool for fraud.  Costing as much as $10 per message, they fall under a gray region of U.S. laws.  And as some readers pointed out to me after I wrote this piece originally, telecoms profit off their users being defrauded.

Carriers get 30 to 50 percent of the fee for each premium message the user pays for.  Some companies -- such as AT&T, Inc. (T) -- have adopted stricter guidelines to try to prevent abuse of this technology, but only after they were sued for it [source].  Others -- like Sprint Nextel Corp. (S) -- are still leaving customers wide open for fraud.

I. How I Got Hit By the Frauders

Well, I have discovered first hand that this kind of scam is alive and well here in the states.  And after digging I discovered sadly it's the policies of Sprint-- a company I've typically had only good things to say about because of its low prices and relatively good service -- that allowed this mess to happen in the first place.

It all started with a message from a number "74248" which read, "Guess What?  Instead of a Birthday Cake, many Russian children are given a Birthday Pie"

"Well, that's odd," I thought.

But occasionally I've received odd promotion texts from standard numbers who somehow mined my data.  And I've been condition just to delete or tag spam so I honestly just ignored it.

Over the next couple months more messages rolled in -- at a pace of exactly one message per month.  A couple of the other messages read:

Guess What?  The reason why flamingos are pink is because they eat shrimp which have a red pigment.  For HELP call 18668611606

Guess What? The placement of a donkeys eyes on its head enables it to see all four feet at all times!  For HELP call 18668611606.

Mobsetter IQ

And then the most ominous message rolled in, in October (after three months and three messages), reading:

MOBSETTER IQ Fun Facts has billed @ $9.99/mo.  Reply HELP for help, Reply STOP to cancel.  Msg&Data Rates May Apply.
Again, I've been conditioned to reject spam, but at this point a lightbulb went on in my brain and I recalled those stories on premium text messages and got a sinking feeling.  So I dialed Sprint.

II. Sprint Condones its Customers Being Scammed

The Sprint customer service rep confirmed that those were premium text messages, at a cost of $9.99 USD each.  The rep asked, "Have you ever signed up for this service?"

"No.  I've never seen or heard of this service in my life.  Clearly this is some sort of data mining/fraud scheme."

The Sprint rep tells me, "Well if someone had access to your phone, they could have sent a message signing you up for this service."

Sprint Sign
[Source: Lisa Poole/AP]

No, I explained, I kept my phone on me at all times, locked, and only I have used it. And I never signed up for "MOBSETTER IQ". 

Eventually the service rep agreed to refund the premium texts.  But I wanted to get to the bottom of this so I probed deeper.  I asked why there was this option in the first place.  I was told that Sprint customers were automatically "opted in" to allow premium texts and I had to specifically opt out (which, at this point I did).  I asked them to double check this with their supervisor.

Indeed, the supervisor confirmed (or at least was of the belief) that Sprint automatically opts its customers into allowing premium rate text messages.

Shocked and beginning to sympathize for the plight of my fellow Sprint subscribers I asked, "Well are you at least going to block this number from sending messages to other Sprint customers?"

"No.  Some people want to use this kind of service," the rep replied.

Really?  People want to pay $9.99 per text to get nonsensical, grammatically incorrect text messages from a company that clearly engages in fraud?  That's pretty hard to believe.

I asked them to get their supervisor and confirm to me what kind of policy was in place for eventually dealing with scammers.  There had to be some kind of system in place.

The supervisor informed me that indeed, if enough customers called (like I had) to report fraud from a particular premium number, Sprint would block it.  But this blocking was purely reactionary.  

This was about where our conversation ended and it left me very concerned about the safety and financial security of my fellow Sprint subscribers.

Let me summarize:
  1. It's easy to mine people's phone numbers -- many seemingly legitimate Android apps even do this (technically they have to ask for permission, but if apps like Angry Birds ask for your number, you tend to falsely trust them).  Further, many people give out their numbers for business (as I do as a journalist), so there's yet another source of exploitable numbers.
  2. Once a scammer has your number, on Sprint's network, they can freely send you premium rate texts without warning or opt in, billing you $9.99 per text.
  3. Let's assume that only 50 percent of customers notice this and respond.  After all, if you're paying $120/month for a 4G smartphone + tethering + fees, $10 is somewhat easy to miss, particularly if you're a busy person.
  4. So taking the 50 percent rate, assume that the spammers send 20,000 people one premium text message.  Of those people, 10,000 complain about the message, while the other 10,000 unwittingly pay for it.
  5. Sprint has now handed the scammer ~$100K USD, which the scammer can merrily wire off to a Swiss bank account, as they light up a cigar in their shack in Russia or whatever other region they happen to reside in.
I am apalled that Sprint is letting this happen and any subscriber should be too.  Sprint is absolutely condoning -- effectively supporting, even -- this kind of fraud.

A Sprint employee emailed me after this article went live, pointing me to this webpage.  It claims:

One of the handy things about a Sprint device is how easy it is to receive mobile content via text message. Premium Text Messaging allows you to enjoy a variety of mobile content supplied by third-party providers, and pay for that content via your cell phone bill. Since you will later be billed for this content, you must subscribe (opt-in) to any Premium Messaging service.

That's nice, but it appears that:
a) At least some of Sprint's customer service representatives are unaware of this policy.
b) People are still getting these messages without opting in.

I find it highly fishy that Sprint's "opt in" system magically stops working on a form of fraud that the company reportedly directly profits off of.  At best Sprint is misleading customers by claiming they're safe if they don't opt in (again in my experience you can get these messages and charges on Sprint without ever opting in).  At worst it's lying to customers in order to participate in a deliberate profit-driven fraud scheme.

III. Verizon and AT&T Offer Stronger Protections

So I wanted to get some perspective so I contacted customer service representives at Verizon Wireless -- a joint venture of Verizon Communications Inc. (VZ) and Vodafone Group Plc. (LON:VOD) -- and AT&T.  

What I found, interestingly is that both companies offer stronger protections than Sprint.  Most importantly, both offer premium text messaging as opt-in only, unlike was Sprint does.

States AT&T:

Customers phone accounts are not automatically opted into these messages. A growing number of companies and organizations offer opt-in alerts which, like spam, are also received as messages on mobile devices. "Signing up" can be as simple as texting a code to a number to request more information, receive updates, or enter a sweepstakes. The confusion with spam occurs when subscribers either forget they have signed up for alerts or don’t know how to cancel their subscription.

States Verizon:

Verizon Wireless customers must double opt in to premium SMS programs -- meaning when they send a message to a short code, they are asked to confirm, then they are asked again if they are sure they want to opt in.  Programs must offer options for customers to opt out (for example, "quit" or "stop").  These are industry guidelines organized by the Mobile Marketing Assn.

While this is better than the lax policy I experienced at Sprint, there's still significant issues in that a malware program could in theory send the text opting in and then send the confirmation text, deleting the messages to hide its trail.

As for customers who have experienced fraud, these firms' policies are similar to what I experienced at Sprint.

States Verizon:

Customers who think they have fraudulent charges can call Customer Service to discuss credits.  Verizon Wireless also offers a premium SMS BLOCK at no charge for customer who want to opt out of all of PSMS.

States AT&T:
AT&T has been the industry leader in addressing the challenge of cell phone spam. They’ve has installed an aggressive "behind-the-scenes" spam-defense system with state-of-the-art network filters, virus traps and other blocking methods that have proven to be effective at screening unwanted messages. In addition, AT&T works closely with lawmakers and regulatory authorities to improve anti-spam laws -- and helps law enforcement agencies identify spammers.

Customers can also sign up for AT&T Smart Limits for Wireless to block phone calls and SMS from specific 10-digit phone numbers as an additional measure to stop unwanted calls and/or messages:" rel="nofollow ($4.99 per month/ per subscriber). Customers can also contact AT&T Customer Care for assistance with specific issues.

The latter part is a bit noteworthy as AT&T is the only company that suggested it was pursuing law enforcement action against these spammers.  Sprint and Verizon simply seemed to cast a blind eye to this type of fraud (although Verizon had better initial defenses with its double opt-in process).

Police officer
Only AT&T indicated that it reports PSMS frauders to police. [Source: iStockPhoto/Jeff Griffin]

As for whether frauders are blocked, Verizon tells me:

While I can't share any specifics on what would cause us to disable a PSMS short code, we do monitor the content providers on a regular basis to ensure they are in compliance.

And AT&T comments:

When customers notify AT&T about being charged for spam, AT&T works with them to resolve the charges. AT&T provides customers who receive SMS and MMS spam with credits to offset the charges. It’s important to note that often AT&T cannot determine if a message is subscribed or unsolicited until the customer brings it to their attention.

Additionally, customers can get more info on how to control spam by visiting: and search "spam."

It was refreshing to see that these companies are at least trying a little harder than Sprint appeared to be.

Note: I reached out to Deutsche Telekom AG's (ETR:DTE) T-Mobile USA, inquiring about their policies, but they did not respond.  I also emailed Sprint's press contact, to confirm the policies that the service manager claimed to me, but received no response.

IV. What Needs to be Done

If you haven't already, I strongly suggest you call your carrier and ask them to block premium text messages to your phone.  

That's a temporary solution, albeit one that requires a bit of effort.  The real solution would be for the government -- or better yet carriers -- to ban these kind of premium texts.  A text does not cost $0.10, much less $10 and it's ridiculous to think there's virtually any sort of valid use for premium texts.

The industry should ban this type messaging.

Failing to do so is simply asking for customers to fall victim to frauders.  Again remember, premium text frauders -- on Sprint at least -- only need your number.  They don't need your permission.  And in theory even if they did need your permission (i.e. AT&T and Verizon subscribers), smart phone malware could give them that permission.

Adopting smartphone antimalware software can help prevent this.

But again, I can't emphasize enough.  Premium messaging should be banned by the industry.  It's basically asking for customers to be defrauded.

Comments     Threshold

This article is over a month old, voting and posting comments is disabled

RE: Happened to me
By JasonMick on 10/21/2011 11:05:29 AM , Rating: 5
You forgot to post the reason that carriers allow this. Because the carriers get 30-50% of the charge themselves. The carriers are making huge profits from fraudulent charges.

Thanks for the info, I was unaware of this.

It's absolutely critical to try to put this as far out in the public eye as possible because this stinks like a rat, and sure seems like one.

It'd be kind of like if all the ISPs started accepting payoffs from spammers and then began taking more liberal stances in allowing spam email.

If carriers are indeed complicit in defrauding customers, then -- and only then -- the government should step in, in my opinion.

RE: Happened to me
By tekzor on 10/21/2011 12:53:22 PM , Rating: 2
This happened to me on verizon. I notice my monthly bill was $10 higher. Called up the rep and got the charge immediately "credited" and the number blocked. No questions asked.

RE: Happened to me
By Samus on 10/22/2011 2:07:12 AM , Rating: 1
Happened to me on US Cellular over a year ago. A little bit of bitching got the charges reversed. They claim I signed up for the service.

I've never texted any company, signed up for any services or "promotions", not even snapped a QR tag. So how they got on there is beyond me...

It definitely seems more rampant with the smaller carriers, though, presumably because they get a significant cut, and need the income when competing with AT&T.

RE: Happened to me
By TheRequiem on 10/21/11, Rating: -1
RE: Happened to me
By Camikazi on 10/21/2011 5:51:33 PM , Rating: 2
Any premium paid for service that is separate from the monthly billing charge for the line should ALWAYS be blocked unless specifically asked by the custom to be allowed. By not only allowing them, but also letting them be activated WITHOUT the customers direct consent is fraud on Sprints part. The fact that Sprint will refund the money makes no difference, the fact they they allow this to knowingly happen is the problem and the fact they they get a cut from it is the fraud.

RE: Happened to me
By rudy on 10/24/2011 12:55:55 AM , Rating: 2
This is false the entire point of post paid customers is that they do not want to have any limits should they need to use it. And the game with post paid has always been over charges, and I mean always and still is. What you are suggesting is the opposite you want a prepaid phone where you have limits in service up front and should you need more service you will need to go buy it or enable it.

I also know of people who have complained about this on almost every carrier so I think the title itself is misleading because it suggest sprint is the only company doing this. I know people who were hit on verizon. Back in the old days of 900 numbers you were just screwed but sprint and other companies now days are all in every case I know of removing the charges and disabling the service at the request of the customer.

RE: Happened to me
By lyeoh on 10/26/2011 10:28:39 AM , Rating: 2
Seems closer to theft than fraud. But I guess the courts will treat it as fraud.

It's not the same as spam email because you get charged USD9.99 for each message.

So how do telcos keep getting away with aiding and abetting a crime, while Facebook, Twitter, Google, etc may soon be liable for infringment by their users?

So _stealing_ from the small guy is OK but copying stuff from the **AA isn't?

"Intel is investing heavily (think gazillions of dollars and bazillions of engineering man hours) in resources to create an Intel host controllers spec in order to speed time to market of the USB 3.0 technology." -- Intel blogger Nick Knupffer

Copyright 2016 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki