AT&T have been pestering people for months to pay up after they fell victim to the ‘Yes Yes’ Scam on poorly configured voicemail systems. Bills for £6,000 were not unusual.
more.
In the scam, the hacker first war dials looking for voicemail boxes with weak PINs. Then the greeting is reconfigued to say ‘Yes Yes Yes’ repititively.
The cunning perp next uses the number of the voicemail as the chargepoint for calls. when the automated AT&T system dials the number and asks for permission to place the charge and authorise the call, the Yes Yes Yes is enough to fool the system (And the majority of real operators).
AT & T claimed that this problem was wholely down to poor security on the voicemail services rather than their own procedures for checking cross charging. Now that some people have sucessfully sued AT&T, they’ve dropped all payment demands and improved the secuirity on the checking procedure.
To fix the problem AT&T have developed a Turing style test to ensure that the YES is actually coming from a Human being rather than a machine. The operator now asks the person to read back a number rather than just say “yes”.