AT&T has been facing challenges from the ‘Yes Yes’ Scam, where hackers exploit poorly configured voicemail systems. The scam involves hackers identifying voicemail boxes with weak PINs through war dialing. Once a vulnerable box is found, the hacker modifies the greeting to repeat ‘Yes Yes Yes’ continuously.
Next, the hacker uses the voicemail number as a chargepoint for calls. When AT&T’s automated system calls the number and asks for permission to place the charge and authorize the call, the repeated ‘Yes Yes Yes’ fools the system and often the real operators as well.
AT&T initially placed the blame on the poor security of the voicemail services rather than their own cross-charging procedures. They started demanding payments from the victims, leading some to take legal action against AT&T. Eventually, AT&T dropped the payment demands and improved their security checking procedures.
To combat the scam, AT&T developed a Turing-style test to verify that the ‘YES’ response is indeed coming from a human and not a machine. Now, instead of just saying “yes,” the operator asks the person to read back a specific number to confirm their authenticity. This measure aims to prevent future scams and ensure more secure transactions.
Regenerate response