Jump to content
Sign in to follow this  
pal2002

Phone numbers spoofed to steal RS pins

Recommended Posts

The hackers just get more and more creative...

How can a phone company actually get spoofed by fake caller id's...lol

 

 

http://www.theherald.com.au/news/local/news/general/police-investigate-fake-calls-to-telstra-customers/2526773.aspx

 

Police have become involved in an investigation into how dozens of Telstra customers with numbers starting with 4963 were wrongly billed for calls to an internet gaming site.

Telstra’s billing and security divisions have been investigating how several hundred calls to 1900 910 080 were made during a two-week period last month.

 

The calls, billed at a rate of $13.97, were made to buy tokens to play the online game Runescape.

 

‘‘Our investigation is continuing and we have now briefed police,’’ Telstra’s Hunter Region manager Chris Cusack said yesterday.

 

‘‘We are also in the process of contacting all affected customers.’’

 

Telstra is also working with the company that provides online PIN numbers to play Runescape, Surfpin, and the site’s manager, Cloudtel.

 

The telco has refused to release details of its investigation into the incident.

 

It is still not known if the fake calls, which have generally occurred late at night, originated within Australia.

 

A telecommunications engineer previously told the Newcastle Herald it was likely the calls were made using Caller ID spoofing technology, which uses an internet-based server to make telephone calls with false numbers.

 

Caller ID spoofing is the world’s fastest-growing form of telecommunications fraud on landlines and mobile services.

 

An Australian Communications Consumer Action Network spokeswoman urged customers who suspected they had been wrongly billed for calls to contact their telco.


I would prefer even to fail with honor than to win by cheating - Sophocles

php1CLVGLAM.jpg

Share this post


Link to post
Share on other sites

Sounds unfortunate that Jagex have been caught in this. By the looks of it, there is nothing they could have done. I just hope the problem is rectified with the owners of those numbers who have been wrongly charged.


Want to be my friend? Look under my name to the left<<< and click the 'Add as friend' button!

zqXeV.jpg

Big thanks to Stevepole for the signature!^

Share this post


Link to post
Share on other sites

Oh for gods sake Telstra.... Pull your shit together. >.<

 

If you're going to be the dominative phone company in Aus, at least do a better job then the rest.

Share this post


Link to post
Share on other sites

I think it was surfpin who got spoofed, not the phone company. Surfpin probably just uses the caller id to know who to send the bill too, which unfortunately relies on the originating phone to be honest about its number. The easiest way I can think of to fix it would be to have surfpin text a pin back to the number listed in the caller id, and then have to use that pin to make the purchase. That way if you spoof a number, the confirmation pin goes back to the legitimate phone. To get around it, you would need to actually clone a phone, which is considerably harder to do, especially on a large scale.

 

Alternatively, for things like landlines you would actually need to just have to set it up so you make the purchase, and then when you hang up surfpin calls you back so you can verify it that way.

Share this post


Link to post
Share on other sites

I think it was surfpin who got spoofed, not the phone company. Surfpin probably just uses the caller id to know who to send the bill too, which unfortunately relies on the originating phone to be honest about its number. The easiest way I can think of to fix it would be to have surfpin text a pin back to the number listed in the caller id, and then have to use that pin to make the purchase. That way if you spoof a number, the confirmation pin goes back to the legitimate phone. To get around it, you would need to actually clone a phone, which is considerably harder to do, especially on a large scale.

 

Alternatively, for things like landlines you would actually need to just have to set it up so you make the purchase, and then when you hang up surfpin calls you back so you can verify it that way.

 

Wait, they don't? I bought my membership over the phone once many years ago for RuneScape and I remember putting in my phone number on the website and getting an automated call with the pin. They don't do that anymore?


banner6jf.jpg

 

jomali.png

Share this post


Link to post
Share on other sites

I think it was surfpin who got spoofed, not the phone company. Surfpin probably just uses the caller id to know who to send the bill too, which unfortunately relies on the originating phone to be honest about its number. The easiest way I can think of to fix it would be to have surfpin text a pin back to the number listed in the caller id, and then have to use that pin to make the purchase. That way if you spoof a number, the confirmation pin goes back to the legitimate phone. To get around it, you would need to actually clone a phone, which is considerably harder to do, especially on a large scale.

 

Alternatively, for things like landlines you would actually need to just have to set it up so you make the purchase, and then when you hang up surfpin calls you back so you can verify it that way.

 

Wait, they don't? I bought my membership over the phone once many years ago for RuneScape and I remember putting in my phone number on the website and getting an automated call with the pin. They don't do that anymore?

 

I believe the way it works (paying by phone) is you put in the phone number, then it gives you the number to call. That's how it worked for me ages ago.

Share this post


Link to post
Share on other sites

I honestly don't know how it works, since I have never used that service, so I am just guessing based on what they did in the article. Spoofing only works when you call them. To actually intercept a call to another phone, you would either need to tap into the land line for land line phones, or for cells, you need to clone them.

Share this post


Link to post
Share on other sites

Yeah you write your number in, then it gives you a number to call and then it tells you pin when u ring that number


Ace_of_Bluud.png
Ace_of_Bluud.png
Ace_of_Bluud.png
Ace_of_Bluud.png
Me behave? Seriously? As a child I saw Tarzan almost naked, Cinderella arrived home from a party after midnight, Pinocchio told lies, Aladin was a thief, Batman drove over 200 miles an hour, Snow White lived in a house with seven men, Popeye smoked a pipe and had tattoos, Pac man ran around to digital music while eating pills that enhanced his performance, and Shaggy and Scooby were mystery solving hippies who always had the munchies. The fault is not mine! if you had this childhood and loved it put this in your signature!

Share this post


Link to post
Share on other sites

The last time I paid by phone was probably 2005.. but when I did it, I just called a number and was charged that way. They never called me.


Posted Image

 

- 99 fletching | 99 thieving | 99 construction | 99 herblore | 99 smithing | 99 woodcutting -

- 99 runecrafting - 99 prayer - 125 combat - 95 farming -

- Blog - DeviantART - Book Reviews & Blog

Share this post


Link to post
Share on other sites

either that or the kid isnt telling his parents that hes wasting money on an online game and they think theyre getting falsely billed :wink:

Share this post


Link to post
Share on other sites

either that or the kid isnt telling his parents that hes wasting money on an online game and they think theyre getting falsely billed :wink:

 

The article makes it pretty clear that it isn't just some kid lying. The article only mentions dozens of numbers starting with 49 since that's the area code for Newcastle and the article was written for the newspaper in that area (has been picked up by other newspapers too). There are earlier articles dating back to the start of the month that cover the same thing.

Share this post


Link to post
Share on other sites

either that or the kid isnt telling his parents that hes wasting money on an online game and they think theyre getting falsely billed :wink:

 

The article makes it pretty clear that it isn't just some kid lying. The article only mentions dozens of numbers starting with 49 since that's the area code for Newcastle and the article was written for the newspaper in that area (has been picked up by other newspapers too). There are earlier articles dating back to the start of the month that cover the same thing.

 

 

yikes! looks like i need a distraction :rolleyes:

 

 

:thumbsup:

Share this post


Link to post
Share on other sites

I wonder if this even *really* belongs in General Discussion rather than off-topic.

I mean sure the scammer's happened to buy RS pins but it's not exactly RS related. It's all to do with the scammers, surfpin and the telecoms company. No real direct involvement for runescape or impact to runescape as a game.


Plv6Dz6.jpg

Operation Gold Sparkles :: Chompy Kills ::  Full Profound :: Champions :: Barbarian Notes :: Champions Tackle Box :: MA Rewards

Dragonkin Journals :: Ports Stories :: Elder Chronicles :: Boss Slayer :: Penance King :: Kal'gerion Titles :: Gold Statue

Share this post


Link to post
Share on other sites

Did they buy spins or membership? Someone from down under who's familiar with prices?

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.