Stories
Slash Boxes
Comments
NOTE: use Perl; is on undef hiatus. You can read content, but you can't post it. More info will be forthcoming forthcomingly.

All the Perl that's Practical to Extract and Report

use Perl Log In

Log In

[ Create a new account ]

Journal of nicholas (3034)

Thursday June 24, 2004
05:54 AM

make money fast (may not be legal)

[ #19460 ]

Someone I know has an account with one of these firms that offer cheap international calls by prepending a prefix to the number you dial. Frustrated that he couldn't register his work number with them to use it, he tried changing the caller ID his work phone issued to make it appear as if it came from his mobile, and lo, it worked - he could make international calls on his account. (His workplace is something telcoms related, and is set up to be able to change outgoing caller ID for legitimate work reasons)

Which, of course means that he could just as easily make international calls billed to anyone else's account, if he knows which phone numbers they have registered.

So, all that remains is to set up a premium rate phone service abroad, and let the scamming begin.

Please note, this scheme may not be legal. :-) But it's certainly do-able, which is worrying. Authenticating on caller ID - bad plan.

The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
 Full
 Abbreviated
 Hidden
More | Login | Reply
Loading... please wait.
  • To fiddle with your CLID you need to be able to speak SS7. Even so, you *can* still be traced.

    As an example, Alice PBX fiddles with her CLID, places a call which transit's Bob Telecom's network, and is terminated by Clare Telecom. Clare Telecom uses CLID to make some charge against Dave. Dave disputes the bill, Clare looks in her records to see where (which physical connection) the call came from, and sees that it came in from Bob Telecom. Bob can trace the call back from where it left his network to w
  • I wrote IVR code to do precisely this.. authenticate and login to an account using caller-id (they call it ANI, authorized number identification).

    It was even easier in my case.. Large companies basically give you a list of numbers and say "look, if anyone calls come from these numbers, let them through without authentication" (I asked everyone several variants of 'are you REALLY sure you want to do this'? but they still wanted it).. Find out the director's office number, change your caller-ID to respond wi