Charles Arthur On Technology

Adrift on a sea of scams
Click to follow
The Independent Online

Oh dear, here we go again. The letters page of this newspaper has been dotted in the past few weeks with missives from furious readers whose computers have been hijacked by "Trojan diallers" - bits of software that, once on your computer (and we'll discuss how that happens in a moment) reconfigure your internet settings to dial a premium-rate, or other, number costing up to £1.50 per minute. Thus a two-hour surfing session will cost £180 rather than the pennies you'd expect. About 50,000 people have been stung for a total of £5m; bills running into thousands of pounds have not been uncommon.

Oh dear, here we go again. The letters page of this newspaper has been dotted in the past few weeks with missives from furious readers whose computers have been hijacked by "Trojan diallers" - bits of software that, once on your computer (and we'll discuss how that happens in a moment) reconfigure your internet settings to dial a premium-rate, or other, number costing up to £1.50 per minute. Thus a two-hour surfing session will cost £180 rather than the pennies you'd expect. About 50,000 people have been stung for a total of £5m; bills running into thousands of pounds have not been uncommon.

When I wrote about this topic here last July, the response from you, the readers, indicated that this was a serious problem that had caught the entire telecoms industry off guard. The premium-rate regulator Icstis had no way to prevent scammers from hiring phone numbers off rogue telecoms companies; the telephone companies had no legal powers to step in and stop you or me making calls to a number, even those identified as being used by a "Trojan dialler" scammer. And finally, the telephone companies were legally obliged to pass on the money rung up as charges to the rogue networks. Only if Icstis adjudicated against the scammer did you have much chance of getting your money back; and as many were based abroad - often in places like Florida, a haven, too, of spam e-mailers - the chances were slim.

Thus last August, Icstis acted to kill the scammers' premium-rate numbers and introduced a scheme whereby companies seeking to operate a premium-rate number had first to be licensed by Icstis. Furthermore, the "terminating" network providing the premium-rate number (not BT in most cases; it is simply the channel) must now hold on to any money collected for a number for 45 days before it is passed on - up from 14 days - to allow immediate refund in case of justified user complaints.

So why are people still complaining about Trojan diallers? Both BT and Icstis were initially mystified when I called them this week. BT was even more surprised by the claim made on the BBC's Look East news programme that one victim of a dialler program, Bob Church, had been forgiven his bloated phone bill. "That's cobblers, I'm afraid," said a BT spokesman. "We haven't forgiven anybody their bills. We occasionally make a goodwill payment if we feel our internal processes weren't done correctly - say, we haven't offered premium-rate or international call blocks as quickly as we could have, or didn't deal correctly with the complaint."

But, BT added, the revival in complaints probably shows that the scammers are again ahead of the game. "I think that the number of diallers attached to UK premium-rate numbers is on the decline," he said. "But there's no realistic expectation that they won't attempt to use international numbers for the same purpose."

And that is what has happened. We now have international-rate dialling scams - which first became a problem in the mid-Nineties. Kingston Communications in Hull has blocked all direct-dial access to the Solomon Islands and 12 others, mostly in the South Pacific, after incidents where customers' computers were mysteriously calling numbers there. The Irish telecoms regulator, ComReg, took the same action in September - outraging the islands' telecoms companies, but winning plaudits from those closer to home.

However, BT can't take such action unilaterally because of its size. It is always going to be left playing catch-up because the scammers have first-mover advantage: they're writing the software that uses this stuff. Worse, international phone-call payments must be made, under some "heavy-duty legislation" (to quote BT's man); there's nothing like Icstis to demand that cash is held over while the recipient is investigated.

So we're down to the last lines of defence: your phone line, your computer, and you. BT offers premium-rate blocking for free; you can add international call blocking for £1.75 per month. If you're using Windows, and Internet Explorer, and don't have antivirus and anti-spyware, and haven't got Windows XP with Service Pack 2 installed, and don't have broadband or a wireless router, you might find it a useful economy.

That's because all of this scam software is written for Windows - unsurprising, given how many people use it. Secondly, IE has many security holes; even with XP and Security Pack 2, you're not completely protected, and the scammers will exploit any weakness to get their software downloaded automatically, after which it starts silently changing settings. (Try a different browser, such as Opera or Firefox.) The anti-virus and anti-spyware might at least spot some of these programs appearing.

The simplest solution is to get broadband and unplug your dial-up modem. If the machine can't dial out, it can't run up your bill. Broadband connections don't dial into the exchange in the standard way. (Although the always-on connection brings its own risk of remote hackers trying to subvert your machine.)

Alternatively, a wireless connection (in which you have a box connected to the phone line, and when you want to go online your computer commands it to dial a number you programmed in earlier) is also safe. For the scammers, writing systems that will reprogram your wireless router is (for now, at least) too much hassle.

But there is a last barrier: you. Beware when you're on some of the wilder parts of the net. Make sure precisely what clicking a link will actually do. "Image viewers" for "viewing our site's content" are generally a con; your computer can already handle almost all the formats out there. Check what you're agreeing to when you click a link. And be suspicious. Microsoft wrote Windows as if the world were full of benign, trusting people, and is shocked - shocked, I tell you - to find it is not. So you're the last resort; don't let yourself down.

In the meantime, the advice from Icstis is that if you suddenly find yourself landed with a huge phone bill, contact the Telephone Ombudsman at once and make your case, rather than waiting for BT to begin threatening debt collectors. As BT's spokesman said of these scams: "We can't see any quick fix on the horizon."

www.charlesarthur.com/blog

Telephone Ombudsman (0845 050 1614)

Comments