Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


Forums2degrees (including Slingshot, Orcon, Flip, Stuff Fibre, MyRepublic, 2talk and Vocus)Fraudulent Toll Charges
mattRSK

822 posts

Ultimate Geek

Trusted

#238256 9-Jul-2018 14:46
Send private message

I am wondering if anyone else has experienced the following issue on 2Degrees home phone plus.

 

Toll calls have been made from my phone to France from Saturday morning until early Monday morning. The calls are short and I have been charged $5 each time. Totalling just over $400.

 

The strange thing is that no one in this house has ever made a call to France.

 

I received a text message from 2degrees at 9am this morning. They advised there had been high toll call usage and wanted to check if these were genuine.

 

I called 2degrees and advised they were not genuine. Only to be told that I will still have to pay the toll charges. As the calls were made from my account.

 

I have spoken to a supervisor who will talk to accounts.

 

I really would have thought there would be a system in place to detect abnormal usage. With a toll bar applied until confirmation is received from the user.

 

The explanation from 2degrees is that someone has used a brute force method to gain access to the modem. Via remote access. They have factory reset the modem. This will supposedly prevent any further charges. I find this a bit hard to believe. Although I have a toll bar in place now.

 

Does this sound familiar to anyone? 

Filter this topic showing only the reply marked as answer View this topic in a long page with up to 500 replies per page Create new topic
 1 | 2
Linux
11434 posts

Uber Geek

Trusted
Lifetime subscriber

  #2052062 9-Jul-2018 14:58
Send private message

Are you using 2Degrees provided hardware / modem or 3rd party?

 

John



mattRSK

822 posts

Ultimate Geek

Trusted

  #2052069 9-Jul-2018 15:02
Send private message

Hi John

I am using the 2degrees supplied and configured fritzbox.

wellygary
8335 posts

Uber Geek


  #2052079 9-Jul-2018 15:24
Send private message

mattRSK:

 

The calls are short and I have been charged $5 each time. Totalling just over $400.

 

 

So I'm assuming that they are to "premium" services, - it does sound like you may have been compromised somewhere along the line,

 

Do any other apps/devices have access to the outgoing number,  



SaltyNZ
8235 posts

Uber Geek

Trusted
2degrees
Lifetime subscriber

  #2052084 9-Jul-2018 15:38
Send private message

mattRSK:

 

I really would have thought there would be a system in place to detect abnormal usage.

 

 

 

 

Not that I am unsympathetic about fraud, but you said you received a text advising of abnormal usage, so, it looks like there is (and in fact there is such a fraud management system on the mobile side of the business too; possibly even the same system), and hooray for you that you found out the next day instead of on your bill after it was $40,000 instead of $400.

 

In regards to toll bars being put in place until a subscriber confirms, well, it's not my system, but I can tell you that in general you can please some of the people some of the time, but not all of the people any of the time. If by default a toll bar was in place until people asked for it to be removed, you'd have people complaining that it was outrageous they had to call up and get the toll bar removed, and why didn't <provider> allow them to just do it because it's 2018 and it's a global world etc etc.?

 

What you could probably do is ask them to lock down the account so that it can only be logged into from your port, or at least from within the 2degrees network. That will greatly reduce the chances that some internet random will guess your SIP credentials in future.




iPad Pro 11" + iPhone 15 Pro Max + 2degrees 4tw!

 

These comments are my own and do not represent the opinions of 2degrees.

chevrolux
4962 posts

Uber Geek
Inactive user


  #2052095 9-Jul-2018 15:55
Send private message

Sounds like this is 100% on two degrees to credit back and fix properly.

I would say different if it was a customer configuration that got hacked. But the whole point of managing voice service is so you can control the security too.

sbiddle
30853 posts

Uber Geek

Retired Mod
Trusted
Biddle Corp
Lifetime subscriber

  #2052098 9-Jul-2018 16:06
Send private message

SaltyNZ:

 

What you could probably do is ask them to lock down the account so that it can only be logged into from your port, or at least from within the 2degrees network. That will greatly reduce the chances that some internet random will guess your SIP credentials in future.

 

 

The last time this happened to people it was the Fritzbox that was compromised not somebody brute forcing SIP credentials.

 

 

mattRSK

822 posts

Ultimate Geek

Trusted

  #2052100 9-Jul-2018 16:07
Send private message

Thanks for your responses. 

 

I guess where I am coming from is that I now have an additional $400 expense, through no fault of my own. Simply by having a connected phone line I am at risk of these charges. There is nothing I could have done differently to avoid these charges.

 
 
 
 

Move to New Zealand's best fibre broadband service (affiliate link). Free setup code: R587125ERQ6VE. Note that to use Quic Broadband you must be comfortable with configuring your own router.
hio77
12999 posts

Uber Geek

ID Verified
Trusted
Lizard Networks

  #2052101 9-Jul-2018 16:11
Send private message

sbiddle:

 

SaltyNZ:

 

What you could probably do is ask them to lock down the account so that it can only be logged into from your port, or at least from within the 2degrees network. That will greatly reduce the chances that some internet random will guess your SIP credentials in future.

 

 

The last time this happened to people it was the Fritzbox that was compromised not somebody brute forcing SIP credentials.

 

 

 

 

Thought they patched this?

 

 

 

@OP is your fritzbox up to date?




#include <std_disclaimer>

 

Any comments made are personal opinion and do not reflect directly on the position my current or past employers may have.

 

 

mattRSK

822 posts

Ultimate Geek

Trusted

  #2052104 9-Jul-2018 16:24
Send private message

hio77:

 

sbiddle:

 

SaltyNZ:

 

What you could probably do is ask them to lock down the account so that it can only be logged into from your port, or at least from within the 2degrees network. That will greatly reduce the chances that some internet random will guess your SIP credentials in future.

 

 

The last time this happened to people it was the Fritzbox that was compromised not somebody brute forcing SIP credentials.

 

 

 

 

Thought they patched this?

 

 

 

@OP is your fritzbox up to date?

 

 

 

 

I have Fritz!OS 06.52. I've just checked and 06.84 is available. Trouble is 2degrees do not provide information on which OS it should be. 

 

A replacement Fritzbox was sent out last year from 2degrees, I am not sure why though.

jonathan18
7413 posts

Uber Geek

ID Verified
Trusted

  #2052107 9-Jul-2018 16:26
Send private message

Here's a thread on a similar issue back when 2 Degrees was Snap; I got 'hacked' twice, but didn't have to pay either time (and damn well shouldn't have had to, given where the fault lay).

 

https://www.geekzone.co.nz/forums.asp?forumid=85&topicid=148602&singlepage=yes

RunningMan
8961 posts

Uber Geek


  #2052108 9-Jul-2018 16:30
Send private message

An old thread from Snap days https://www.geekzone.co.nz/forums.asp?forumid=85&topicid=148602

 

It mentions unusual log entries on the Fritz prior to the calls - may pay to check if you are seeing something similar.

 

EDIT: Doh - beaten to it by @jonathan18

mattRSK

822 posts

Ultimate Geek

Trusted

  #2052109 9-Jul-2018 16:31
Send private message

jonathan18:

 

Here's a thread on a similar issue back when 2 Degrees was Snap; I got 'hacked' twice, but didn't have to pay either time (and damn well shouldn't have had to, given where the fault lay).

 

https://www.geekzone.co.nz/forums.asp?forumid=85&topicid=148602&singlepage=yes

 

 

 

 

Now I wish I had checked the log before the factory reset. Reading that thread it seems that the same problem still exists.

yitz
2082 posts

Uber Geek


  #2052140 9-Jul-2018 17:44
Send private message

I wonder if they provision ONT voice on request?

SaltyNZ
8235 posts

Uber Geek

Trusted
2degrees
Lifetime subscriber

  #2052390 10-Jul-2018 08:48
Send private message

sbiddle:

 

SaltyNZ:

 

What you could probably do is ask them to lock down the account so that it can only be logged into from your port, or at least from within the 2degrees network. That will greatly reduce the chances that some internet random will guess your SIP credentials in future.

 

 

The last time this happened to people it was the Fritzbox that was compromised not somebody brute forcing SIP credentials.

 

 

 

 

 

 

Ah, yes, not a lot you can do about that...




iPad Pro 11" + iPhone 15 Pro Max + 2degrees 4tw!

 

These comments are my own and do not represent the opinions of 2degrees.

vulcannz
436 posts

Ultimate Geek
Inactive user


  #2052505 10-Jul-2018 10:57
Send private message

SaltyNZ:

 

What you could probably do is ask them to lock down the account so that it can only be logged into from your port, or at least from within the 2degrees network. That will greatly reduce the chances that some internet random will guess your SIP credentials in future.

 

 

LOL seriously would a VOIP provider operate open SIP without an SBC with no brute force protection? I hope not.

 1 | 2
Filter this topic showing only the reply marked as answer View this topic in a long page with up to 500 replies per page Create new topic





News and reviews »

Air New Zealand Starts AI adoption with OpenAI
Posted 24-Jul-2025 16:00

eero Pro 7 Review
Posted 23-Jul-2025 12:07

BeeStation Plus Review
Posted 21-Jul-2025 14:21

eero Unveils New Wi-Fi 7 Products in New Zealand
Posted 21-Jul-2025 00:01

WiZ Introduces HDMI Sync Box and other Light Devices
Posted 20-Jul-2025 17:32

RedShield Enhances DDoS and Bot Attack Protection
Posted 20-Jul-2025 17:26

Seagate Ships 30TB Drives
Posted 17-Jul-2025 11:24

Oclean AirPump A10 Water Flosser Review
Posted 13-Jul-2025 11:05

Samsung Galaxy Z Fold7: Raising the Bar for Smartphones
Posted 10-Jul-2025 02:01

Samsung Galaxy Z Flip7 Brings New Edge-To-Edge FlexWindow
Posted 10-Jul-2025 02:01

Epson Launches New AM-C550Z WorkForce Enterprise printer
Posted 9-Jul-2025 18:22

Samsung Releases Smart Monitor M9
Posted 9-Jul-2025 17:46

Nearly Half of Older Kiwis Still Write their Passwords on Paper
Posted 9-Jul-2025 08:42

D-Link 4G+ Cat6 Wi-Fi 6 DWR-933M Mobile Hotspot Review
Posted 1-Jul-2025 11:34

Oppo A5 Series Launches With New Levels of Durability
Posted 30-Jun-2025 10:15








Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.







RSS feeds
Main feed
Forums feed
Copyright
©2002-2025 Geekzone®
Site features
Geekzone BI dashboard
Geekzone Badges
Geekzone Status Page

 

Affiliate links
Samsung
AliExpress
Wise
Sharesies
GoodSync
Site Information
Subscribe to Geekzone
Privacy Statement
Forum Usage Guidelines (FUG)
Advertising
Trademark and copyright