Fraudulent Toll Charges

Forums › 2degrees (including Slingshot, Orcon, Flip, Stuff Fibre, MyRepublic, 2talk and Vocus) › Fraudulent Toll Charges

mattRSK

822 posts

Ultimate Geek
+1 received by user: 3

Trusted

#238256 9-Jul-2018 14:46

I am wondering if anyone else has experienced the following issue on 2Degrees home phone plus.

Toll calls have been made from my phone to France from Saturday morning until early Monday morning. The calls are short and I have been charged $5 each time. Totalling just over $400.

The strange thing is that no one in this house has ever made a call to France.

I received a text message from 2degrees at 9am this morning. They advised there had been high toll call usage and wanted to check if these were genuine.

I called 2degrees and advised they were not genuine. Only to be told that I will still have to pay the toll charges. As the calls were made from my account.

I have spoken to a supervisor who will talk to accounts.

I really would have thought there would be a system in place to detect abnormal usage. With a toll bar applied until confirmation is received from the user.

The explanation from 2degrees is that someone has used a brute force method to gain access to the modem. Via remote access. They have factory reset the modem. This will supposedly prevent any further charges. I find this a bit hard to believe. Although I have a toll bar in place now.

Does this sound familiar to anyone?

1 | 2

12173 posts

Uber Geek
+1 received by user: 8467

Trusted

Lifetime subscriber

#2052062 9-Jul-2018 14:58

Are you using 2Degrees provided hardware / modem or 3rd party?

John

mattRSK

822 posts

Ultimate Geek
+1 received by user: 3

Trusted

#2052069 9-Jul-2018 15:02

Hi John

I am using the 2degrees supplied and configured fritzbox.

wellygary

8810 posts

Uber Geek
+1 received by user: 5287

#2052079 9-Jul-2018 15:24

mattRSK:

The calls are short and I have been charged $5 each time. Totalling just over $400.

So I'm assuming that they are to "premium" services, - it does sound like you may have been compromised somewhere along the line,

Do any other apps/devices have access to the outgoing number,

SaltyNZ

8862 posts

Uber Geek
+1 received by user: 9539

Trusted

2degrees

Lifetime subscriber

#2052084 9-Jul-2018 15:38

mattRSK:

I really would have thought there would be a system in place to detect abnormal usage.

Not that I am unsympathetic about fraud, but you said you received a text advising of abnormal usage, so, it looks like there is (and in fact there is such a fraud management system on the mobile side of the business too; possibly even the same system), and hooray for you that you found out the next day instead of on your bill after it was $40,000 instead of $400.

In regards to toll bars being put in place until a subscriber confirms, well, it's not my system, but I can tell you that in general you can please some of the people some of the time, but not all of the people any of the time. If by default a toll bar was in place until people asked for it to be removed, you'd have people complaining that it was outrageous they had to call up and get the toll bar removed, and why didn't <provider> allow them to just do it because it's 2018 and it's a global world etc etc.?

What you could probably do is ask them to lock down the account so that it can only be logged into from your port, or at least from within the 2degrees network. That will greatly reduce the chances that some internet random will guess your SIP credentials in future.

iPad Pro 11" + iPhone 15 Pro Max + 2degrees 4tw!

These comments are my own and do not represent the opinions of 2degrees.

chevrolux

4962 posts

Uber Geek
+1 received by user: 2638
Inactive user

#2052095 9-Jul-2018 15:55

Sounds like this is 100% on two degrees to credit back and fix properly.

I would say different if it was a customer configuration that got hacked. But the whole point of managing voice service is so you can control the security too.

sbiddle

30853 posts

Uber Geek
+1 received by user: 9996

Retired Mod

Trusted

Biddle Corp

Lifetime subscriber

#2052098 9-Jul-2018 16:06

SaltyNZ:

What you could probably do is ask them to lock down the account so that it can only be logged into from your port, or at least from within the 2degrees network. That will greatly reduce the chances that some internet random will guess your SIP credentials in future.

The last time this happened to people it was the Fritzbox that was compromised not somebody brute forcing SIP credentials.

Quic Broadband

Move to New Zealand's best fibre broadband service (affiliate link). Free setup code: R587125ERQ6VE. Note that to use Quic Broadband you must be comfortable with configuring your own router.

mattRSK

822 posts

Ultimate Geek
+1 received by user: 3

Trusted

#2052100 9-Jul-2018 16:07

Thanks for your responses.

I guess where I am coming from is that I now have an additional $400 expense, through no fault of my own. Simply by having a connected phone line I am at risk of these charges. There is nothing I could have done differently to avoid these charges.

hio77

'That VDSL Cat'
13036 posts

Uber Geek
+1 received by user: 3896

ID Verified

Trusted

Lizard Networks

Subscriber

#2052101 9-Jul-2018 16:11

sbiddle:

SaltyNZ:

What you could probably do is ask them to lock down the account so that it can only be logged into from your port, or at least from within the 2degrees network. That will greatly reduce the chances that some internet random will guess your SIP credentials in future.

The last time this happened to people it was the Fritzbox that was compromised not somebody brute forcing SIP credentials.

Thought they patched this?

@OP is your fritzbox up to date?

#include <std_disclaimer>

Any comments made are personal opinion and do not reflect directly on the position my current or past employers may have.

mattRSK

822 posts

Ultimate Geek
+1 received by user: 3

Trusted

#2052104 9-Jul-2018 16:24

hio77:

sbiddle:

SaltyNZ:

What you could probably do is ask them to lock down the account so that it can only be logged into from your port, or at least from within the 2degrees network. That will greatly reduce the chances that some internet random will guess your SIP credentials in future.

The last time this happened to people it was the Fritzbox that was compromised not somebody brute forcing SIP credentials.

Thought they patched this?

@OP is your fritzbox up to date?

I have Fritz!OS 06.52. I've just checked and 06.84 is available. Trouble is 2degrees do not provide information on which OS it should be.

A replacement Fritzbox was sent out last year from 2degrees, I am not sure why though.

jonathan18

7415 posts

Uber Geek
+1 received by user: 2850

ID Verified

Trusted

#2052107 9-Jul-2018 16:26

Here's a thread on a similar issue back when 2 Degrees was Snap; I got 'hacked' twice, but didn't have to pay either time (and damn well shouldn't have had to, given where the fault lay).

https://www.geekzone.co.nz/forums.asp?forumid=85&topicid=148602&singlepage=yes

RunningMan

9184 posts

Uber Geek
+1 received by user: 4833

#2052108 9-Jul-2018 16:30

An old thread from Snap days https://www.geekzone.co.nz/forums.asp?forumid=85&topicid=148602

It mentions unusual log entries on the Fritz prior to the calls - may pay to check if you are seeing something similar.

EDIT: Doh - beaten to it by @jonathan18

Geekzone support

Support Geekzone with one-off or recurring donations Donate via PressPatron.

mattRSK

822 posts

Ultimate Geek
+1 received by user: 3

Trusted

#2052109 9-Jul-2018 16:31

jonathan18:

Here's a thread on a similar issue back when 2 Degrees was Snap; I got 'hacked' twice, but didn't have to pay either time (and damn well shouldn't have had to, given where the fault lay).

https://www.geekzone.co.nz/forums.asp?forumid=85&topicid=148602&singlepage=yes

Now I wish I had checked the log before the factory reset. Reading that thread it seems that the same problem still exists.

yitz

2238 posts

Uber Geek
+1 received by user: 594

#2052140 9-Jul-2018 17:44

I wonder if they provision ONT voice on request?

SaltyNZ

8862 posts

Uber Geek
+1 received by user: 9539

Trusted

2degrees

Lifetime subscriber

#2052390 10-Jul-2018 08:48

sbiddle:

SaltyNZ:

What you could probably do is ask them to lock down the account so that it can only be logged into from your port, or at least from within the 2degrees network. That will greatly reduce the chances that some internet random will guess your SIP credentials in future.

The last time this happened to people it was the Fritzbox that was compromised not somebody brute forcing SIP credentials.

Ah, yes, not a lot you can do about that...

iPad Pro 11" + iPhone 15 Pro Max + 2degrees 4tw!

These comments are my own and do not represent the opinions of 2degrees.

vulcannz

436 posts

Ultimate Geek
+1 received by user: 136
Inactive user

#2052505 10-Jul-2018 10:57

SaltyNZ:

What you could probably do is ask them to lock down the account so that it can only be logged into from your port, or at least from within the 2degrees network. That will greatly reduce the chances that some internet random will guess your SIP credentials in future.

LOL seriously would a VOIP provider operate open SIP without an SBC with no brute force protection? I hope not.

1 | 2