A friend has a BT phone line and has become aware of a number of short international phone calls appearing on her bill which he definitely didn't make.

BT have been informed and are routinely letting him know if international calls are appearing on his account.

My friend has a dial-up net connection, with the ISP being Orange.

Has anyone else had this experience? Is it possible for your phone line to be 'hacked' in this way? Or is it almost certainly related to the internet connection? If the latter case, would better virus/spyware etc software help?

Or is it possibly just a techincal fault, that calls are wrongly assigned to his number, rather than someone actively being mischeivous?

Any help/advice/insight welcome!

Thanks

Sounds like a dialer (basically software that takes over from your existing dialup connection and sets it to dial an horrifically expensive overseas number). Definitely unplug the dialup modem and then try virus checkers, once they've run then check the dialup connections. To be safe I'd say delete all of them and recreate the correct one to her dialup service, then try to connect and ensure you verify the number called.

Hope that helps,

Thanks for this - sounds really useful.

Am I right in thinking that if this is the problem, then the 'rogue' calls must be made when the PC is switched on, but NOT connected to the net (ie the line cannot be connected to the legitimate ISP and to a number in Kuala Lumpar or wherever at the same time?

What is the point of a scam like this? How does the scammer benefit? The 'rogue' calls in question are very short - surely an effective scam would connect to the premium rate number for ages, to maximise the fraud?

Thanks again.

(Sounds like a dialer (basically software that takes over from your existing dialup connection and sets it to dial an horrifically expensive overseas number). Definitely unplug the dialup modem and then try virus checkers, once they've run then check the dialup connections. To be safe I'd say delete all of them and recreate the correct one to her dialup service, then try to connect and ensure you verify the number called.

Hope that helps,

rogue diallers typically disconnect any dial up connection before making the premium call, then they'll reconnect to the ISP again so you don't notice

I'm not 100% sure but I think the connection is charged at a whole number of minutes at whatever rate the number is on regardless of how long the call is, so the call could last a second but you get charged for five minutes

so 10 calls in the space of a minute charges you for 50 minutes connection time

something like that anyway

And at £7 a minute reportedly, it's worth hacking 10 of them an hour.

this sort of thing does also happen with mobile phones; there was a very interesting feature about this sort of stuff on BBC R4 You & Yours last week I think.

Yorkshire cable told me the same thing a few years ago, saying that I had made loads of international calls.

I disputed this when I rang them, and the bloke on the other end insisted I had made these calls.

Would have loved to have seen his face when I told him there was international call barring on my line so it couldnt possibly have been on my phone line...

From Wikipedia:

Fraudulent Dialers

Dialers are necessary to connect to the internet (at least for non-broadband connections), but some dialers are designed to connect to premium-rate numbers. The providers of such dialers often search for security holes that may be present in the operating system installed on the user's computer and use them to change the computer to dial up through their number, pocketing the additional money for themselves. Alternatively, some dialers inform the user what it is that they are doing, with the promise of special content, accessible only via the special number. Examples of this content include software for download, (usually illegal) MP3s, 'underground' hacking materials such as viruses, and in the case of at least one website, pornography.

The cost of setting up such a service is relatively low, amounting to a few thousand dollars for telecommunications equipment, whereupon the unscrupulous operator will typically take 90% of the cost of a premium rate call, with very few overheads of their own.

Users with DSL lines (or similar broadband connections) are usually not affected. A dialer can be downloaded and installed, but dialing in is not possible as there are no regular phone numbers in the DSL network and users will not typically have their dial-up modem, if any, connected to a phone line. However, if an ISDN adapter or additional analog modem is installed, the dialer might still be able to get a connection.

Malicious dialers can be identified by the following characteristics:

* A download popup opens when opening a website.
* On the website there is only a small hint, if any, about the price.
* The download starts even if the cancel button has been clicked.
* The dialer installs as default connection without any notice.
* The dialer creates unwanted connections by itself and without user interaction.
* The dialer does not show any notice about the price (only few do) before dialing in.
* The high price of the connection is not being shown while connected
* The dialer cannot be uninstalled, or only with serious effort.

Installation Routes

Computers without anti-virus software, or proper updates could be vulnerable to Visual Basic-scripts install a trojan horse which changes values in the Microsoft Windows registry and sets Internet Explorer security settings in a way that ActiveX controls can be downloaded from the Internet without warning. After this change is made, when a user accesses a malicious page or email message, it can start installing the dialer. The script also disables the modem speaker and messages that normally come up while dialing into a network. Users of Microsoft Office Outlook, Outlook Express and Internet Explorer are especially affected if running ActiveX controls and JavaScript is allowed and the latest security patches from Microsoft have not been installed. In March 2004, there were malicious dialers that could be installed through a nonexistent anti-virus software. E-mail spam from a so-called "AntiVirus Team" for example, contained download links to programs named "downloadtool.exe" or "antivirus.exe", which are malicious dialers. Other ways of transmission include electronic greeting cards that link to pages that tricks the user to install ActiveX controls, which in turn install dialers in the background.

Therefore links in spam emails should never be opened, automatically started downloads should be canceled as soon as discovered, and one should check on each dial-up to the internet to see whether the displayed phone number is unchanged. Another way to protect oneself is to disable premium numbers through one's phone services, but of course this disables all such services -- even the honest ones.

Another way of prevention is through the use of anti-spyware programs. Many recent anti-spyware programs can detect and remove dialers, as well as many other forms of malware. Some popular examples include Ad-Aware, Spybot - Search & Destroy, and AVG Anti-Virus.

However, the best way of prevention is by using common sense. Never visit links and sites that are potentially unsafe, and use protection at all times. If an email is sent from an unknown stranger, do not open it (or click on the links contained within) until you can verify that it is sent from a trusted source.