TL;DR – When someone calls your landline, they can prevent you from hanging up, and intercept calls you make afterwards.
There is a bug lurking on Telstra’s landline telephone system which scammers are making use of. The scam is described in The Age; it usually runs like this, where a scammer (the A-party) calls a victim (the B-party):
IMPORTANT NOTE: If you are receiving malicious calls, speak with your telephone provider (most have procedures to trace calls). If these calls are life threatening, call the Police on 000, within Australia.
Telephone fraud
- A-party:
- This is the Rolex Store manager here. Someone has attempted to use your credit card here. Please call your bank straight away and cancel your card.
- B-party:
- Thanks. (hangs up) [NOT TRUE: Call is still connected because A-party has not hung up]
- B-party
- (picks up receiver, hears dial tone) [NOT TRUE: Scammer is playing fake dial tone]
(Dials the number, hears the usual bank menus, and gets through to someone [Actually: the scammer’s mate]. - A-party
- The scammer’s mate tells a false story of an attempt to withdraw the entire victim’s savings account and pretends to place "Red Alerts" on the account.
Some days and several calls later, the victim is told the only way to protect the money is to transfer it to a "Safety Deposit" account with Barclays in the UK until Police investigations are concluded. Several victims have complied, losing $5m in the process.
While the Fairfax media (The Age) goes into the fraud in some detail, they only make cursory mention of a "long-held" cold-call scam, and they don’t even identify it as a bug.
A Software bug
The bug is that when the B-party hangs up, the call does not disconnect. It only disconnects if the A-party hangs up, or if a timeout expires[1].
It is a very nasty bug, because most people believe that if they initiate their own call to the bank (or Police), the call is safe. The bug does not occur in New Zealand; the call disconnects as soon as either party hangs up. This has always been the case (30+ years)[2] [3].
Like any security bug in Linux/Firefox/Windows/Oracle/etc, the question naturally arises: when can we expect a fix, and what are the precautions/workarounds?
It is Telstra’s responsibility to fix this bug.
UPDATE Part 2 – how to test your landline for the bug, and ways to protect yourself is now available
Links and Footnotes
- The Age – second article on the topic
http://www.theage.com.au/money/fraudsters-rip-off-5m-from-elderly-victims-using-telephone-scam-20160404-gnxpbu.html - The Age – first article on the topic (but no mention of the landline problem at all)
http://www.theage.com.au/money/dont-fall-for-fraud-this-april-fools-day-20160327-gnrtha.html - Whirlpool – phone scam
https://forums.whirlpool.net.au/forum-replies.cfm?t=2518168 - BBC – Similar news article in the UK
http://www.bbc.com/news/uk-england-dorset-25986699 - Sunshine: television show segment showing interview with Arthur Katsogiannis of the NSW Fraud and Cybercrime Squad
https://au.tv.yahoo.com/sunrise/video/watch/30872608/police-warn-of-new-phone-scam/ (4 minute video) - [1] Timeouts reportedly vary from 12 seconds to five minutes depending on the type of call: 12 seconds from a Telstra mobile, 30 seconds from a VoIP line, 90 seconds from a payphone, and "it seemed like five minutes" was also reported.
- [2] I lived in New Zealand until the mid ’90s and never encountered the bug – and I do clearly remember several cases of being disconnected because the B-party hung up; also me accidentally hanging up on a caller and getting fresh dial tone one second later. Telecom NZ ran NEAX-61 exchanges (various types) at the time. A test done April 2016 in Auckland confirms nothing has changed.
- [3] A hookflash allowance (two seconds) may apply – such as for subscribers with conferencing or call waiting features.
It is called A-party release and it’s not a software bug, it’s a feature purposely designed into the exchange operation to replicate historical funtionality. The phone system here has always worked that way. B-party release was an option that used to be set up to trace malicious calls. Prior to computerised call control, Technicians would need to literally trace out the wiring and switch connections from exchange to exchange in order to identify the offending caller’s number. To allow time for this, the B-party’s line was reconfigured and they were told, in case of a nuicance call, to leave the phone off the hook and use another phone to notify police. This would lock up all the switch equipment used to establish the connection and allow it to be manually traced to the source.
The wrinkle here is that someone’s realized they can pretend to be an exchange and fool the caller into thinking they are calling someone else. I’m surprised it took this long.
Hi PJB,
Thanks for the clarification. Remembering that if something operates differently to expected, it’s called a “bug”. Is it right to say this is the way that people expect it to operate?
Can we now say that “times have changed”?
Alternatively, do service providers have an obligation to accurately describe the service (including A-party release)?
Some more useful links have come in:
1. Stack Exchange thread. Note they call it Called Subscriber Held (CSH)
http://security.stackexchange.com/questions/100268/does-hanging-up-on-a-uk-landline-call-not-terminate-the-connection
2. Telstra -> Consumer Advice -> Unwelcome Calls -> Clearing the line
https://www.telstra.com.au/consumer-advice/unwelcome-calls/call-types
“replace the receiver and do not pick it up for five minutes”
There is a very easy work around on this method. Hit flash recall and then connect to any other number.
Then you can go back to the offending caller recall 2. Then hit recall 1 bang the offending party has gone