Cell Phone Companies and Security

This is a fascinating story of cell phone fraud, security, economics, and externalities. Its moral is obvious, and demonstrates how economic considerations drive security decisions.

Susan Drummond was a customer of Rogers Wireless, a large Canadaian cell phone company. Her phone was cloned while she was on vacation, and she got a $12,237.60 phone bill (her typical bill was $75). Rogers maintains that there is nothing to be done, and that Drummond has to pay.

Like all cell phone companies, Rogers has automatic fraud detection systems that detect this kind of abnormal cell phone usage. They don't turn the cell phones off, though, because they don't want to annoy their customers.

Ms. Hopper [a manager in Roger's security department] said terrorist groups had identified senior cellphone company officers as perfect targets, since the company was loath to shut off their phones for reasons that included inconvenience to busy executives and, of course, the public-relations debacle that would take place if word got out.

As long as Rogers can get others to pay for the fraud, this makes perfect sense. Shutting off a phone based on an automatic fraud-detection system costs the phone company in two ways: people inconvenienced by false alarms, and bad press. But the major cost of not shutting off a phone remains an externality: the customer pays for it.

In fact, there seems be some evidence that Rogers decides whether or not to shut off a suspecious phone based on the customer's ability to pay:

Ms. Innes [a vice-president with Rogers Communications] said that Rogers has a policy of contacting consumers if fraud is suspected. In some cases, she admitted, phones are shut off automatically, but refused to say what criteria were used. (Ms. Drummond and Mr. Gefen believe that the company bases the decision on a customer's creditworthiness. "If you have the financial history, they let the meter run," Ms. Drummond said.) Ms. Drummond noted that she has a salary of more than $100,000, and a sterling credit history. "They knew something was wrong, but they thought they could get the money out of me. It's ridiculous."

Makes sense from Rogers' point of view. High-paying customers are 1) more likely to pay, and 2) more damaging if pissed off in a false alarm. Again, economic considerations trump security.

Rogers is defending itself in court, and shows no signs of backing down:

In court filings, the company has made it clear that it intends to hold Ms. Drummond responsible for the calls made on her phone. ". . . the plaintiff is responsible for all calls made on her phone prior to the date of notification that her phone was stolen," the company says. "The Plaintiff's failure to mitigate deprived the Defendant of the opportunity to take any action to stop fraudulent calls prior to the 28th of August 2005."

The solution here is obvious: Rogers should not be able to charge its customers for telephone calls they did not make. Ms. Drummond's phone was cloned; there is no possible way she could notify Rogers of this before she saw calls she did not make on her bill. She is also completely powerless to affect the anti-cloning security in the Rogers phone system. To make her liable for the fraud is to ensure that the problem never gets fixed.

Rogers is the only party in a position to do something about the problem. The company can, and according to the article has, implemented automatic fraud-detection software.

Rogers customers will pay for the fraud in any case. If they are responsible for the loss, either they'll take their chances and pay a lot only if they are the victims, or there'll be some insurance scheme that spreads the cost over the entire customer base. If Rogers is responsible for the loss, then the customers will pay in the form of slightly higher prices. But only if Rogers is responsible for the loss will they implement security countermeasures to limit fraud.

And if they do that, everyone benefits.

There is a Slashdot thread on the topic.

Posted on December 19, 2005 at 1:10 PM • 57 Comments

Comments

KevinDecember 19, 2005 1:49 PM

" Ms. Drummond's phone was cloned; there is no possible way she could notify Rogers of this before she saw calls she did not make on her bill. She is also completely powerless to affect the anti-cloning security in the Rogers phone system. To make her liable for the fraud is to ensure that the problem never gets fixed."

Her phone was not cloned, it was stolen. (not that that should make a huge difference).

"Ms. Drummond quickly determined what had happened: Someone had stolen her phone while she was away. She called Rogers Wireless, which told her there was nothing it could do, and she would have to pay the entire amount."

jayhDecember 19, 2005 2:22 PM

One simple step would be to prompt the user for a PIN at random intervals or if unusual activity were observed. Not foolproof but it would slow down low end theives

I haven't tested it but supposedly my Blackberry phone will erase itself and sut down if 5 incorrect passwords in a row are attempted. Seems like a sensible idea.

Ed T.December 19, 2005 2:27 PM

If she left the phone behind when she left on vacation, and it was stolen, then she would still not have known about it until she returned.

Note that the story seems to use both term ("cloned" and "stolen").

AGDecember 19, 2005 2:32 PM

The cell phone companies are the real criminals...
I don't know anyone who hasn't been stuck with a $400-$600 bill at least once for some strange "Plan" or "Coverage" issue.

Jerome LacosteDecember 19, 2005 2:32 PM

When it comes to lending you money, banks have a credit limit. Why not apply the same for phones?

Chose a company that allows a maximum bill amount per month. Let it go to a reasonable amount based on your usual habits (e.g. 3 * times your average bill) or a per person maximum amount when they buy the subscription.

My solution, even simpler: prepay the phone. I get an SMS when I have around 10€ left.

This works for children subscriptions, right?

Glauber RibeiroDecember 19, 2005 2:44 PM

Interesting new risk: the risk of leaving your cell phone behind when you travel.

AGDecember 19, 2005 2:49 PM

@Jerome Lacoste
That is just a great idea... BUT

My sprint PCS has a $250 limit. If I hit $250 my service turns off.

The month "I changed" my service my limit was doubled to $500 by their system.
Filed complaint, escalated, called back, filed complaint again (since the first complaint was 'lost'), called back, called back, DENIED with no explaination.
As a consumer I have NO RECOURSE I am stuck in a contract.

How can they possibly justify $500 worth of service!?! I have a PCS phone nothing special.

Bruce SchneierDecember 19, 2005 3:08 PM

"Her phone was not cloned, it was stolen."

That's what the article says, but it's ambiguous as to whether the phone was stolen or just the number.

Does anyone have any other information on this issue?

(Although I agree with you that it shouldn't matter much in the larger sense.)

Bruce SchneierDecember 19, 2005 3:09 PM

"There are a couple of updates to the story. Rogers has agreed to cancel the bill but Susan Drummond has refused the offer until Rogers CEO and founder - Ted Rogers himself comes to her house for tea. She wants to tell him face-to-face her problems with his company."

Fascinating. I like her already.

Davi OttenheimerDecember 19, 2005 3:22 PM

Hmmm, if I were the CEO I'd check the tea before I took a sip.

During an eval of a new cell-PDA last year a cell-company claimed it is "impossible" for the phone to be cloned.

I took it to Vegas at a certain time of year and just carried it on my belt to see what might happen. My first bill was over $300 for constant data downloads (sofware) and long-distance calls that I never made. I called the cell-company and explained the test. They dropped the charges but they also wouldn't explain the root-cause of the exposure/fraud. Since it's not clear whether the device or the service was at fault, we have decided to ban the former and more closely audit the latter.

So even if the phone company assumes liability a certain degree of incident transparency is still desireable for customers in order for them to make informed decisions about future risk.

LupusDecember 19, 2005 3:26 PM

Ehhh... Well, here is how it works in Latvia.
Basically the idea is that your account has a credit limit that you may cap at any given time. When subscribing to the service it is usually (varies with subscription type or whether customer is an individual or corporate) set around USD 80 (what represents about 25% of the average monthly income here) and if you have spent more than the limit you are notified ether by hearing a recorded message when attempting to call (you dial a number, but instead of hold signal you hear the message in three languages) or receiving a call from customer service. Also, if you don't react, outgoing calls are disabled for your account - you can still receive incoming calls.
Usually this situation is resolved by ether topping your credit (paying accumulated bill) or politely asking for a credit cap extension. In ether case the process is relatively painless and efficient. Also your credit over time is adjusted to your monthly bills adjusting it to ~3x your average mothly bill.
Also, of course, if your phone gets stolen, misused or you leave it behind with no pin-code request on you are responsible for all charges that could be accumulated on it, even if they DO top your assigned credit (altough so far I am not aware of a single case of such an event) to the moment where you have contacted the operator and shut your SIM card down (you can do that over the phone, and later receive a new sim card with your old number back - the way GSM was intented to be operated).
Kinda similar to the credit system by credit cards. And pretty sensible too. But then again - we are small country and institutions here actually may feel effect of bad publicity or financial impact of fraud - hell, we even had proper authorisation systems in the first internet banking systems we had (most popular being code card with ~40 different codes you are asked during various times + enforced password changing rituals every few months).

Davi OttenheimerDecember 19, 2005 3:40 PM

@ jon

Excellent link. Here were a few highlights I thought were useful:

"Ms. Drummond's phone had been stolen and was used to make 352 calls in a single month, most of them to foreign countries that included Pakistan, Libya, Syria, India and Russia."

They surely knew the jump in fees was an anomaly, and could have blocked it. One would think they might even offer a service to block calls to high-fee high-risk locations, or limit the amount per month...

"Ms. Drummond and Mr. Gefen also learned that Rogers has fraud-detection software that automatically alerts them to dramatic changes in calling patterns, but often 'lets the meter run' instead of protecting customers by shutting down phones that have been misappropriated, as Ms. Drummond's was.

Mr. Gefen, a technology journalist, uncovered those secrets by attending a fraud forum in Toronto last September, where he tape-recorded a conversation with Cindy Hopper, a Rogers security official who was apparently unaware that she was speaking with an aggrieved customer."

Probably not what Rogers thought they would get as a result of sending an offical to a security forum.

Paul ODecember 19, 2005 3:45 PM

The details from the story jon (3:03pm) cited seem to be the ones most media are reporting. The couple are insisting the company listen to what ordinary folks have to go through to "take on" a big company. Thankfully, they had the means and the will to do so, even though it took the media coverage to finally get results.

Additionally, Ted Rogers (CEO of Rogers Media) has apparently agreed to reimburse for various fees incurred to follow-up ... including for a particular conference where, apparently, a Rogers employee was unaware of the "disgruntled customer" in attendance. (I'm still searching for an online media source for that part.)

AGDecember 19, 2005 5:01 PM

LOL

For grins I went and looked at my Sprint PCS bill.

I WAS SLAMMED WITH:
PCS International Calling $5 a month

I got them to take it off and refund two months.

Went to the FCC website and submitted a Slamming complaint.

RogerDecember 19, 2005 5:29 PM

I think it does make a difference whether the phone was stolen or cloned -- albeit only a small difference out of a squillion dollar phone bill. If it was cloned, the cell phone company should be responsible for the entire bill, since there is no way Ms. Drummond can do anything about it.

But if it was stolen, then Ms. Drummond -- who has sole responsible for its physical security -- bears responsibility for it until either she informs the company it was stolen, or it becomes reasonably feasible for them to distinguish between legitimate and fraudulent use. The point when they can reliably distinguish the difference is certainly a heck of a long time before accumulating a $12,000 bill, but also isn't just the first, or even first few, overseas calls.

My cell phone has quite a number of interesting anti-theft security features. Some of them are built into the phone, others are part of the GSM specification (although different makes of phone may make them more or less easy to access).
1. a 4~8 digit phone PIN (which can be different to all the others) can be required whenever the phone is powered on. 10 wrong PINs in a wrong requires a factory reset. I turn the phone off whenever I'm leaving it somewhere, so I use this one fairly often; I have an 8 digit PIN which is derived from pronounceable nonsense typed on the keypad.
2. a 4~8 digit SIM PIN (which is the same as several of the rest) can be required whenever the SIM is powered up, or whenever it is powered up in a different phone. Once again, you get 10 tries. Mine is set only for phone change, and is an 8 digit random number which I don't know myself (it is stored on paper in a safe deposit box together with the phone's warranty etc.)
3. Outgoing international calls, international SMS, and pay-per-second calls can be prohibited unless a PIN (same as item 2, above) is entered. I never use such services from my cellphone so I have this blocked and don't know the 8 digit PIN.
4. Outgoing calls can be restricted to a preset list unless another PIN (potentially different to all the above) is entered. I thought this would be very restrictive and haven't used it but I since noticed that ~98% of outgoing numbers I use would fit in the maximum list length, so I might implement it with a mnemonic PIN.
5. Incoming calls can also be blocked on a whitelist or blacklist basis. The blacklist blocking might be useful if you were being harrassed by someone, but I think the whitelist is too restrictive.
With these implemented I find that in a typical week I enter a PIN maybe once (to power the phone back on after going to the cinema), and yet the phone is very close to useless to a thief.

MozDecember 19, 2005 5:29 PM

This is interesting. The network is GSM (see GSM below). There is no excuse for repeat cloning. It is true that the GSM authentication algorithm (A5) has been broken, but it's perfectly replaceable with any algorithm (only the SIM and the HLR need to know). You would then have to replace the CEOs SIM card, but that can be done under the guise of "magic new features" so he doesn't even have to know.

Having your CEO's clone repeatedly cloned suggests total incompetence or an insider job. I wonder if they encrypt and secure the Ki on their HLR..

(GSM) http://www.business.com/directory/...

MozDecember 19, 2005 5:34 PM

@bruce

Cloned vs. stolen. Even if physically stolen, it should be pin code protected. All phones offer that if turned off. Most symbian and many other phones offer that even when turned on. I find it difficult to believe that it stayed on for the whole time she was travelling (unless it was in a charger?).

Since the cell phone company normally choses the phone (since they subsidise) and definitely choses whether PIN code requests are forced, shouldn't they be responsible anyway..

MozDecember 19, 2005 5:37 PM

@roger

Did your phone company give you a free training course for that stuff; or are you a geek just like the rest of us? Whilst you and I may be responsible for our phone's security, how about my grandmother?

Jim HyslopDecember 19, 2005 7:01 PM

I'm not surprised at Rogers' behaviour (the company, not the person participating in this discussion :-). In addition to providing cell services, Rogers also is one of the largest cable service providers in Canada. Several years ago, when they added a bunch of new specialty channels, they let everyone try them for free for a while. Standard promotional stuff. Except! The promotion used what Rogers Cable called "negative option billing": after the promotion was over, you would continue to receive the specialty channels, and be billed for them, unless you contacted them and told them you didn't want the service.

That practise got them in a *LOT* of trouble with the CRTC (Canada's equivalent of the FCC) and resulted in attempts to introduce legislation prohibiting negative option billing (AFAICT the legislation never passed, unfortunately). It also prompted me to go out and buy a satellite dish for DTH satellite.

Ari HeikkinenDecember 19, 2005 7:12 PM

In case of abuse the problem with phone bills is how to prove their records wrong when they usually log everything and an ordinary customer generally has no convenient means to do it. Also, I'm sure that overcharging customers is daily as most people wouldn't notice little extra charges on their bill.

Gopi FlahertyDecember 19, 2005 7:25 PM

Every European GSM SIM card I have received had a PIN code pre-set that needed to be entered every time you turned the phone on. The package that the SIM came in includes a "high security" tear open or scratch off area.

I must admit that I normally turn that feature off - most of my SIM cards were prepaid ones with $5 or $10 in credit. However, a Vodafone prepaid SIM card I got wouldn't actually let me turn the PIN code off.

I recently left Germany, and wanted to do Internet banking from the US. I talked to my bank branch; they informed me that I needed to request a one time PIN booklet, and then, once I got it, I needed to go to my bank branch in person with ID before they'd be activated.

Unfortunately, I'd waited till a week before I left, and it would take too long to receive the mailing. They had no other way to do this - I _had_ to be there in person.

Security and convenience are always trade-offs in competition. While I was unhappy, I really couldn't complain; I appreciate good security, and have to accept that it may inconvenience me.

Jacob DaviesDecember 19, 2005 8:13 PM

"But only if Rogers is responsible for the loss will they implement security countermeasures to limit fraud."

Just to nitpick, but this isn't completely true, although I agree with the point that the most effective way of getting the phone company to handle it is to make them directly responsible.

But in both the other two scenarios you posit - no insurance (customers pay), or a 3rd party insurer - the phone company has an incentive to improve security. If customers pay, another company can offer indemnity from paying for fraudulent calls to customers and presumably customers will switch until Rogers offers the same service. If an insurer pays, the insurer will pressure Rogers to improve their security and fraud-detection and litigate in cases where Rogers failed to cut off service despite obvious fraud.

Neither of those is as strong a force as Rogers simply being directly responsible, but they do exist.

And there is some reason to make customers liable for calls made from a stolen phone, which is to encourage them to report thefts promptly and guard the physical security of their phone (which they alone are in a situation to do). But I don't think that outweighs the advantage gained if the phone company is liable.

WoodyDecember 19, 2005 8:16 PM

So far the discussion has been about GSM, but I'll extend it to CDMA. Cloning a CDMA phone can be trivial, if you have two things:

the id of the phone
the tool for programming ids for that phone

The scary thing is that for some series of phones, you can do this entirely through the keypad, so long as you know the secret incantation to get it into the right service mode.

In my previous job, I accidently cloned phones a few times (I was dealing with pre-production CDMA phones that lost thier IDs each time you flashed new firmware on them). Didn't cause much of a problem aside from the network gets pissed off when it figures out that you're in two places at once.

But with CDMA (and I think GSM), there's additional security that can be enacted. The networks have the ability to ask the phone for it's location, and minimum, they know what cell it's in at a given time.

So, for a given call, if you can prove you were in one state, and the "phone" was in another, then it's obvious the phone was cloned, especially if the phone ever shows up in more than one locale at a time (which would wreck havoc with the call routing systems).

cloning should definitely be a network/carrier problem, with them leveraging hard on the phone oems. With GSM, it's a bit more complicated, because the sims can be cloned, and that's the identity for the phone (instead of a supposedly factory-flashed ID, as used by CDMA). But again, they should be able to quickly determine that the phone was cloned when it shows up in two places.

Now, the situation of going on vacation, leaving the phone at home, and then a clone of that phone showing up is pretty nasty. Not much that could be done, asside from the "out of ordinary" checks on the calling pattern, but going on vacation often does that, unless they started monitoring much more closely, like seeing the phone go to the airport, etc. I'd rather they not do that.

But if I report it as stolen/cloned, I definitely want recourse, and the wireless networks are all evil greedy bastards in my book.

Jo_AvaDecember 19, 2005 10:02 PM

One of the main reasons I did not go with Rogers for my cell phone service (even though I have Rogers cable TV and internet, and could have gotten a "package" with slightly reduced rates), is because Rogers has NOTORIOUSLY BAD wireless customer service. Your discussion of this story simply confirms to me that Rogers doesn't really care about its customers, and doesn't take a long view of the kinds of solutions that will make their customers stay with them.

Chris SDecember 19, 2005 10:22 PM

Just watched the follow-up to this item on a national news report. Although the phone was stolen, she suspects that it was then cloned because it appears that many of the calls were made *from* Pakistan.

RogerDecember 19, 2005 11:15 PM

@Moz:
The basic SIM security (SIM refuses to work in another phone) was on by default when I received it, albeit with only a 4 digit PIN. The rest I worked out from the manual which came with it. Yes I am a geek, and many users would have a lot more trouble than I did, however I would rank it "significantly easier than programming most DVD players". More of a problem is that most users probably don't even realise these features are available (nor read the back of the manual to find out), and the phone companies are not eager to advertise that in many cities, cell phones are the number one target of muggers.

Most phones nowdays can talk to a PC one way or another. A nice 3rd party product might be a Knoppix CD which boots on the PC and knows how to talk to most brands of phone, and has simple "wizards" like "Setup your new phone" (includes enabling security features), "Backup/Restore/Manage your phone", and "My phone has been stolen! What now?!". Sure, some phones already come with stuff like this but it usually runs from Windows (like I'm going to plug my $900 smartphone into a windoze box!) and is heavily oriented to the "download new ringtones for $5" sort of junk.

jammitDecember 19, 2005 11:57 PM

This is a problem I find with most large corporations. They make it easier to prove you owe them than it is for you to prove you don't. They basically have one section charge everybody, and have multiple sections for handling billing errors.
As far as weeding out cloned phones, I don't know how this could be implemented, but here's my idea. What if your cell phone only made a request to make a call? How I think it might work (if both cloned and real phone are turned on) is my phone calls out to say "555-9999 wants to dial 555-1212". The cell phone company computer basically rebroadcasts to all phone networks "does 555-9999 want to call 555-1212"? One phone will say "yes" and the other will say "no". Big problem is that the amount of traffic will go up in a bad way. I suppose it could be used only when a weird call is made for extra verification.

MathFoxDecember 20, 2005 4:29 AM

"PIN" protection is of limited value for a mobile phone as there are several tricks to recover or bypass the PIN. This problem can only be solved if user authentication is moved to the network; currently the key is stored in the phone, stealing the phone implies you obtained a copy of the key too.

pigletDecember 20, 2005 8:21 AM

"As long as Rogers can get others to pay for the fraud, this makes perfect sense."

At least in this case, Roger's greedy strategy was stupid. The bad publicity is worth so much more than the 12000$.

Mike SherwoodDecember 20, 2005 8:25 AM

The only way to make these companies care about fixing the problem is to make it expensive. If the phone was cloned, as opposed to stolen, this is just another variation on the identity theft problem. The companies profit from the fraud, so they have a disincentive to help the customer. I would think a pretty effective way to counter these problems is to take the company to court and sue for the amount they're claiming and several times that in punitive damages. Any jury is going to be able to relate to the bad customer service. I also think they would be able to see how the company is an active participant in the fraud against the individual once you lay out all of the facts. The problem with this approach is that it's expensive. Unless a group of lawyers want to help fix these kinds of problems, it's never going to get better. The customers can't afford to take on the companies in court and the companies use that to their advantage.

pigletDecember 20, 2005 8:31 AM

It is amazing that big corporations still don't understand the risk of public relations desasters. Btw I have a bone to pick with Rogers myself. I got a Rogers "pay as you go" phone, which I use rarely. Only, this phone doesn't work in the USA, only in Canada, and of course, they didn't tell me. So in one of the cases when I really needed it, it didn't work. I guess they don't really like customers to use prepaid cards (of course they are shamelessly overprized too). Fuck them Rogers.

another_bruceDecember 20, 2005 11:08 AM

duuuudes, no problemo! i'm like a top, top, top executive in my small firm and nobody wants to shut off my phone because i'm like, armed, and sometimes i wax wroth at disrespectful corporations. my cellphone is a p.o.s. pay-as-you-go tracfone which i rarely use anyway, like, here in rural oregon hipness isn't measured by talking when you're walking, we like, call those people fools. if i were on a contract phone and got a $12,000 bill i'd have some fun with that in court, like, i'd take some extensive discovery, requests for production of documents, requests for admissions, interrogatories and like, depositions, the best of all, and they would have to document every single one of those calls to pakistan, and explain their fraud detection program in detail, and right in the middle of the trial i'd like, whip out my cellphone, attach it to a speaker and call ted rogers for the sheer amusement value. surf's up!

Davi OttenheimerDecember 20, 2005 11:21 AM

"This is a problem I find with most large corporations. They make it easier to prove you owe them than it is for you to prove you don't."

They often have a data integrity problem at heart, which leads to poor judgement about how to differentiate and treat customers.

Here's another personal example. At the start of 2005 I was told by a POTS rep I should add the option for long-distance to my phone for free. I never use long-distance (I was actually about to disconnect my line entirely), but they insisted there was no reason not to take a "free" service. I should have known better, right?

They offer online billing and sometime around August or September a new $2 fee started appearing on my bill. It didn't stand out at first (for obvious reasons) but but in November I called to find out where this $2 was coming from. They told me they had changed their plan to fee-based and I would either have to pay the new per-month charge or pay $7 to exit the plan. I was not impressed, especially since neither I nor any of the service reps I called could find ANY notice of the change. Even the managers were unable to find the notice, and some even complained of a system upgrade that made it impossible to find information anymore.

To make a long story short, I ended up contacting the Attorney General's Office who was able to get a POTS agent to call me personally and refund the paid fees and allow me to exit the plan without cost. The really odd part, I guess, was that this rep told me the local-toll fees that they were billing me were out of their control. It almost seemed like a "when in doubt, bill the customer and hope they don't notice" strategy. I wonder how many others were assessed this $2 fee and haven't noticed? I almost feel like one of the few land-liners around anymore as most friends of mine have disconnected entirely, due to this and all the privacy-related issues...only to end up in the hands of the cell giants.

RogerDecember 20, 2005 8:48 PM

@jammit:
"They make it easier to prove you owe them than it is for you to prove you don't."

Another aspect of this is the use of over-the-phone and over-the-internet connections. Very convenient. Also very dangerous. If it comes to a dispute, the consumer has no documentation at all to support his position, unless he recorded the call (which is criminal offence in most places).

Meanwhile the phone company invoice isn't over the phone; it's good old fashioned paper. So don't do untraceable contracts; get it in writing!

zaraDecember 21, 2005 5:24 AM

> At least in this case, Roger's greedy strategy was stupid. The bad publicity is worth so much more than the 12000$.


Well, for one that goes to the headlines, how many others have they pocketed ?
They go into damage control for this one, but I bet the amount they got thru this kind of stuff has to be much higher, so you should compare the bad publicity with *this* amount. Which is unknown...

BHikesseDecember 21, 2005 10:52 AM


It would be something like, say, you'd never called long distance before and suddenly your phone gets, uh, nonstop to India,��? she replied.

“What happens after that point?��? Mr. Gefen asked.

“Someone calls the customer and asks them whether they're really doing that or whether someone's stolen their phone,��? she said. Ms. Hopper said that if a customer can't be reached, the company sometimes cuts off the phone's long-distance access to prevent further fraud.

They called the customer through the cell phone. The 'terrorist' replied he was really doing that and his phone was not stolen. ;-)

collectcallDecember 21, 2005 6:20 PM

Phone carriers need to be responsible for fraud and mistakes. Several years ago, I accepted a collect call from my sister using my home phone. My sister was shopping in Chicago, I lived in Indiana. I talked to my sister for a few minutes and then hung up. When I got my phone bill I was shocked. It showed five or six totaly unrelated charges (between different cities) starting within 5 minutes of the original collect call. I contacted the phone company whose customer service told me that my calling card must have been stolen (this was the card sitting in my dresser that had never been used). After a few minutes of discussion, the charges from the "stolen card" were removed; the customer service rep would not admit that the billing system had screwed up.

sizeproJanuary 3, 2006 2:14 AM

Three phrases should be among the most common in our daily usage. They are: Thank you, I am grateful and I appreciate.

penelopeMay 31, 2006 1:14 PM

phone text: 917 608 7624 you people have no idea what you are talking about. George Bush is the greatest president ever in the USA. He is saving us from terrorism.

I hate all you people. Why don't you go fight then in Iraq for our freedom?

We are going to get Osama just watch. You people should be sent to siberia to live with no money you freeloading assholes.

penelopeMay 31, 2006 1:16 PM

phone text: 917 608 7624 you people have no idea what you are talking about. George Bush is the greatest president ever in the USA. He is saving us from terrorism.

I hate all you people. Why don't you go fight then in Iraq for our freedom?

We are going to get Osama just watch. You people should be sent to siberia to live with no money you freeloading assholes.

anonymous loveMay 31, 2006 1:59 PM

I need sms stock quotes sent to me hourly to my cell phone for cheap. anyone know of a service to send to me? (917) 608-7624. Thanks, the lady in red.

George P.June 27, 2006 12:32 AM

Latest update on the story: Time Magazine listed the couple in their June 19th "Canadian Heroes 2006" issue.

peterAugust 31, 2006 10:48 AM

We are dealers and distrybutors and sellers of mobile phone, like
,NOKIA, SAMSUNGS, PANASONICS,
NEXTEL, MOTOROLAS,plasma tv,palm treo,imate jasjar,lcds,television,
LG,cameras,ACATEL,laptop,ipod, tom tom go 700,nokia n
gage,O2 3G Datacard,Panasonic,xboxs,
we are based in the UK, registered in UK,(Z11 ENTERPRISES LIMITED UK )
we us credit facilities to bulid our net work, all over the world.Our
price are very affordable,cheaper compeard to other mobile phones
dealer ,below are samples of ou products they are subject to
negociations.REPLY VIA EMAIL (z1telecomltd@yahoo.co.uk ,dati@outgun.com )

Brand new Nokia n92 **** 200usd
Brand new Nokia n93 **** 220usd

Play Station 2 ...........$140usd
Play Station 3 ...........$180usd

Brand new Samsung D600 $ 220 USD
Brand new Samsung D500 190 USD

Brand new Motorola V8 **** 160 USD
Brand new Motorola V6 **** 160 USD

I-MATE JASJAR ........ $280
I-MATE K-JAM ......... $180

SONY VAIO A217S-- 100GB-- 512MB RAM-- XPHOME-------------$500
FLYBOOK NOTEBOOK - WI-FI--GPRS-- BLUETOOTH-- 1GHZ (YELLOW)--$500

Qtek 8100 =$250
Qtek s110 =$210

sidekick 2.........$150usd
side kick 3........$200usd


Play station 1......... $90
Play station 2 ....$110

apple 4 gb ipod mini blue m9802ll/a-------$64
apple 60 gb ipod photo m9830ll/a--------$86

Canon ixus 700 digital camera= $200
Casio exilim ex-s500 digital camera (orange, )= $230

palm onfiltered= $140
palm one zire 31 = $65


Panasonic TH-42PD50U 42 Plasma TV 852 x 480 = $500
HP PL4245N 42" HDTV-Ready Plasma TV --$730


Panasonic TH-42PD50U Television.....$400USD
Sony KLV-32M1 Television.........$300USD

Delivery Time:
We delivery the products purchased directly to your doorstep 48hours
after the confirmation your payment! We ship the consignment via
DHL/FEDEX/TNT/UPS or any other courier services.
We do shipment to anywhere in the world, all we need is your full and
direct shiping detailed information.
Once again, we want you to know that all this products are BRAND NEW ,
working perfectly,all comes with 1 years warrantees.
and with This prices, we hope you will find out that we have the best
thats it takes to be. We would love to keep a very strong business
relationship with you as we await your product purchase update list.
Thanks and best regards as you get back to us with your purchaseorder
update,
,Payment above $5000 is payable via BANK TRASFER while payment below
$5000 is payable via western union.

THANKS
peter

sandySeptember 14, 2006 12:43 PM

I cannot help but wonder why the legistlation to prohibit negative option billing did not get passed. What could we do to get this corrected. Does anyone know who introduced the bill and what the vote was?

YossiOctober 22, 2006 5:10 PM

My son's recent Sprint phone bill shows calls made to a foreign country, which he did not make. He was in New Jersey at the time, the phone was in his possession in his in-laws house. All of these people are Observant Jews, and a lot of the calls were made on the Sabbath or Holidays when Jews do not use phones. The bill says the calls originated in NY. If the phone was in NJ, it seems pretty obvious that someone has cloned the man's phone. We are talking about $450 in fraudulent calls made on his number but not with his phone. Creepy.

LORIOctober 25, 2006 11:14 PM

im not sure how the cloning thing works...i got a court summons and am going to trial in a couple of months for allegedly calling some people at all hours of the day and night. i have allowed others to use my phone before, but not to the extent mentioned in my summons AND i do not know the person who filed the charges...we have never met. i was on vacation for a portion of the time the calls were made from my phone, but had my phone with me and i know i did not call anyone out of the ordinary. unfortunately i do not check my sprint bill each month, and my payment is automatically deducted from my account. i'm not sure what will happen, but am very afraid...i didn't know things like this could happen. any advice would be appreciated!!!

Kiara CoreasFebruary 28, 2007 9:00 AM

how many types of companies are for cellphones? and How many peope in the United States have cell phones?

Pissed OffJune 1, 2007 11:52 AM

I have been reading all the comments listed on this page. I am very interested in the Fraud Charges on cell phone bills pertaining to Sprint.
I have been a Sprint Customer for over 8 years and in the last 1 1/2 years I have had nothing but Severe Migraine headaches with charges on my cell phone bill that I didn't make or phone calls that I didn't make. These headaches started when Sprint started to buy out Nextel. The first fraud charges that were on my cell phone bull took me 4 months and numerous phone calls to sprint to finally get the problem fixed. Now I have 2000 daytime minutes in April there were phone calls placed using my cell phone number that I didn't place. It was only brought to my attention because it brought my bill up over 190.00 dollars more then what I pay. Sprint is telling me that I am responsible for these charges, I said NO I am not, and have told them that I refuse to pay for fraudelent phone calls that used my minutes and made me go over my 2000 daytime minutes. I have talked till I am blue in the face and still they refuse to do anything. I keep telling them somehow someone stole my cell phone number ( as u call it cloning) but they continue to put me at fault. I think all should just bann sprint/nextel as a cell phone provider, they don't care about their customers and they call us liars. I will not stand for this, and will take it further. I will be reporting them to the BBB and the FHA.

pissed off 2October 23, 2007 11:22 PM

I have also been a victim of cell phone fraud and Verizon might as well called me a liar when I told them we did not subcribe to this SMS company. I cancelled all text messaging from all 3 phones but somehow I still had some charges and was informed that they would send a request for a credit for some of the charges but were not certain if they would be approved. This cell phones companies are crooks as much as the crooks themselves because they can avoid fraudulent charges and should take responsiblity and protect their consumers just like credit card companies already do for fraud. But why should they change they are making millions from people like us. Maybe, we all should just return are phones and do without them like we did a few years ago. Somehow, we managed not having them. All companies these days are greedy and the American people are putting up with it. I am tired of being made a fool of by big corporations that do not give a damn for the hard working middle class people. But I feel helpless and hopeless when it comes to these companies. Please advise me on how we can all unite to fight these big corporations.

maryDecember 25, 2007 11:49 PM

Does anyone know if a number is blocked when calling a cell phone if the number will still show on detailed billing?

darwinJanuary 21, 2008 2:02 PM

We too have been a victim of the cell phone companies. Our phone was gone for 1 week before we realized it. We called to suspend service and was told we had $2800.00 in international charges. When asked why the phone was not shut off or we be notified of these unusual charges we were told they do not monitor calls and we have excellent credit. I do not want them to monitor my calls, but when our usual bill is $45.00/month and we have never made an international call I believe something in the system should be flagged and the phone shut down until the customer service dept is contacted with the appropriate password. No one would remove any international charges and when I asked about payment arrangements T-Mobile said we could pay 1/3 every 14 days. Not much of an arrangement if you ask me. I feel very strongly that these cell phone companies are simply profiting by someone's victimization.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc..