|
Date: Thu, 24 Oct 91 09:38:59 +0100 A brief note in a local newspaper the other day told the story of a simple but effective scam to draw money out of public institutions. A couple in southern Sweden set up a "singles hot-line" service using a 071x-number (our equiv. of the 1-900-numbers in the US where the Telco and the called party split the charges paid by the caller). [note to moderator: fell free to correct if I'm mistaken about the number] Apparently, the income from this hot-line was not enough to satisfy them so they decided to increase revenue in a simple but effective fashion. They went all around town to libraries and other public buildings, looking for phone extensions that were not too closely guarded. They'd then pick up the receiver, call the hot-line number and leave the phone with the receiver off-hook. One extension in a library was reported as having been connected to the hot-line for over a week! At a cost of over $0.50/minute, this came as quite a shock to the people in charge of economy at the library when the bills arrived, some months later. The RISK of this is the old one of not letting a stranger use your phone but with a new twist. Normally you'd be worried about him actually USING your phone to call long-distance. In this case, it was enough for him to merely initiate a call and then go away. How many employees in a large office will think twice about a phone being off-hook? Most people will simply assume somebody else is using it and has gone away temporarily. As long as the phone in question is not on your own desk, you're not likely to replace the receiver. Many modern phone systems offer their subscribers blocks against calls to certain numbers or area codes, forcing users to either "unlock" the phone with a certain code sequence or to order e.g. international calls through the switchboard operator. This opens up a new can-o'worms in the matter of personal integrity and your boss knowing who you call, but it prevents the kind of abuse described here. However, it requires somebody to explicitly request this locking service for an office/PABX/whatever. The default, as that library found out the hard way, is to have all calls enabled.