How an online scam could run up your phone bill
By Robert Vamosi:
Senior Associate Editor, Reviews

Have you recently noticed any expensive calls on your phone bills that you didn't make? If you use a modem to connect to the Internet (and, in some cases, if you're a broadband user as well), this may be the result of an online scam that's been occurring in Europe for some time. If you haven't fallen victim to this scam, and if you're careful, you should be able prevent it from happening to you.

The scam involves tiny Trojan horses that are installed on your PC without your knowledge--and which then run up your phone bill by dialing for-pay numbers. They're able to do this in part because of security holes within Internet Explorer.

THESE SOFTWARE phone dialers do have legitimate uses. They're often used by sites that offer pay-per-view content, such as interactive games, sports trivia, or pornography, as a way to keep track of the minutes you've used and to charge you on your phone bill.

It works like this: The site asks you to download a small applet containing the dialer. Once loaded on your system, the applet disconnects your ISP service and dials the pay-per-view site. You are then charged for however many minutes you remain connected to the site. The fact that you downloaded and installed the app is considered consent for the telephone charges.

The problem is that sometimes dialers are installed on your system without your consent, and change your dial-up settings to call expensive long-distance numbers. This scam is usually perpetrated by fraudulent companies that set up sites full of ActiveX multimedia content. Should you visit the site or click a pop-up ad for the site, the dialer would be downloaded onto your system along with the rest of the site's content. The only possible clue this has happened to you is the appearance of pop-up ads from sites you don't use; the real proof is the extra charges on your next phone bill.

These fraudulent companies have two ways of running up your phone bill. One is a high per-minute charge (as much as $5) for allegedly using their service. This appears on your phone bill but actually will be paid to the company. The other is to have your computer make direct calls to international numbers. If you complain, your phone company may be willing to forgive the high per-minute service charges, because they're used to scams that take advantage of their customers in this way. But they're less likely to forgive the charges for the direct dialed numbers, because it's harder to convince them that you didn't call the number yourself.

SO WHAT DOES Internet Explorer have to do with this? It's a flaw in this browser that allows the scam to work. The flaw, discovered by security company eEye Digital Security in August 2003, allows Web site visitors to unknowingly install malicious code, including dialers, from compromised sites. Because of the flaw, Internet Explorer doesn't distinguish between legitimate ActiveX content and malicious Trojans.

While Microsoft has issued a patch for this flaw, several security experts insist the patch does not solve the problem, only the immediate symptoms. And, to make matters worse, there's also a new Trojan horse, Qhosts, that, while unrelated to dialers, makes use of the same IE flaw to change the way infected users look up Web sites on the Internet.

It's not only dial-up ISP users that are vulnerable to this scam, but some DSL and cable-modem users too. How? In some cases, 56K modems (either internal or external) remain connected to active phone lines even after broadband service is installed on a computer.

MY ADVICE to DSL and cable-modem users is to remove the phone line to your PC's internal modem, and, if you're not using it, to remove your external modem all together. If you need your modem for receiving faxes on your PC or other purposes, then crank up the volume so you'll be sure to hear every time it dials a number.

My advice to everyone is to download and periodically run Spybot Search & Destroy, a free anti-spyware app that removes virtually all known dialers from your PC.

By and large, the Internet is safe to surf, but even I am surprised at some of the things Spybot finds loaded on my PC. Yes, it's a bit of a hassle to run one more app, but it's like maintaining a car. If you don't periodically clean it out, it might not run one day--or worse, it may end up costing you a small fortune.

Have you been a victim of errant phone charges or any other online scam? What happened? Do you have any other tips for other users? TalkBack to me below!

ZDN