Scammers making use of Telstra landline bug – Part 1

TL;DR – When someone calls your landline, they can prevent you from hanging up, and intercept calls you make afterwards.

There is a bug lurking on Telstra’s landline telephone system which scammers are making use of. The scam is described in The Age; it usually runs like this, where a scammer (the A-party) calls a victim (the B-party):

IMPORTANT NOTE: If you are receiving malicious calls, speak with your telephone provider (most have procedures to trace calls). If these calls are life threatening, call the Police on 000, within Australia.

On the phone to the "bank"

Telephone fraud

This is the Rolex Store manager here. Someone has attempted to use your credit card here. Please call your bank straight away and cancel your card.
Thanks. (hangs up) [NOT TRUE: Call is still connected because A-party has not hung up]
(picks up receiver, hears dial tone) [NOT TRUE: Scammer is playing fake dial tone]
(Dials the number, hears the usual bank menus, and gets through to someone [Actually: the scammer’s mate].
The scammer’s mate tells a false story of an attempt to withdraw the entire victim’s savings account and pretends to place "Red Alerts" on the account.

Some days and several calls later, the victim is told the only way to protect the money is to transfer it to a "Safety Deposit" account with Barclays in the UK until Police investigations are concluded. Several victims have complied, losing $5m in the process.

While the Fairfax media (The Age) goes into the fraud in some detail, they only make cursory mention of a "long-held" cold-call scam, and they don’t even identify it as a bug.

A Software bug

The bug is that when the B-party hangs up, the call does not disconnect. It only disconnects if the A-party hangs up, or if a timeout expires[1].

It is a very nasty bug, because most people believe that if they initiate their own call to the bank (or Police), the call is safe. The bug does not occur in New Zealand; the call disconnects as soon as either party hangs up. This has always been the case (30+ years)[2] [3].

Like any security bug in Linux/Firefox/Windows/Oracle/etc, the question naturally arises: when can we expect a fix, and what are the precautions/workarounds?

It is Telstra’s responsibility to fix this bug.

UPDATE Part 2 – how to test your landline for the bug, and ways to protect yourself is now available

Links and Footnotes

4 thoughts on “Scammers making use of Telstra landline bug – Part 1

  1. PJB

    It is called A-party release and it’s not a software bug, it’s a feature purposely designed into the exchange operation to replicate historical funtionality. The phone system here has always worked that way. B-party release was an option that used to be set up to trace malicious calls. Prior to computerised call control, Technicians would need to literally trace out the wiring and switch connections from exchange to exchange in order to identify the offending caller’s number. To allow time for this, the B-party’s line was reconfigured and they were told, in case of a nuicance call, to leave the phone off the hook and use another phone to notify police. This would lock up all the switch equipment used to establish the connection and allow it to be manually traced to the source.
    The wrinkle here is that someone’s realized they can pretend to be an exchange and fool the caller into thinking they are calling someone else. I’m surprised it took this long.

  2. Nick the Geek Post author

    Hi PJB,
    Thanks for the clarification. Remembering that if something operates differently to expected, it’s called a “bug”. Is it right to say this is the way that people expect it to operate?

    Can we now say that “times have changed”?

    Alternatively, do service providers have an obligation to accurately describe the service (including A-party release)?

  3. Anonymous

    There is a very easy work around on this method. Hit flash recall and then connect to any other number.

    Then you can go back to the offending caller recall 2. Then hit recall 1 bang the offending party has gone

Comments are closed.