Update: Sprint accounts being hijacked to make long distance calls

If you are a Sprint user, make sure to check your bill closely.  Sprint customers have begun to see items showing up on their bills for long distance calls that they did not place, and are now being charged in excess of $1000 in some cases.

The bogus long distance calls are originating from Sprint cell phones and are connecting to cities in the Caribbean.  A previous long distance scheme that came out of the Caribbean required the Sprint user to actually make the call. This scam is completely unknown to the user until they receive their monthly statement.

There are many explanations for why this may be happening, but one possible cause could be unsecure PIN numbers.  The idea is that people who have unsecured PINs, such as 12345, may have been hacked.  After acquiring the PIN it may be possible to dial out from the voicemail prompt using the cell phones number. If true, this could be how the hackers are using the phone numbers to generate the fake calls.

 

Reports of unwanted calls are beginning to pop up on the web.  Our tipster, who asked to remain anonymous, has provided us with a screenshot of his bill that clearly shows the outbound calls.  Also, a quick search on Twitter reveals that other users are facing the same issue. 

Neowin asked Sprint about the issues and a spokesperson confirmed Sprint are working on cases of fraudulent activity. 

“Sprint is not alone in the wireless industry among carriers that have been affected by these types of fraudulent activities. Our teams are working proactively to identify these cases and address them before customers are affected," said a Sprint spokesperson. Sprint also confirmed they will not hold customers responsible for fraudulent calls placed on their accounts. While the issue is currently being worked on, if you find yourself a victim you are advised to contact Sprint immediately.

Update:  The victim above has informed us that Sprint has now cut off their line because of the balance of bill being too high.  Essentially, they want him to pay the bill to resume his cell phone service, but if he does, the hackers would be able to continue to make the expensive calls. 

As mentioned by one of the commenter’s below, they had a similar issue but were eventually credited for the calls.

Report a problem with article
Previous Story

Ubuntu shows off new "Light" theme; brown is history

Next Story

Google adds email notifications to Wave

31 Comments

Commenting is disabled on this article.

I put the blame mostly on the people who use 12345 for their pin. I'm sorry, but i have no sympathy for laziness and stupidity. Now if they were actually hacking pins with complex numbers in them, then i'd put the blame on Sprint. Seriously though, 12345... anyone else think entry code to Druidia's atmosphere ? and President Skroob's luggage

Sprint has, and will always have, the worst Customer Service. I had nothing but issues with sprint for the 4 years I had service with them. Any sort of billing issues, just forget about it. I had hundreds of dollars in charges on my account over the years that required me to call them and ask "WTH is this $40 charge this month, or why did I get billed for 400 text messages with unlimited texting" etc. Cheap prices and great plans/coverage dont make up for horrible customer service and cut throating every aspect of your bill. Its just to bad that T-Mobiles coverage sucks, they have the best customer service period.

There was a scam going around almost a year ago that hit especially Rogers and Fido in Quebec, Canada that I know of. You'd get a phone call with an automated message in spanish. Most of us don't know spanish at all so we'd hang up as fast as possible, scared it might be some reversed call charged or what-not, either way, we knew it was a scam. The only person I knew who spoke spanish that got the message said it was asking for the caller to call at a certain number for a random reason. About 90% of the people I knew with an account with Rogers or Fido got this call within a few days. I never heard what/who was behind this, I saw nothing in the news about this. Anyone remember this happening to them?

Yukupo said,
12345? That's amazing! I have the same combination on my luggage!
Do I detect Spaceballs movie reference in that quote? :P

This is pretty scary. I really hope no one has a problem disputing the charges. In the past, I have had a few issues with Spring. I've recently been thinking of dropping them. It would make traveling a bit easier. The only thing is, they are fairly inexpensive and where I live, the connections are really solid.

Sprint is dying and they don't want to help/keep their existing customers. I am leaving sprint at the end of the month. I been with them for 12 years and I am very disappointed with them.

xchaser said,
Sprint is dying and they don't want to help/keep their existing customers. I am leaving sprint at the end of the month. I been with them for 12 years and I am very disappointed with them.

See, I'm the opposite. I consider them the lesser of 4 evils. I don't deny that I've had some occasion to call CS over the past 8 years but still, their prices cannot be beat. They always had the best smart phones in the past and even now are on par with the competition (will be even better when the Supersonic comes out this summer). Their coverage is second only to Verizon in the US and we roam for free on that network when we do head out to some non-Sprint area out in the boondocks.

Every two years I check out the competition but I always would end up paying a good $30-45 more per month for the same service and I just can't justify that.

I feel like this is one of those self-fulfilling prophecies. Sprint just can never shed their image as an also-ran and they have kept prices low and fought for handset exclusives to try to stem the tide but it is no match for the dual marketing juggernauts of Verizon and Apple/ATT.

neodorian said,
See, I'm the opposite. I consider them the lesser of 4 evils. I don't deny that I've had some occasion to call CS over the past 8 years but still, their prices cannot be beat. They always had the best smart phones in the past and even now are on par with the competition (will be even better when the Supersonic comes out this summer). Their coverage is second only to Verizon in the US and we roam for free on that network when we do head out to some non-Sprint area out in the boondocks.

Every two years I check out the competition but I always would end up paying a good $30-45 more per month for the same service and I just can't justify that.

I feel like this is one of those self-fulfilling prophecies. Sprint just can never shed their image as an also-ran and they have kept prices low and fought for handset exclusives to try to stem the tide but it is no match for the dual marketing juggernauts of Verizon and Apple/ATT.

+1 Unfortunately xchaser will realize it about a month too late, once one of the Juggernauts has him locked into an overpriced, under-serviced 2 year contract.

this happened to us MONTHS AGO! our phone bill is almost $5000!
but anyway it was a long process but we were credited, and acknowledged that there is this fraud thing going on in our area.

but the downside was everytime you make an international call, they think it is a fraud so they will temporarily deactivate your account!

Michael Jacob said,
but the downside was everytime you make an international call, they think it is a fraud so they will temporarily deactivate your account!

Oh good grief... That sounds like a pain in the butt for sure...

I'm glad you got it credited though...

I'm work for a long distance carrier, and i can say that this doesn't make sense.
1. The Voicemail dial out feature is very common, and odd for a large company to allow it, unless it's required for "reply to" functions, which, on a mobile isn't available [In a pbx meaning] and regardless, the call patterns are confusing. A few outliers, but most calls are a min or 2 at most, never concurrent [which means the operator doesn't have/provided blind transfer] and even then, a blind transfer continues to get billed. And all the calls where to mobiles, which have the highest long distance tariffs, so my guess would be a mobile telecom operator in one of those countries who charges a high interconnect fee, and VoIPs in to Sprint exchanges [As telecom operators buy exchanges, so it's not uncommon for anyone with a 648 exchange in area code 232 to be AT&T [Example, don't actually know who owns the exchange], breach the Voicemail, and call back to them selves, as VoIP charges are negligible, like 5¢/min to Jamaica [example] so they reap a 10¢ profit.... I'm a security officer, it's my job to think of these things. This isn't a how to because it's an easy to fix issue, Sprint just needs to step up, and click on a check box.

lee27 said,
Off topic......

Anyone having problems getting to the forums?

All I'm getting is some crappy ad


Nope. It was slow but now it's fine.

You can dial out from a voice mail system? wow... I've never seen any of my providers let you do that from something that wasn't the physical device you had... seems ridiculous that you can call the voice mail number, enter their phone number and their pin then make a call on their account from that.....

neufuse said,
You can dial out from a voice mail system? wow... I've never seen any of my providers let you do that from something that wasn't the physical device you had... seems ridiculous that you can call the voice mail number, enter their phone number and their pin then make a call on their account from that.....

Yeah, I thought that was bizarre too. I HAD Sprint for about a year and didn't even know about this "feature"... Of what use could it be?

NXTwoThou said,
+1. If anyone is using that feature, why? Can Sprint disable the feature for all customers and people call to re-enable it?

I believe how they're doing it is, calling the compromised number then leaving a message. After that, they access the voicemail and use the return call feature, that I assume many cell companies have.

I wonder why the Caribbean? Are the rates to there high and the thieves are getting some kind of kickback like with the old modem dialer malware?

GreyWolf said,
I wonder why the Caribbean? Are the rates to there high and the thieves are getting some kind of kickback like with the old modem dialer malware?

Some areas down there have very high pay per call rates... like a 1-900 number in the USA... so they get money for each minute on the line... there is one down there that is about $40 a minute, and I think at one time there was a $90+ a minute number down there... so the number made a profit from the call

neufuse said,

Some areas down there have very high pay per call rates... like a 1-900 number in the USA... so they get money for each minute on the line... there is one down there that is about $40 a minute, and I think at one time there was a $90+ a minute number down there... so the number made a profit from the call

Holy crap!

Andrew Lyle said,
It sound kind of sound like an easy password hack.. But I may be wrong.

Really - this is probably the key information right here. Weak PINs for accounts. Faults on both sides really. Fault of the end user not changing it to something other than a simple 12345, and I believe Sprint as well, for not enforcing such a rule. Basic password policies prevent these things from happening (assuming this is truly the case of the hacking here).