Is There a ‘Terrifying’ New Wangiri Fraud?

Wangiri is not new, and the concept is simple. A fraudster dials a random number then immediately hangs up, with the intention that the victim wastes lots of money when they call back to a premium rate line. The name derives from the Japanese words for one ring before the line is cut, and on the internet I can find references to wangiri that date back to 1996. But recently there has been a surge of British headlines about a ‘new’ kind of wangiri. Is there really a new kind of wangiri that nobody has previously experienced or can currently explain, or is the British press guilty of mixing speculation with exaggeration?

This is how the Daily Mail explains this ‘new’ scam:

The terrifying new mobile phone scam that leaves you with a £300 bill for calls you never made

In every case seen by Money Mail, involving Vodafone, EE and O2 customers, the scam begins with the customer receiving a call from an unfamiliar number that starts with 0845 or 0843.

The customer never answers — the call typically lasts just a fraction of a second — and it’s recorded on their mobile handset as a missed call.

Weeks later, the bewildered victim receives a bill showing they called that number back — and owe a huge sum.

In almost all the cases we have seen, the return call supposedly made by the customer is shown to have lasted between three and 12 hours.

Yet the victims have no recollection at all of calling the number on their bill. Many say they didn’t even see the missed call, let alone ring back. Others say they did notice a strange number pop up on their phone, but just ignored it.

Obviously this is just like wangiri – except the customers claim that they never called back. The whole point of wangiri is to leave a number and rely on human curiosity to prompt the victim to make an unnecessary and expensive call. And whilst wangiri fraudsters use cunning techniques to keep victims on the line for longer, it is hard to understand how these mystery calls can last 12 hours before the victim hangs up.

The Telegraph’s description of the scam is very similar, and they also speculate as to how the call was made.

[UK regulator] Ofcom has launched an investigation into mobile customers being targeted by a new scam which can leave them with a bill hundreds of pounds for a phone call they insist they never made.

Some victims have been hit with bills of more than £300 for calls lasting up to 12 hours, which they only discovered after receiving an itemised bill or a text message telling them that their phone is blocked due to high usage.

One theory is that hackers are gaining access to mobile users’ accounts and making fraudulent calls in their names. Vodafone denies this suggestion.

I can understand why people might jump to this conclusion – though neither newspaper states which expert is the origin of this ‘theory’. If nobody made the call that would imply the phone made a call without human intervention. But there is an obvious problem with the theory: if hackers can take control of your phone and use it to make a call, why do they bother to call you first? They only make the fraud more obvious by leaving the initial call. And why make a call for 12 hours, when they would probably do better by racking up lots of short calls that would not lead the user to exceed the network’s high usage limits?

There is another possible explanation that the newspapers will be less keen to offer. Perhaps the victims did make the call, and they are denying it because they fear being held liable for the bill they incurred. Both newspapers give examples of the victims, and they all seem to be little old ladies as opposed to tech-savvy youths. If I was going to speculate which kind of customer is more likely to be hacked, the download-happy youths should be suffering a lot more than little old ladies who say they hardly use their phones.

And perhaps the victims returned the call without knowing they did. When Google analyzed the reasons for emergency service calls in San Francisco they found 20 percent of calls were caused by butt dialing – the relevant buttons were pressed by accident whilst the phone was in the user’s back pocket. Did anybody think to ask the little old ladies where they keep their phones?

Whatever the explanation for this ‘new’ scam, your telco needs to be alert. Either there really is an exotic new kind of wangiri which involves hacking and who-knows-what-else, or else your customer services staff may be reimbursing lots of money to foolish people who do not understand how their phone works. Either way, the telco is making a loss it should seek to minimize.

Eric Priezkalns
Eric Priezkalns
Eric is the Editor of Commsrisk. Look here for more about the history of Commsrisk and the role played by Eric.

Eric is also the Director of the Risk & Assurance Group (RAG), a global association of professionals working in risk management and business assurance for communications providers.

Previously Eric was Director of Risk Management for Qatar Telecom and he has worked with Cable & Wireless, T‑Mobile, Sky, Worldcom and other telcos. He was lead author of Revenue Assurance: Expert Opinions for Communications Providers, published by CRC Press. He is a qualified chartered accountant, with degrees in information systems, and in mathematics and philosophy.