Spanish Dialer Fraud

Dishonest webmasters are at it again: making every attempt to circumvent laws designed to limit the abusive use of "dialers" – small programs downloaded onto a surfer's computer enabling direct phone line connection to premium content services, or indirect access for broadband surfers, where the open phone connection simply serves as the billing mechanism.

The latest scam comes to Germany from Spain, and seems destined to migrate elsewhere throughout Europe and beyond: Rather than covertly installing a Trojan (which would then dial a premium rate or expensive long-distance telephone number) on an unsuspecting surfer's computer, a Java-based program is installed that automatically enters "yes" into the payment authorization mechanism, complicating victim's abilities to obtain a refund from what appears to be a legitimate transaction.

This scam is the result of Germany's dialer laws which require webmasters to register with the authorities and to abide by certain guidelines, including not being able to bill surfers who were unaware that they were being charged.

According to Dialerschutz (Dialer Protection), Palma de Mallorca based Teleflate S.L. is targeting German surfers with a legitimate appearing dialer that outwardly complies with the law, including the use of a pop-up asking if you want to enter, but uses the Java program to bypass the surfer's choice, or authorization, in being billed for €30 (appx. $36.50) per hour through the registered 09009 phone number.

Claiming that the exploit is prevented by the most up to date versions of Windows, Dialerschutz is nonetheless taking this situation seriously, and has reported the details of Teleflate's scam to the Federal Office for Information Security (BSI) in Bonn.