Issue 133 - June 2012 (2nd Edition) - Page 15
Nine Zero Hash Phone Scam Hoax
Email claims that a scammer can take control of you phone if you key in 90#.
The information in the message is false for the great majority of domestic fixed phone systems and all mobile phones. It can be true for certain types of business phone systems that are configured in a particular way.
Detailed analysis and references below example.
Last updated: 31st May 2012
First published: 22 August 2003
Article written by Brett M. Christensen
About Brett Christensen and Hoax-Slayer
FYI - Phone Scamm
This has been confirmed by Telstra: DO NOT push 90# on your home phone.
Got a call last night from an individual identifying himself as an AT&T
Service technician who was conducting a test on our telephone lines. He
stated that to complete the test I should touch nine (9), zero(0), hash
(#) and then hang up. Luckily, I was suspicious and refused. Upon
contacting the telephone company, I was informed that by pushing 90#, you
give the requesting individual full access to your telephone line, which
allows them to place long distance telephone calls billed to your home
phone number. I was further informed that this scam has been originating
from many of the local ails/prisons. DO NOT press 90# for ANYONE. PLEASE
pass this on to your friends. If you have mailing lists and/or newsletters
from organisations you are connected with, I encourage you to pass this
Major Fraud Investigation Division
Mobile phone version:
If you receive a phone call on your mobile from any person, saying that, he or she is a company engineer, or telling that they're checking your mobile line, and you have to press # 90 or #09 or any other number. End this call immediately without pressing any numbers. There is a fraud company using a device that once you press #90 or #09 they can access your "SIM" card and make calls at your expense
One US Version:
I received a telephone call last evening from an individual identifying himself as an ATandT Service technician who was conducting a test on telephone lines. He stated that to complete the test I should touch nine(9), zero(0), the pound sign (#), and then hang up. Luckily, I was suspicious and refused.
Upon contacting the telephone company, I was informed that by pushing 90#, you give the requesting individual full access to your telephone line, which enables them to place long distance calls billed to your home phone number.
I was further informed that this scam has been originating from many local jails/prisons. I have also verified this information with UCB Telecom,Pacific Bell, MCI, Bell Atlantic and GTE. Please beware.
DO NOT press 90# for ANYONE.
The GTE Security Department requested that I share this information
with EVERYONE I KNOW.
PLEASE pass this on to everyone YOU know.
If you have mailing lists and/or newsletters from organizations you
are connected with, I encourage you to pass on this information to
After checking with Verizon they said it was true, so do not dial
(9),zero(0), the pound sign # and hang up for anyone.
There have been a number of versions of this warning email. The original version began circulating in 1998 and variants of this original, set in several countries, have continued to circulate ever since. Although the original version of the message was based on fact, the information in more current versions is false for the vast majority of phone users. Only business users who have certain configurations of PBX or PBAX phone systems are potentially vulnerable to the scam described in the warning messages.
Warnings about the 90# scam are invalid for the vast majority of normal phone systems
The messages warn recipients that they may receive a call from a fraudster posing as a phone technician who will advise them to key in "Nine-Zero-Hash" or a similar sequence of numbers. According to the email, once you key in the sequence provided, the fraudster has immediate access to your phone and can use it for making calls that will then be billed to your account.
In late 2003, an Australian version of the hoax claimed to be a "police warning" and used the name and contact number of Stephen Cooper, a real Victorian police officer. Although the officer did not send the email, he was inundated with calls and emails about the hoax. Australian telecommunications giant, Telstra, has repeatedly denounced
the email as a hoax. A July 2003 article in The Age
One of the oldest email hoaxes on the internet has returned to Melbourne - the "police warning" of fraudsters who trick people into handing over access to their telephone accounts.
Hundreds of the email "warnings" purporting to come from Victoria Police, have been turning up on computers all over the city in the past two or three weeks and annoying a detective at the St Kilda Road police complex.
The emails are signed with the name of Stephen Cooper, a detective senior constable at the St Kilda Road police complex, and give his phone number and email address there. Mr Cooper's telephone is now on voicemail, with a message advising people to delete the email and ignore the hoax.
The hoax email warns people that they may "get a call from someone posing as a telephone technician testing your line. He will ask you to press nine-zero-hash. If you do, you will give him access to your telephone line so he can place long distance calls that will be billed to your account".
A Telstra spokeswoman said the message was a hoax. The nine-zero-hash code could not give access to a telephone account. The hoax first turned up about four years ago, had not been seen for about 12 months, but had suddenly reappeared.
An earlier US version claimed the supposed scam calls were coming from prisons. Yet another version of the hoax targets mobile phone users.
While most of the information in modern variants of the warning message is untrue, it should be noted that some business telephone switching equipment that has been configured in a certain way may be vulnerable to a scam like the one described in the message. If a particular type of PBX or PABX phone system requires users to dial "9" to get an outside line then it is possible for a scammer to take control of the line and such scam attempts have indeed taken place in the United States. Information about the warning message published
on computer programmer Jonathan de Boyne Pollard's website explains:
The original scam warned about in the original message only applies in the United States, and only to organisations with particular types of PABX that have been configured in a particular way. The essence of the original scam was the ability of these PABXes to connect two outside lines together, using call forwarding. This is why the Recall button is involved. The sequence R90# places the original call on hold (R), makes a new call to an outside line (9), dials the operator (0), and then connects the original call to the new call (#). The PABX thus needs to have been configured to allow an outside call to be forwarded to an outside line, which most PABXes do not allow, for obvious reasons.
A consumer advisory
published on the FCC website also provides details about the scam, warning that office workers using PBX and PABX business phone systems should be aware of such tactics. It notes that "this scam only works if your telephone is served by a private branch exchange (PBX) or private automatic branch exchange (PABX)".
Clearly, the inaccurate and misleading warning messages that are currently circulating are mutated versions of the original, factual versions of the warning that were correctly aimed only at users of PBX and PBAX business phone systems.
In reality, the information in the warning message is false for the vast majority of home phone users, and certainly for all mobile phone users and, therefore, the email can not be considered a valid warning and it should not be forwarded.
Telstra debunks 90 hash 'myth'
Well-used email hoax back in circulation
Please do not perpetuate The 90# Hoax
FCC Consumer Advisory - Don't Fall for the 90#
Pages in this issue:
- Facebook Will Donate for 'Likes' Hoax - Isabella Abused Wife Message
- The Croc Whisperer
- Irish Friendship Wish Chain Letter
- Can Birds Die From Eating Discarded Gum?
- Qian Hongyan AOL Money For Forwarding Hoax
- Foursquare 'Friend Request Approved' Pharmacy Spam
- Hitman Payoff Scam Email
- LinkedIn User Passwords Stolen - Change Your LinkedIn Password Immediately
- Hoax: Facebook to Start Charging This Summer - Facebook Icon Will Turn Blue ( Or Gold)
- Useless Warning - Facebook Will Start Using Your Photos in Ads on Friday
- Completely Pointless and Misleading 'Facebook Privacy Notice'
- Black Lion Facebook Hoax
- 'Switch to Pink Facebook' Survey Scam
- Satanist Friend Request Facebook Warning
- Nine Zero Hash Phone Scam Hoax
- Paypal 'You Sent a Payment' Malware Emails
- FedEx Incorrect Delivery Address Malware Email