You can make a difference in the Apple Support Community!

When you sign up with your Apple Account, you can provide valuable feedback to other community members by upvoting helpful replies and User Tips.

💡 Did you know?

⏺ If you can't accept iCloud Terms and Conditions... Learn more >

⏺ If you don't see your iCloud notes in the Notes app... Learn more >

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

User profile for user: avideditor
avideditor Author
User level: Level 2
156 points

Security! Call Forwarding Hack?

My iPhone 5 has an account through ATT.


I just found out today that for the past year, my phone was forwarding all my unanswered calls to another number.


My phone's call forwarding feature was NOT turned on. I never called in to set this up with ATT. They have no record of this being turned on and my phone was never sent a PIN code for authorization for turning this forwarding on.


The number my calls are being forwarded to answers as a female robot voice (similar but NOT the same as the ATT voice) which speaks my number to the caller. However if I call the "forwarding" number directly... busy signal. Needless to say I have never seen this phone number before and its not an ATT phone.


I'm posting this because ATT and the carrier responsible for the forwarding number, broadband.com, are so far mute on this issue. I am getting zero resolution but I consider this a grave security issue. It is in fact wire fraud.


So my best theory is some app has switched this forwarding on but the phone shows as if forwarding is off.


I ask the forum here... gurus please... who has seen this before?

Posted on Aug 24, 2014 7:04 PM

Reply
Question marked as Top-ranking reply
User profile for user: avideditor
avideditor Author
User level: Level 2
156 points

Posted on Aug 24, 2014 7:37 PM

Sorry Loner, but I do have a VM (visual VM) that has long been setup.


The deeper i dig on this the more I think I was hacked somehow. The broadband.com company responsible for the destination numbers VM is known to facilitate scammers and phisher.

View in context
19 replies
User profile for user: avideditor
avideditor Author
User level: Level 2
156 points

Aug 24, 2014 7:48 PM in response to Loner T

Loner,


Yes, my VM is setup. Yes i can access it from my iPhone.


This isn't a VM setup or user issue!


This is an issue whereby my calls are being diverted away from my VM to another phone number, possibly in the way that Meg has suggested. This other phone number is owned by broadband.com.


This is definitely a phishing scheme, I just don't know how it was deployed, possibly in some way similar to what Meg suggested, however my phone has never been unlocked and out of my possession, ever, so I believe that some kind of hack or backdoor set this up.

Reply
User profile for user: avideditor
avideditor Author
User level: Level 2
156 points

Aug 24, 2014 8:00 PM in response to chattphotos

The bot voice is NOT normal.


1. My VM greeting was set to Custom, with my voice.

2. The bot voice was NOT the standard ATT bot voice.


The "proof" was I called ATT to see why my custom VM greeting was not what people heard when going to my VM. This was brought to my attention by my father who thought it sounded odd. ATT informed me that I had "call forwarding" turned on. This is how I found this out.


I am mentioning broadband.com because a reverse lookup of the phone number that ATT provided me as the number setup to forward to is serviced by broadband.com, meaning that is the parent carrier of that number, a VoIP number.


I had ATT remove the call forwarding and I added an additional layer of security to my account, however ATT has NO RECORD of this being setup in my account.


Unless ATT is using a broadband.com VoIP number as an additional VM account line for my account, which I seriously doubt... and to date ATT level 3 tech support seems completely ignorant (anything is possible) then I maintain this is super fishy and seems like ID theft/phishing.

Reply
User profile for user: avideditor
avideditor Author
User level: Level 2
156 points

Aug 24, 2014 8:12 PM in response to IdrisSeabright

Meg,


I'm going to rule it out as enabled on my phone, unless I was duped into doing it myself. Seriously... no one has access to it in an unlocked state. It fully locks in 1 min, no one knows the code.


System glitch... or more likely ATT representative "error"? Perhaps. But ATT can't so far tell me when exactly it was enabled or how. I get to speak to their Fraud department tomorrow.


ATT says there is no way to log in and enable call forwarding (they didn't specify conditional call forwarding) from the web portal with out also confirming the change via a security code sent to the phone. That I am certain of didn't happen.


Thanks for explaining conditional call forwarding, I get that concept. This is how this was behaving for sure.

Reply
User profile for user: Loner T
Loner T
User level: Level 9
59,513 points

Aug 25, 2014 5:33 AM in response to avideditor

Yes, a phone number can refuse incoming calls. When you access it via Voice Mail, it is not the same access. I suggest you talk to ATT. They also have access to internal WLNP databases. The number is a 'peering' number, not a number that can be called directly. Typically, such numbers are used when a subscriber wants to access their VM, the VM system is 'dialed' on your behalf by the SP's internal systems (a HLR/HSS in most cases), but for security reasons, such numbers are allocated from a pool that disallows incoming calls.


The other use for such numbers is allow data connections from wireless phones where the client (your iPhone) behaves like a modem and dials a point-to-point number to setup up a connection with a bank of modems kept by the SP within their infrastructure. The SP system acts like a data gateway for your device and anchors your data connection.


The Wireless system is a spaghetti of old analog technology on the SP side which a subscriber usually is never exposed to.

Reply
User profile for user: IdrisSeabright
IdrisSeabright
User level: Level 10
169,343 points

Aug 24, 2014 7:09 PM in response to avideditor

What you're describing is sometimes called No Answer/Busy Transfer. It's not simple call forwarding. It would have to be done through the carrier. At least with Verizon, it doesn't require any PIN be sent to the phone. I just dial a * followed by a two-digit code and the number. It's how I use Google Voice for my voicemail instead of my carrier. Anyone who had access to your phone could have done set this up.

Reply
User profile for user: IdrisSeabright
IdrisSeabright
User level: Level 10
169,343 points

Aug 24, 2014 7:26 PM in response to avideditor

On Verizon, to enable No Answer/Busy Transfer, also called Conditional Call Forwarding, I dial *725555555555 (where the fives are the number I'm forwarding to). I then get confirmation beeps. I don't know how it works with ATT. You'll need to ask them. You should also be able to get them to remove the feature from your account if you want.


Call forwarding on the phone itself is not, to the best of my understanding, conditional call forwarding. However, I don't have an ATT phone on which to test this.

Reply
User profile for user: chattphotos
chattphotos
User level: Level 4
2,499 points

Aug 24, 2014 7:53 PM in response to avideditor

Just FYI, The voicemail bot that speaks your number to the caller is normal, that's the Default greeting...


Also, where's the proof in forwarding to a different number?
How did you find this out?

Why are you mentioning broadband.com?

Have you had At&t reset your voicemail?


This may be a shot in the dark, but I know Verizon/Sprint phones actually have two phone numbers... I don't know if At&t uses two or not... but if they do, that's probably what you're seeing.

Reply
User profile for user: chattphotos
chattphotos
User level: Level 4
2,499 points

Aug 24, 2014 8:09 PM in response to avideditor

Computers aren't perfect, telecom software sometimes has strange bugs, and adding users to the mix doesn't add up to make for a 100% reliable system.


I think you went to the extreme Avid... Maybe At&t goofed and a rep fudged up someone else's number getting CCF and yours happened to be the typo.


If strange things keep happening, change your phone number...

Reply
User profile for user: Loner T
Loner T
User level: Level 9
59,513 points

Aug 24, 2014 8:16 PM in response to avideditor

To support WLNP, ported numbers are required to stay alive for aging purposes in a SP's system. If your number was assigned to you but was previously ported by someone else into ATT, the association of your number with the previous provider is meant to to expire in 24-48 hours per FCC rules. I have seen glitches where such expiration does not happen at all because the previous SP keeps the association between it and other systems, like VM.


If you have call detail on your ATT bill, you can see prior history (required by law for ATT to keep) and Call Forwarding transactions are recorded including the *72/*73 transactions.


In the CDMA world, there is a MSISDN associated with a MN so you have a 'peering' number that you can call. Very old legacy of roaming.


Is it possible that you have applications that can make calls apart from your regular iPhone dialer, like Talk-a-Tone, Skype, ObiHai, etc.?

Reply
User profile for user: avideditor
avideditor Author
User level: Level 2
156 points

Aug 24, 2014 8:23 PM in response to Loner T

Very helpful Loner T!


For a very short time I had an app called Humin on my phone that could dial, but its life on my phone began after ATT's records show the forwarding being initialized and was removed several months ago. No Skype.


I appreciate these details, they are slightly over my head but it gives me more talking points with ATT's customer script readers, i mean customer service representatives.

Reply

Security! Call Forwarding Hack?

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up