Can't believe this is legal! Unauthorised charges

yak.h'cir · 17 Dec 2014 at 20:49

Just a warning really about a silly thing that has happened to me today. I was using facebook on my phone and clicked one of those "10 most amazing photos" type links (i'm ill in bed and was bored!!!). Anyway, to see each picture in turn you had to click the 'next' link at the bottom.

So on photo 5 one of the advertising bars had a green arrow which was very similar to the next link and I accidentally pressed it. Nothing came up just a blank page. So I clicked back and carried on.

About 10 seconds later I received a text saying that I'd just been billed £5 for taking part in an iphone competition! I did not reply to this message, I called three, they confirmed I'd just been billed £5. I explained that I'd not signed up to anything of the sort so they arranged a three way conversation with the billing company. They literally just laughed at us on the phone. Said I was signed up to their monthly competition and I could call the police if I wanted. Then they hung up.

Three to their part have credited me £5 as a good will gesture but here's the real reason I posted: They've put a block on my account which should prevent any charges of this type being allowed. Why this isn't done by default I don't know. But I would definitely advise everyone to give their operator a quick call and ask them to put a block on unauthorised charges.

I cannot believe this is allowed in the first place! I at no point filled in any forms, just accidentally clicked a banner on a website that made no mention of a competition or charges. Very annoying.

yak.h'cir · 17 Dec 2014 at 21:14

It gets worse! I've just checked my account and there's another £5 charge. I'm going to have to change my mobile number aren't I....

rhysduck · 17 Dec 2014 at 21:23

Or be more careful on what you click on..

pugwash · 17 Dec 2014 at 21:31

Cheeky blighters. Did the charges state the name of the company? I would be tempted to see if I could have a little play with them. Completing mail order forms and giving the name of the company would be one suggestion. The company then gets lots of unwanted mail. Some mail can be very interesting.

mattyg · 17 Dec 2014 at 21:34

pugwash said:
Cheeky blighters. Did the charges state the name of the company? I would be tempted to see if I could have a little play with them. Completing mail order forms and giving the name of the company would be one suggestion. The company then gets lots of unwanted mail. Some mail can be very interesting.

Yeah that'll teach em.

Mail yeah hardcore

I got a letter from a DCA once. If I didn't respond they would send another letter........

Its like the difference between UK police and American police

USA: Stop or I'll shoot
UK: Stop or I'll say stop again

yak.h'cir · 17 Dec 2014 at 21:51

rhysduck said:
Or be more careful on what you click on..

So you'd think it fair enough if I added a link to this message that looked like one of the forum buttons and that by clicking it you'd be automatically billed £5?

yak.h'cir · 17 Dec 2014 at 21:54

pugwash said:
Cheeky blighters. Did the charges state the name of the company? I would be tempted to see if I could have a little play with them. Completing mail order forms and giving the name of the company would be one suggestion. The company then gets lots of unwanted mail. Some mail can be very interesting.

Nope no name, and they refused to say who they were on the phone. Three said they'd investigate and I could call back to get the company details since I want to report them to OFCOM.

Domo · 17 Dec 2014 at 21:55

rhysduck said:
Or be more careful on what you click on..

I agree with the OP. I don't think you get the point they're making.

Orcvader · 17 Dec 2014 at 21:57

Was this with the internal Facebook browser?

It's a nice idea but seeing how naughty some of these ads are it's also a security problem. I disabled the internal browser so it always open webpages on my default browser, which uses an adblock addon to block these sort of things (either Dolphin or Firefox, depending on which is my favourite browser at the time).

v0n · 17 Dec 2014 at 22:20

This makes no sense. To bill you via mobile operator they would have to have to make your number dial their premium number. They couldn't do it via app with in-app purchaes, because that way it would be your Apple App account that was charged. Auto dialling from pages is not possible on iphones and neither is premium texting from apps (Apple wouldn't sign such app), and you couldn't miss your phone dialling a number, because you have to confirm it doing so.

Orcvader · 17 Dec 2014 at 22:37

v0n said:
This makes no sense. To bill you via mobile operator they would have to have to make your number dial their premium number. They couldn't do it via app with in-app purchaes, because that way it would be your Apple App account that was charged. Auto dialling from pages is not possible on iphones and neither is premium texting from apps (Apple wouldn't sign such app), and you couldn't miss your phone dialling a number, because you have to confirm it doing so.

Looking at the permissions for the Android version of the Facebook app, it has the permission to make calls to numbers. This would also apply to the internal Facebook browser... Actually, why does the Facebook app need this permission?

EDIT: Checking the Google+ and Twitter app, they don't have this permission, only to check the current caller state. So what is Facebook up too

...

v0n · 17 Dec 2014 at 23:02

Orcvader said:
Looking at the permissions for the Android version of the Facebook app, it has the permission to make calls to numbers. This would also apply to the internal Facebook browser... Actually, why does the Facebook app need this permission?

EDIT: Checking the Google+ and Twitter app, they don't have this permission, only to check the current caller state. So what is Facebook up too ...

From facebook page:
Directly call phone numbers: This permission allows you to call a Messenger contact by tapping on the person's phone number directly from the menu of your conversation with them.

It wouldn't work from advert. My take on it is - OP was chatted up by one of those "lonely right now" facebook bots, was given number to "text some more", then 10 quid later realised he's texting premium number..

Azza · 17 Dec 2014 at 23:43

Surely it would need to load the dialer app to make the call?

Orcvader · 17 Dec 2014 at 23:46

Azza said:
Surely it would need to load the dialer app to make the call?

It can act as the dialer app, if you look ont he Play store there's plenty of alternatives (including the Hangouts dialer).

I thought the calling feature was for the Messenger app, which is seperate from the Facebook app?

Mr Badger · 18 Dec 2014 at 00:17

Genuine hot and sexy babes are waiting for you now at www.scamripoff.com

mattyfez · 18 Dec 2014 at 05:54

yak.h'cir said:
iphone competition!

Very annoying.

413x · 18 Dec 2014 at 07:04

I don't get it either.

Irrespective.. I use payg and always have 0 credit. So what would happen if I clicked? I don't see how this is possible

div0 · 18 Dec 2014 at 07:56

v0n said:
This makes no sense. To bill you via mobile operator they would have to have to make your number dial their premium number. They couldn't do it via app with in-app purchaes, because that way it would be your Apple App account that was charged. Auto dialling from pages is not possible on iphones and neither is premium texting from apps (Apple wouldn't sign such app), and you couldn't miss your phone dialling a number, because you have to confirm it doing so.

Do we know what type of phone the OP has?

The only mention of iphone I noticed was where he said he'd been 'billed for entering an iphone competition'.

To me, this sounds like some form of exploit in the Facebook App?

- Dodgy link on facebook
- Click link
- Facebook App has sufficient rights to 'sign up' to a payment agreement - enters a competition by sending a text (????)
- Text message is sent to user thanking him for spending £5 on the 'iphone competition'.

That's the only thing I can think of - unless there's more to the OP's story than we're being told - possibly he just wanted to chat to hot girls available now in his area, and only realised his mistake when he was £10 down.

Facebook links are usually suspect at best and even if they're legit, they're usually a waste of time. Best not to click links in facebook, there's never anything good will come of it!

yak.h'cir · 18 Dec 2014 at 08:09

Orcvader said:
Was this with the internal Facebook browser?

It was, thank you for the tip! I've set the app to use the external browser in future, not that I plan on using it much anymore!!

v0n said:
This makes no sense. To bill you via mobile operator they would have to have to make your number dial their premium number. They couldn't do it via app with in-app purchaes, because that way it would be your Apple App account that was charged. Auto dialling from pages is not possible on iphones and neither is premium texting from apps (Apple wouldn't sign such app), and you couldn't miss your phone dialling a number, because you have to confirm it doing so.

I use a stock nexus 4 on 5.01 that's been rooted for cerberus install and then locked again. Latest facebook app so you'd think it would be secure but no.

al4x said:
I don't get it either.

Irrespective.. I use payg and always have 0 credit. So what would happen if I clicked? I don't see how this is possible

In your instance i would think you'd be safe as PAYG can't get into debt. Worst case would be that the charge would be pending and next time you do top up it automatically sucks away the money.

Swarfega · 18 Dec 2014 at 08:23

"10 amazing photos that will make your penis grow an extra 1 inch!"

Facebook is full of that click bait crap. The only reason there is so much of it is because people open it.