MTN customer subscribed to WASP due to click-jacking attack

Newsfeed

Newsfeed

MyBroadband Newsfeed
Staff member
Joined
Jun 28, 2017
Messages
6,804
Reaction score
639
MTN customer subscribed to WASP due to click-jacking attack

An MTN customer recently contacted MyBroadband stating that he had been subscribed to a WASP without his permission.

After not using his phone for several hours, the MTN customer received the following SMS:

Yello, you have been subscribed to Music TV @ R2/day… for support dial 135​
 
So any detail on the challenge to Jacqui in relation to this WASP apparently being part of MTN Play then?

And what about the Double Opt In that is supposed to happen, there is no way that a bot can mimic that since it should be an SMS to the cellphone with a required response...
 
ToxicBunny said:
So any detail on the challenge to Jacqui in relation to this WASP apparently being part of MTN Play then?

And what about the Double Opt In that is supposed to happen, there is no way that a bot can mimic that since it should be an SMS to the cellphone with a required response...
Click to expand...

It should be, but it isn't and easily faked URL click is enough.
 
All these "measures" being put in place around a service of which the usefulness ended the day smartphones arrived.

How about the default is all content services are disabled until you submit something in writing or activate it via an authenticated customer portal?
 
i was also subscribed to 2 or 3 premium rated services on mtn without my consent.
i also never received any double opt in sms

lucky for my i'm on pre paid through afrihost with only R36 loaded monthly, i used the ussd code to set my PRS limit to zero and to unsubscribe from all the services.

so far so good but if it happens again MTN/Afrihost will hear from me :mad:
switching to pre paid was the best thing i've ever did.

Edit: the ussd code i used was *141*5# and from there you can set your PRS limit to zero and also see what you subscribed to and of course unsubscribe as well.

i actually kept screenshots of the stuff i was subscribed to, it was YellowDot TV, World Cup TV and CR7
to opt out you had to use the ussd *464*970# all of these come to about +/-R12 a day!
 
Last edited:
This constantly happens on Vodacon as well. When I contacted them they also said they cannot refund my money.
 
ToxicBunny said:
So any detail on the challenge to Jacqui in relation to this WASP apparently being part of MTN Play then?

And what about the Double Opt In that is supposed to happen, there is no way that a bot can mimic that since it should be an SMS to the cellphone with a required response...
Click to expand...
It must be nice to be on 1st name terms with the MTN head honcho. She can do some nice favours for you so you had better capitalise on it. I would if I were in your shoes.
 
Surely if you used an ad blocker you wouldn't be able to accidentally tap on the ad and get snared.
 
MTN call centre is just plain down terrible. Of no assistance what so ever!!!
 
Newsfeed said:
MTN customer subscribed to WASP due to click-jacking attack

An MTN customer recently contacted MyBroadband stating that he had been subscribed to a WASP without his permission.

After not using his phone for several hours, the MTN customer received the following SMS:

Yello, you have been subscribed to Music TV @ R2/day… for support dial 135​
Click to expand...
I know of a bunch of people, myself included, that received these sms. Do we have to go through all the motions and struggle like this customer did to remove this WASP service ? Its crazy how easily they can do this and MTN not really being able to protect their customers.
 
ryu said:
Edit: the ussd code i used was *141*5# and from there you can set your PRS limit to zero and also see what you subscribed to and of course unsubscribe as well.
Click to expand...
RYU thanks for this quite a few screens to go through to set it zero.
This would make a great article for MYBB on what ussd codes to use to set zero limits on all the networks.
 
The customer was told that MTN could only “request” for a WASP subscription to be cancelled and could do nothing to help – as this was a third-party WASP service beyond their control.
Click to expand...
BS. It's approved by MTN.

morkhans said:
All these "measures" being put in place around a service of which the usefulness ended the day smartphones arrived.

How about the default is all content services are disabled until you submit something in writing or activate it via an authenticated customer portal?
Click to expand...
What I've been saying for ages. Anything should be activated through the network itself as pending services through USSD only and be easily unsubscribable as well. Why I keep a zero balance on prepaid so any service they want to subscribe me to will become their problem.
 
I was in the WASP industry for 7 years. It seems nothing has changed since I left the industry four years ago. This is why all my contracts are topup (vodacom).
 
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter