MTN customer subscribed to WASP due to click-jacking attack

An MTN customer recently contacted MyBroadband stating that he had been subscribed to a WASP without his permission.

After not using his phone for several hours, the MTN customer received the following SMS:

Yello, you have been subscribed to Music TV @ R2/day… for support dial 135

The customer said he did not subscribe to any WASP service and did not receive a double opt-in notification from MTN.

Upon calling the MTN help line, he was told he was not subscribed to any services and that the SMS must be spam.

The next day, he received an SMS from MTN saying that he was now incurring unbilled usage due to the subscription service, and he immediately called the MTN customer care centre again.

This time, the call centre agent informed him he was subscribed to the service.

The customer was told that MTN could only “request” for a WASP subscription to be cancelled and could do nothing to help – as this was a third-party WASP service beyond their control.

Contacting WASPA

It took the customer five days of liasing with MTN support to identify the WASP provider, with MTN advising that he contact WASPA to resolve the issue.

The MTN subscriber contacted WASPA, who stated that the the WASP provider was an international content provider which MTN hosted on its MTN PLAY platform.

According to WASPA, this service is hosted directly by MTN and subsequently falls outside of the authority’s jurisdiction.

Contacting the MTN call centre again yielded no results for the customer, and the staff said they were unable to reverse the charges incurred by the WASP subscription.

MTN responds

Following this, the customer contacted MyBroadband for help and to share his story with other subscribers. We, in turn, contacted MTN about the matter.

MTN South Africa executive for corporate affairs Jacqui O’Sullivan told MyBroadband that the customer has now been unsubscribed from the WASP service.

“MTN has unsubscribed the customer. We understand this to be a global issue that occurs outside of MTN’s network,” she said.

O’Sullivan added that MTN is working on a number of ways to monitor fraudulent WASP subscriptions.

“We are currently introducing a number of ways to monitor, protect, and put an end to these unscrupulous fraudulent subscriptions.”

The nature of this attack was attributed to click-jacking, which allows WASP subscription double opt-in processes to be approved without the user’s knowledge.

“Upon investigation, we established that this matter is a result of click-jacking which is prevalent on smartphones, where a user may mistakenly click on a banner that is linked to a bot which mimics the behaviour of the customer and approves the opt-in and double opt-in requests without the customer knowing,” said O’Sullivan.

“Thus the customer was subscribed as the system picked up the opt-in and double opt-in event as if the customer had consented to it.”

Anti-fraud measures

O’Sullivan told MyBroadband that MTN has implemented aggressive measures to protect MTN customers against fraudulent activities and spam.

“In a continued effort to ensure that MTN customers are protected and treated fairly, we have implemented a policy (Treating Customers Fairly policy), which is aimed at ensuring that MTN customers are protected against fraudulent and scam activities.”

“Furthermore, MTN has conducted in-depth checks and ensure that all its technology partners and other stakeholders adhere and comply with the Consumer Protection Act,” she said.

“As a result, MTN has put in place measures through TCF to remove these fraudulent subscriptions activities. Also, MTN has implemented the necessary fraud detection measures to protect customers.”

Now read: Iran could be a gold mine for MTN

Latest news

Partner Content

Show comments


Share this article
MTN customer subscribed to WASP due to click-jacking attack