Telecommunications companies are facing a significant security risk as scammers exploit a little-known feature in mobile phone networks topass identity checks for online transactions. This alarming discovery has prompted companies to take immediate action to counteract the threat.

The vulnerability, which was initially implemented 19 years ago but remains enabled on mobile networks worldwide, allows attackers to divert voice calls tricking phone owners into clicking on a link containing a specific prefix. By doing so, the call is redirected to a number controlled the attacker. This poses a serious problem as many companies now use voice calls as a fallback method for multi-factor authentication (MFA) systems.

Multi-factor authentication adds an extra layer of security to login processes, such as requiring a password along with a code sent SMS. However, scammers can now exploit the call-diversion feature topass MFA systems requesting the code to be sent via voice call. This tactic becomes even more alarming with the rise of AI systems that can convincingly impersonate a person’s voice, allowing for more sophisticated attacks.

The malicious tel:// link that enables this scam can be distributed through various channels, including SMS messages, WhatsApp, websites, and emails. Even users who have their Mac connected to their iPhone are vulnerable to this attack if they innocently click on the link.

Telecom companies, including Telstra, Optus, and TPG Telecom, have been notified of the vulnerability and are taking steps to address the issue. Telstra has stated that it will proactively block any SMS messages containing malicious tel:// links in response to the DVULN report.

This security threat highlights the ongoing battle between telecommunications providers and scammers. Technology continually evolves, and scammers seek new ways to exploit vulnerabilities for personal gain. It serves as a reminder for individuals to remain vigilant, exercise caution, and be wary of unsolicited texts, messages, and emails, even from seemingly reputable sources. User diligence and awareness are crucial in maintaining a strong defense against these scams.