A dialer (or dialler) is an electronic device that is connected to your phone line and monitors the numbers that are dialled. The dialer has the ability to alter those numbers in order to seamlessly connect you to services that you would normally have to dial lengthy access codes for.

A dialer will automatically insert and/or modify the numbers you dial depending on the time of day, country or area code you dialed making it possible for you to subscribe to the service providers who offer the best rates.

For example, a dialer could be programmed to use service provider A for international calls and service provider B for cellular calls. This process is typically known as prefix insertion or least cost routing. A line powered dialer does not need any external power but instead takes the power it needs off the telephone line.

Another type of dialer is a computer program which creates a connection to the Internet or another computer network over the analog telephone or ISDN network. Many operating systems already contain such a program for connections through the Point-to-Point-Protocol (PPP).

Many internet service providers offer installation-CDs which are meant to simplify the process of setting up a proper Internet connection. This is possible through either creating an entry in the OS's dialer or by installing a separate dialer (as the AOL software does).

Nowadays, the term "dialer" often refers specifically to dialers which connect without the user's full knowledge as to cost, with the creator of the dialer intending to commit fraud.

Dialers are necessary to connect to the internet (at least for non-broadband connections), but some dialers are designed to connect to premium-rate numbers. The providers of such dialers often search for security holes (usually in Microsoft Windows) on the user's computer and use them to change the computer to dial up through their number, pocketing the additional money for themselves. Alternatively, some dialers inform the user what it is that they are doing, with the promise of special content, accessible only via the special number. Examples of this content include software for download, (usually illegal) MP3s, 'underground' hacking materials such as viruses, and in the case of at least one website, pornography.

The cost of setting up such a service is relatively low, amounting to a few thousand dollars for telecommunications equipment, whereupon the unscrupulous operator will typically take 90% of the cost of a premium rate call, with very few overheads of their own.

Premium rate numbers, e.g. 900 numbers in the U.S., are an increasingly popular method for easy electronic payment for services. But if they are not careful, users could be charged up to $4.00 or more per minute through a dialer using one of these numbers. Typically, users will stay connected for at least 10 minutes, as the internet and modems in particular are inherently slow, and so the costs can really rack up.

Users with DSL lines (or similar broadband connections) are usually not affected. A dialer can be downloaded and installed, but dialing in is not possible as there are no regular phone numbers in the DSL network and users will not typically have their dialup modem, if any, connected to a phone line. However, if an ISDN adapter or additional analog modem is installed, the dialer might still be able to get a connection.

Malicious dialers can be identified by the following characteristics:

A download popup opens when opening a website.
On the website there is only a small hint, if any, about the price.
The download starts even if the cancel button has been clicked.
The dialer installs as default connection without any notice.
The dialer creates unwanted connections by itself and without user interaction.
The dialer does not show any notice about the price (only few do) before dialing in.
The high price of the connection is not being shown while connected
The dialer cannot be uninstalled, or only with serious effort.

Installation routes
Starting in 2003, new Visual Basic-scripts install a trojan horse which changes values in the Microsoft Windows registry and sets Internet Explorer security settings in a way that ActiveX controls can be downloaded from the Internet without warning. After this change is made, when a user accesses a malicious page or email message, it can start installing the dialer. The script also disables the modem speaker and messages that normally come up while dialing into a network. Users of Microsoft Office Outlook, Outlook Express and Internet Explorer are especially affected if running ActiveX controls and JavaScript is allowed and the latest security patches from Microsoft have not been installed.

Lately (March 2004), malicious dialers get installed through a nonexistent antivirus program. Spam emails from a so-called "AntiVirus Team" for example contain a download link to programs named "downloadtool.exe" or "antivirus.exe", which are malicious dialers. Other current ways are greeting card mails that link to pages forcing the user to install ActiveX controls installing dialers in the background.

Hence links in spam emails should never be opened, automatically started downloads should be cancelled as soon as discovered, and one should check on each dial-up to the internet whether the displayed phone number is still the same. Another way to protect oneself is to disable expensive numbers using phone company services, but of course this disables all of them -- even the honest ones.