That only works on modems that don't support the (patented) delay requirement betwixt +++ and a command that Hayes instituted...which was actually quite a large percentage of them by the time v.34 came 'round.
Plus, the string needs to come from the DTE side of things (the user's local PC), not the remote end. So, with finger and IRC channels alike: The hack relies upon the ISP's modem to behave in that way, and not the end-user's.
As a workaround for the latter, a person could encapsulate the string into payloads for ICMP pings. User's machine receives and responds to the ping, and this response packet hangs up their connection.
As a way to weaponize that without things like IRC that leak WAN network addresses, a person could sometimes finger the target's ISP's terminal servers to see which users were logged into which ports and deduce the target's IP address from that. This way, the ping can show up before they even get back onto IRC.
Going even further: Automation.
(Going straight to jail: +++ATHD911)
First I've heard of ATHD command. Pretty sure my modem would ignore anything after ATH, and if you did ATDT would fail without a dial tone. But obviously, you couldn't send them as one command, but as separate commands. That might work in the same packet, so +++ATH\nATDTxxx but I suspect that you'd probably need a lot of \n as padding to introduce sufficient delay after the ATH.
I think I tested the combined command locally once (not with 911) and it worked. But that was 30-ish years ago and I might be misremembering. :)
Separating the commands and adding some (even small) delay would add a good amount of certainty, though. Absolutely. That's a good method. I think modems expect CR instead of LF as command termination, though, which suggests \r instead of \n.
Either way, for more haunted computer goodness: M2L3 before the dial command. This silences the dialtone and the dialing, and maximizes the loudness of the person that answers.
The non Hayes version was called Time Independent Escape Sequence or TIES, but there were multiple versions of these problems, with the later attacks documented in CVE-1999-1228 where you did have to have some form of echo/ping/icmp to work on a client device.
The earlier issue with finger was due to manufactures having brain dead firmware and using AT commands for voice features in the 14.4 modems etc... I can't seem to find it in the usenet archives that are still around, or at least with current search engine tuning.
Similarly some AV software would “listen” to your IRC comms to check for c&c indicators which meant you could paste it into a channel and a pile of people would disconnect (and you’d be quickly banned).
Such a long time since I 'fingered' someone. Good times!