That only works on modems that don't support the (patented) delay requirement betwixt +++ and a command that Hayes instituted...which was actually quite a large percentage of them by the time v.34 came 'round.
Plus, the string needs to come from the DTE side of things (the user's local PC), not the remote end. So, with finger and IRC channels alike: The hack relies upon the ISP's modem to behave in that way, and not the end-user's.
As a workaround for the latter, a person could encapsulate the string into payloads for ICMP pings. User's machine receives and responds to the ping, and this response packet hangs up their connection.
As a way to weaponize that without things like IRC that leak WAN network addresses, a person could sometimes finger the target's ISP's terminal servers to see which users were logged into which ports and deduce the target's IP address from that. This way, the ping can show up before they even get back onto IRC.
Going even further: Automation.
(Going straight to jail: +++ATHD911)
The non Hayes version was called Time Independent Escape Sequence or TIES, but there were multiple versions of these problems, with the later attacks documented in CVE-1999-1228 where you did have to have some form of echo/ping/icmp to work on a client device.
The earlier issue with finger was due to manufactures having brain dead firmware and using AT commands for voice features in the 14.4 modems etc... I can't seem to find it in the usenet archives that are still around, or at least with current search engine tuning.