Feeds

back to article Thousands of Brits bombarded in caller spoofing riddle

Thousands of Brits were tormented by nuisance calls after West Midlands businesses were caught up in a caller ID spoofing blitz. Firms including We Solve IT and solicitors Bridgehouse Partners appeared to bombard residents at all hours of the day and night thanks to a foreign outfit that used the companies' numbers to mask the …

COMMENTS

This topic is closed for new posts.

Page:

Incoming CLI from abroad should be tagged as such?

Surprising that telcos will accept arbitrary CLI from foreign parts and pass it on. I would have thought that at the least they could add the prefix of the originating country before forwarding it. That might be difficult if it's a tandem route via another country, but at least it should be tagged 'international'. I get cold calls which are tagged as 'international' on my phone, though no number is presented. Those all go to the answering machine.

4
0
Silver badge

Re: Incoming CLI from abroad should be tagged as such?

CLI is a presentation service, where the final exchange can optionally present the caller's number to the person being called. It wouldn't have mattered even if there was no CLI active, anyone with a phone can still be woken up in the small hours by a malicious caller dialling at random.

The problem here seems to be that the info in the SS7 signalling packets was invalid, and that's the responsibility of the originating telco. An ordinary customer should not be able to change the values in those packets, since that would break the whole charging model. The customer may be able to add additional packets, but whoever the originating telco was here should be in deep shit for not validating the signalling info before passing it on. Since Ofcom was able to trace the calls it seems likely that the full signalling info was present, so they should be able to take action againt the perpetrator.

Then again, it's Ofcom we're talking about.

7
0
Vic
Silver badge

Re: Incoming CLI from abroad should be tagged as such?

> An ordinary customer should not be able to change the values in those packets

It's actually quite easy to do if you originate calls on a VoIP system and then pass into a VoIP<->PSTN gateway. For a little while, anyway.

As soon as you're discovered, the gateway provider will disconnect you. But that's not going to stop the scammers - particularly if they are using hijacked credentials.

Vic.

0
0
Unhappy

Broken...

The phone network is broken. Its so easy to conduct offensive call campaign's these days that phones have become like email was maybe 10 years ago - full of junk messaging and no easy way of filtering them. You can do anonymous caller reject, register with TPS and use caller ID, but as seen by this case, unscrupiballs companies find a way round or just ignore the regulations entirely. Plus Ofcom are so slow to react, or are blocked by international boundaries from doing anything that they're almost toothless.

Someone should make a spam-filter for phone numbers (I'm sure someone will correct me). I know most VoIP serverscan do this, but as far as I know, there arn't any decent phone-spam category lists that are properly usable. Anyone fancy asking the dragons for a pot of money?

4
0
Silver badge

Re: Broken... ?

So how come I only get a call from some sort of 'claims company' about once a month?

The number is registered with TPS and I only get calls from abroad.

Also even more rare are the apparently random machine-generated phone calls .

TPS seems to work for me.

0
0
Bronze badge

whitelists

Why can't I have a whitelist on my phone and have calls from any other numbers completely ignored?

I only actually want to be able to get calls from about a dozen people. Everything else should go straight to /dev/nul

7
0
Anonymous Coward

Re: whitelists

You can do anything you want with asterisk.

I whitelist outside "business hours" taking information from my phonebook for "allowed calls" and send calls without callerid or with 08*/09* callerid straight to voicemail 24x7.

I wrote the rulesets (and scripts to read mozilla obscene phonebook format) around the time when I still had a BT line. They got really heavy use despite me registering for TPS and going through all the motions as prescribed by "the book".

I found a new solution after that - I moved to sipgate. Ever since I did that I get a couple of hits per year (tops) which are still filtered by the old scriipts.

I can comment on the reasons for the difference, but I rather not.

0
0

Re: whitelists

it is called skype, oddly enough

1
0

Re: whitelists

There are free apps for that. Since i applied for a loan about two years ago i have been getting about 10 spam texts a day and several cold calls from scammers and marketing companies.

The TPS does not work. Thing settle down for three months and then it flares up again. You see, registering on the TPS confirms that your number is a good one that works.

Also, replying STOP to the spam sms's just confirms that your number is real and is resold again and again.

I was forced to install a spam filter and blacklist app and it's been great.

0
0
Anonymous Coward

Truecall

I don't like doing companies adverts for them but http://www.truecall.co.uk/ does everything you could want for blocking phone spam.

It's one of those rare products that does what it says on the tin.

The subscription for the web interface after the first year is crap however you ought to be able to get everything complicated sorted out within a year. You can still set options via the phone handset but its pretty tedious.

0
0
g e
Silver badge
Pint

Re: Truecall

We just registered with the Mail Preference Service and the Telephone Preference Service - virtually zero junk either down the phone or through the door.

Anyone calls with unsolicited crap then they get this treatment which provides a perverse sense of smug satisfaction... http://focusrite.livejournal.com/1627.html

Pint for everyone!

10
1
Silver badge

Re: Truecall

TPS only protects you from domestic calls. If I'm at home during the day, I get a non-ending stream of calls like this:

"Hallo Sir, this is Steve calling from Windows*. We've noticed you have a problem with your computer…"

I actually quite like that one, although I'm surprised they ever get any bites. I played along once, and said something like "Yes, what seems to be wrong with it?", which confused them a lot. After about 5 seconds I got a 'please hold sir", and then they hung up.

* No windows here.

1
0
Anonymous Coward

Re: Truecall

Looked interesting until I saw the price!

0
0
Anonymous Coward

Re: Truecall

Tom38 - Oh yes, I have been lucky enough to get two of those.

Managed to keep them on hold for 10mins on one call under the premise that my old computer was still booting (while I went about my chores) and the second time got 30 mins trying a variation of the legendary WP5.1 support call whereby I explained I couldn't see the switch on the back of my PC because it was dark in the room...

I know, I know, I did have too much time on my hands on both occasions, still it kept them from scamming some other poor sod for a short while anyway.

10
0

Re: Truecall

We get those over in Norway too, trying to get them find what they try to get to (which only seems to work in XP, as my wife got the first one when I was out and didn't know any better), on a PC set to Norsk in fun. . . . Asking why "Windows" would know about a problem on a Linux PC confuses them too. . . or simply refusing to admit I speak English.

1
0
Anonymous Coward

Re: "Looked interesting until I saw the price!"

The cost to build (not the price they sell for) is revealed in the original Dragon's Den extract, which is on t'Internerd.

It's a *lot* less than they sell for.

There must be stacks of old voice-capable modems sitting cupboards somewhere that a suitable selection of AT commands and someone with some ingenuity could do something useful with.

Not me, sadly.

0
0
Anonymous Coward

Re: Truecall

I think around 25 minutes is my record, for getting them to talk me through finding my mac keyboard's windows key. I see it as a service to society, keeping them from preying on the more vulnerable.

They've smartened up these days, there is a "mac" download too for your hacked pleasure and they do seem to hang up more quickly than they used to.

WTB "SPIKE" function...

2
0

Re: Truecall

The problem with trying to waste the time of the telesales person is that they are only earning a few dollars a day in India, any time you spend dealing with the call is costing you orders of magnitude more than its costing them.

And when you look at the scams as opposed to "legitimate" telesales (if there is such a thing) the money generated by one success is a week's pay for the caller.

As for TPS - yes register but don't waste any time reporting the calls you still get. There's the power in law to fine £5000 for each offending call. Beyond "contacting to persistent offenders and instructing them to stop" no enforcement action has ever been taken. But in any case it's powerless to act outside UK.

0
0
Silver badge

Re: 'helpdesk'

"Hallo Sir, this is Steve calling from Windows*. We've noticed you have a problem with your computer…"

How come I don't get them?

I've been waiting for so long to see how long I could keep one going for.

I feel left out.

1
0
Anonymous Coward

Re: Truecall

Yeah its pretty expensive for what it is and I'm sure you could use an old modem to filter stuff, however that's going to require you to run a PC 24/7.

To the guy further down the comments - its failry normal to have a manufacturing cost of 1/3 the retail price. I got no problem with everyone in the chain making money if I end up with a product that works reliably.

Had a quick look at the stats for the last 12 months :

Caller rejected : 33.8%

Unrecognised caller - Hung up at whisper : 22.4%

Starred caller : 16.6%

Anonymous caller rejected : 11.7%

There's a load more stats but the tl;dr is that 78% of all incoming calls are rejected or the caller hangs up. That's with TPS which is no use at all anyway - no surprise there, when has self-regulation ever worked in marketing?

Now maybe you guys are happy to let the phone ring/piss around with spammers but I'm not. Truecall means I don't even hear the phone ring for those 78% who are spammers. Much better.

0
0

@Stu_The_Jock

I thought those were a myth until I had my first one last week. The fun I had with him really put a smile on my face. Especially at the end when I informed him that it took less time to trace his call than it did for him to say 'Hello'... he hung up at that point.

0
0
Stop

Call rejected - you are too stupid.

I've for a long time wanted a phone that has caller-IQ as well as caller-ID.

8
0
g e
Silver badge
Unhappy

One reason

Set your outbound CLI to a premium rate number and wait for marks to call back to see who you were.

Bung the inbound return call into a call queue saying "We're busy but value your call", etc and you can rack up a lot of moolah quite quickly and for very little outlay.

Bish Bosh

4
3
Stop

Re: One reason

PhonePayPlus (and Ofcom) will shut you down in very short order for pulling a stunt like that. You might be able to do call queueing on an 0871 number but 09xx numbers putting people on hold before they speak to someone is verboten.

0
0

Re: Dragons Den

Already been done, I won't advertise the device though.

0
0
Anonymous Coward

Re: Dragons Den

You may not want to advertise the device (which retails for about three times the cost of manufacture, watch the original Den extract) but others already did.

0
0
Anonymous Coward

The problem I have with truecall is that unrecognised callers have to say their name and then you get disturbed anyway so it doesn't really stop you getting disturbed.

I'd like a feature where callers can type in their phone number which means if they are calling from a number that does not display caller id they can type in the home number and get through.

0
0
Anonymous Coward

Callers code

You can give people a 4 digit code which they enter after the phone number and it will bypass all the international/CLID/night mode stuff. Alternatively there's a "breakthrough" key that can be used.

In my experience virtually no sales droids ever say anything at the whisper, they just hang up so you never even hear the call.

0
0
OFI
Thumb Down

Yup I got one of these calls around 10:30pm the other night...

0
0
Bronze badge

The reason TPS is a big fail - as I understand it - is that the business that are not allowed to call the people on the list - have to purchase the list to see who they cannot call :/

That and the fact that it only applies to UK business.

0
0
Bronze badge

As for how to get your name taken off the marketing list......

These work:

1) "You do realise you have called a charity don't you?"

....and.....

2) Play this down the phone:

http://www.youtube.com/watch?v=8-yU5Ekv14U

1
0

YES you CAN buy a phone like that!!!

a google with "phone with incoming call barring" will get some info, but my fav. is..

http://forums.moneysavingexpert.com/showthread.php?t=1833435

The Panasonic KX-TG8321 a decent DECT landline phone, for about £30, and the unit price goes down when you buy a multipack - one for the garage, use as intercom to kitchen, bedroom, etc... :)

It has a 'night mode' feature, that means it will not ring between set times (it will go to voicemail) ... you can also set phonebook numbers to 'ignore' that setting, so very important calls will get through..

you can then set certain numbers to be 'barred' (they get an 'busy' tone' ) that should stop the callers .. :)

if you are still curious about the number you can you use http://whocallsme.com/ :)

0
0

Re: YES you CAN buy a phone like that!!!

Yep - it is quite good but you have to add each number to the book in order to assign it to the category that gets dropped so you get a phonebook full of numbers you never want to call.

0
0

and yup, in uk at least it's f******..

It seems that anyone can invent their own number to be calling from.. I have had numbers like 00000000 , 123456, and other silly stuff.. any number that seems kosher, I give 3 tries to leave a message, then they get into the barred list....

I even had a few from a computer that did not know it was talking to voicemail!! the message was " press # key to accept offer" ... LOL

0
0
Bronze badge

Re: and yup, in uk at least it's f******..

The presentation numbers you list aren't valid for UK origination - so those calls either originated elsewhere or on a UK IP-PBX with a service provider who doesn't check that what's being sent is valid.

Some telcos police this stuff, some don't.

1
0
Silver badge

Re: and yup, in uk at least it's f******..

Some UK Telcos (Not BT) allow you to have "Type 5 Presentation Number" on ISDN.

This allows you to send *any* phone number out as your calling number. You usually have to sign a document saying you'll be good. But once setup, you can send anything. The Telco doesn't inspect it at all.

0
0
Bronze badge
FAIL

What kind of sense does it make to "ping" people at 3 a.m.? Are you trying to screen out those who turn their phones off or down at night, or those who sleep soundly? Seems like a pretty bizarre requirement.

No, I would attribute the whole thing to stupidity. The scumbags were probably trying to configure a system to spam people at some point in the future, and some idiot clicked the wrong button before the system was properly set up. (The time would have been mid-evening on the US west coast, or after lunch in China. Just sayin'.)

0
0
Silver badge
Pint

Maybe the worldwide telephone system has as many, if not more "switches" in it now than the human brain. Maybe it just "woke up".

(Credit to the denizens of the White Hart)

Beer. Obviously.

3
0

@Veti

1: Someone who didn't allow for the time difference

2: A thief checking to see if anyone is awake or can be disturbed by a sudden noise prior to jimmying your door to pinch your car keys.

There you go :)

0
0

TPS is useless these days

The phone preference service list was great when it first came out and reduced my calls drastically, plus callers would instantly apologise and drop the call as soon as I said I was on it.

Nowadays though, assuming it's not scammy overseas calls who just don't care or automated messages with an American drawl telling me I've won a holiday, I'm plagued by callers who claim to be exempt.

I don't get sales calls any more, I just get a constant succession of either surveys (apparently they are not covered by TPS - at least according to one stroppy woman who interrupted me saying politely that I was on the TPS list by saying it wasn't a sales call, it was a survey to see if I'd heard of their product and that I was obliged to take her call) or firms trying to get me to invite them round to quote for loft insulation by pretending to be from a government agency (I know there are grants, but I'm pretty sure the government doesn't phone me up 5 times a week to tell me about them). Did have some fun with one of those though - she asked if I could see the top of the joists under my current insulation so asked her to hold while I went and found a ladder, and she did.

Unless the caller is rude, I try to be polite when dealing with them - they're only doing a pretty stressful minimum wage job at the end of the day, but I do wonder about some of them. If I was having to do this job to make ends meet and I called someone who clearly was not interested, I would end the call and move to the next one. I certainly wouldn't spend my time arguing with them and telling them they are wrong or stupid for not rushing to take up their fantastic opportunity. Do they honestly think I'm going to see the light and change my mind?

0
0
Anonymous Coward

"...obliged to take her call"??

The examples you give, with all the ducking and diving around truth and good manners they entail, are why I am, without exception, as impolite as possible to any and every unsolicited caller whose purpose ,when all's said and done, is selling something or getting something for nothing. They are making a choice to call me, and as I am on the TPS list they know for sure I don't want the call, so one act of bloody rudeness deserves the same in return. The fewer people who find working in the industry acceptable and they less they manage to sell, the quicker the industry will become untenable.

The tactics used are invariably deceitful, manipulative, and uncaring of whether they take from the vulnerable or those who have a problem with saying no. The sooner the whole business becomes as widely unacceptable as sending 8 year olds up chimneys or indentured servitude the better.

8
0
Anonymous Coward

Re: "...obliged to take her call"??

When I'm in charge, the direct marking industry will be closed, followed by all small arms manufacturers. Both cause misery for humanity.

2
0
Anonymous Coward

Re: TPS is useless these days

"... try to be polite..." don't bother.

I asked one Indian gentleman caller asking to speak to me by name "who's calling", to which he replied "I want to speak to Mr Xxx Yyyy" after the third of these fruitless exchanges he changed his response to "F*** off you c***". I assume he'd rapidly found that phrase to be in widespread us in the course of his working day.

If I hear an Indian accent when I pick the phone up I now respond "I don't speak to Indians" and put it straight down. No point wasting my time trying to waste theirs. My time is worth a dollar a minute, they're probably earning a dollar an hour.

BTW the reason I say "I don't speak to Indians" is because unfortunately my UK Bank seems to have relocated to Mumbai I guess if they really do need to speak to me they'll take appropriate action.

1
1
Anonymous Coward

Re: TPS is useless these days

I've been dealing with 'surveys' for a while, I just tell them that yes, I'll answer their questions, if they'll answer mine.

My first question? What colour underwear do you have on?

Their answer? Usually *click* *buzzzz* as they hang up. Although I did have one 'lady' who seemed quite happy to tell me that she was wearing red lace, that her thong and bra matched, and she was shaven..

I'd rather that they removed me from their lists for being offensive, it stops them calling me again, and seems far more effective than the TPS

2
0

... Obliged to take her call ...

Well, obviously you're not obliged to take her call. You are paying for that telephone line, not her.

According to the Telecom's Code 1984 (don't think it's been revised, and I am working from memory here), it is an offense to call someone who has not invited you to call. So, telesales, marketing and all that stuff is actually illegal.

Why? Well, the telephone is there for you (the person paying for the line) to be able to contact or be contacted by people of your choice. It is there, also, to allow you to call the emergency services in the event of an accident/incident. It is certainly not there for some company to use to harass you with vexatious calls.

Unfortunately there are a lot of businesses out there that don't care about the law. They flaunt it quite happily and then deny it was them. Last example I had of this was yesterday with that great favorite: Auto-dial call with recorded message. It tied up my line for 5 minutes even though I'd hung up due to what I consider a major design flaw: There's no way for the exchange to know I've hung up so it can break the connection for me (had to call BT via another phone to get my line freed).

0
0
Vic
Silver badge

Re: ... Obliged to take her call ...

> it is an offense to call someone who has not invited you to call.

I believe you are mistaken.

The Privacy and Electronic Communications Regulations 2003[1] covers unsolicited calls in Section 21. Essentially, it gives the TPS some legal basis[2].

It's quite a useful Act in many ways - one of the few that's actually been used successfully in dealing with spammers in the UK.[3][4]

Vic.

[1] "PECR" - who thought up that acronym?

[2] If only we had some sort of regulator to make sure such legislation was actually enforced.

[3] See [2]

[4] I once used it myself - I threatened a spammer with prosecution under the Act if he didn't pay my invoice for cleanup after he spammed me. And my invoice was paid. :-)

1
0

Why can't the telcos "spam filter" these calls?

The call must enter theTelco's network with some sort of identifier - a human might call it a 'caller phone number' - presented, for telco billing purposes.

If it doesn't have a calling identifier, or has an invalid one, the telco should just drop the call, or give an 'invalid number' reponse.

Now it gets a little trickier: the telco needs to filter on the presented network ID. For a trivial example, if the call purports to come from my network, but is coming in from outside, drop it, or if the call says it's from the UK, but the call originates in India - where a lot of my junk calls come from judging by the accent - drop that one too.

Yes, you'll probably throw a few false positives, but the volume is getting to the same state as my email filters: false positives is a price I'm prepared to pay for not nearly so much junk mail

2
0
Bronze badge

Re: Why can't the telcos "spam filter" these calls?

It's a little more complicated than that. People are allowed to buy presentation numbers - this is where the number that appears is the inbound number for the caller, rather than the number they're calling from. If a UK bank has a call centre in India, there's no point showing an Indian CLI, it's more useful to everyone to show the UK number that the person receiving the call can ring back if need be.

That's well policed by the larger telcos - normally it's all part of a package - voice VPN and call centre traffic management out to India, outbound calling plan, presentation DNs. The caller might be in India, the call might not enter the PSTN until it reaches the UK.

The issue comes when calls are passed between telcos, two or three or four times - how could you police that? How could you maintain a white or black list when there are hundreds and hundreds of millions of calls a day, and numbers change on a daily basis? Telcos have to trust each other or the whole system falls apart - and that's where careless or rogue behaviour can allow things like CLI spoofing to propagate.

0
0
Anonymous Coward

Re: Why can't the telcos "spam filter" these calls?

France Telecom offers that service. Any call that doesn't have a valid number, and authorizes CLI to present it, is diverted to a machine that asks them to speak their name. If they do you are called with a message along the lines of "will you accept a call from ..". It filters out the people who want to remain anonymous, or who know that you won't take their call, or the ones from machines that can't respond to the equipment.

Unfortunately they charge for it, so I take the simpler option of letting all calls whose number I don't recognise fall to voicemail. Just occasionally, after a repeated series of multiple calls per day, I'll answer and refuse to respond until they tell me who they are. If it is a company that I do business with (supermarket was the last one) I formally complain on their website. It's worked so far. If they won't tell me who they are they get sworn at (all calls are recorded!) and then ignored.

1
0
Silver badge

Re: Why can't the telcos "spam filter" these calls?

I seem to recall, from the depths of my memory, that there was a proposal to offer a service whereby a call would be automatically rejected if the presentation number didn't match the network number.

Not sure what happened to it, but I bet the marketing industry put a stop to that. Far too useful a service....

1
0

Page:

This topic is closed for new posts.