MPs urge action as spooky caller ID-faking services hit UK

No discussion, just ban it!

I can't see any legit reason to use this CID-faking "service", and having already received a couple of international calls using it (number 0000-0000 was a dead giveaway) I would refuse point blank to even talk to any a**hole using this piece of crap, other than to deliver a nice slice of invective.

Surely it's a pretty clear case of misrepresentation, and since we're talking about commercial companies (for the most case) then I would have thought that even using it would be some way to "attempting to obtain monies by deception".

As an aside, if the CID system *is* that broken then why hasn't some expert sued the pants off of BT for providing a "service" that doesn't do what it claims? This'd be my best hope for a solution, seeing as our current crop of politco's have proven pretty useless! >-(

I figure what I need now is an answer phone that's smart enough to be programmable with a "white list" of known good numbers, (that get put through if I'm in), and all others get automatically sent straight to the answer service. Okay I realise that this won't protect against a determined a-hole, but it'll certainly reduce it to manageable proportions, no?

Is it just me, or is comms in the UK looking more and more busted by the day? Capped broadband, traffic shaping, Phorm, and now this... :(

skype anyone?

If you buy a number from Skype can't you get London 0207 or 0208 area codes?

Isn't this a form of spoofing?

Also re: Sean. Absolutely, anyone who RELIES on caller ID should really be more versatile.... i often answer the phone to some poor sales person from the far east who only wants to sell me something, its great fun to see how much you can wind them up and mis hear or pass the phone to your mates, then hang up, long before any personal or payment info.

Old Tricks, New Implementation, That's All

Hey, personally I am not too worried about this. You can do everything this service offers with the right voip account (cheaper too) and some inexpensive or even free (Asterisk PBX) software. Any criminal intent on this kind of deception is already doing it and has probably been doing it for at least 4 years.

The service is too expensive for any tom, dick or harry using it as a serious money making tool. As stated, you can do this much cheaper with a wee bit of googling and a couple of hours on your hands.

All I see this service being used for is the "Hey, i've just murdered your family and stolen their house! Only Joking!!!" kind of gag!

Don't worry people. Anybody who reads Reg has at least enough common sense to know when they are probably being duped. If anyone rings asking for your credit card details, regardless of what number it comes from tell them to bog off! Caller ID is no proof that the call is genuine and never should be used that way!

One thing I will warn though is: PINS on your mobile phone voicemail systems as some do use caller ID to verify the subscriber, but we all have PINS set already! Right??

Dz

"It's no spoof ......

..... Honest Mario, 50 Pizza's to the usual address. You have my caller ID, who else could it be"

Credit Card at the ready, Dialing finger at the ready, Camera pointing at the neighbours very shocked face as he receives his fifty meatfeasts!

@MPs beware - Spinners spun out

"From what I understand in the article it should be possible to send a fax to an MP's Westminster office, with the fax appearing to come from that same MP's consituency office.

Something along the lines of "A package of £20 pound notes has arrived from your friend the property developer. Shall I do the usual?".

Then have a similar thank you fax to a real developer known to the MP, sent from the Westminster office number & Sun headlines here we come."

Whilst I agree with the comments re fraud etc, your perspective sounds like a rather useful way of subverting the system. Posted AC for obvious reasons...

Skype

@jeremy

"If you buy a number from Skype can't you get London 0207 or 0208 area codes?"

No because London has only one area code, which is 020.

</pedant>

Don't worry! Be happy!

These things will all be sorted out when the UK introduces, by stealth, the Biometric ID Cards which will:

Stop all terrorism*

End illegal immigration*

Make all telephone calls transparent*

Make the sun shine whenever you want*

Reduce petrol prices to 10p per litre*

Make all politicians tell the truth*

(* subject to New Labour being re-elected and Treasury approval)

Mine's the one with the target on the back

About CLI for companies with PBXs

Most CLIs for PBXs are set by BT at the local exchange and in ISDN in the information that goes along with CLI is the reliability of the CLI some of the options are "User, Verified and Passed" or "User, Verified and Fail" "Network provided" the upshot of this is the Telco has control over the CLI.

However the inter-exchange protocol called SS7 (BT use a variant called IUP and upgrading to UKISUP as well as 21CN) companies running this equipment are able to spoof any CLI. But for a company to be able to operate equipment they have to pass tests, which has a part dedicated to CLI and IIRC spoofing CLIs would fail the tests, so unless its changed recently I don't know how they've managed to be allowed to interconnect to the BT network.

<Disengage geek mode>

I can spoof caller-ID ...

... but I'm not supposed to...

As a reseller of a wholesale VoIP/PSTN interconnect service, I have the ability to present any number I choose over the network, but I've signed a paper, part of the T&Cs, that says I won't present numbers that don't belong to me (or my customers)

I don't think there's any law involved here, just agreements between telcos.

But this is just extracting the urine. I'm convinced their upstream will pull the plug on them PDQ, especially if they've got the same sort of T&Cs I signed up to.

Reg Lexicon

I'd like to request a preemptive ban on "vishing" because it's such a toss, contrived word and nominate "Phuckers" for inclusion in the Reg Lexicon next to mobe and lappy.

Phucker - abj. a company, person or (more likely) government agency who allows possible revenue to overrule common sense decency.

Awful, but there should be a simple solution

I'm not sure what exactly the law says, but spoofing should be illegal unless the spoofer owns the number it pretends to be calling from.

In other words, a company that owns a certain number may pretend that it calls are coming from it (which covers the desire of a company to have calls from a range of their phones appear to be coming from the same number or call center workers working from home), but some abusive type would not be allowed to call someone else pretending that he's calling from my number.

PukeCall: Identity Theft

From PukeCall's FAQs:

"What number will show up on the phone bill of the person whom I call?

"Whatever number you enter as the Spook number will show up on the bill of the person you called. They won't ever see your actual phone number!

"Can any number be used to show up on the Caller ID?

"Any 11 digit number can be used. Not only will the number show up but also the Name registered for that number would automatically appear."

Well, PukeCall couldn't make it any clearer: the "service" exists as a facility to perpetuate a fraud by dint of ID theft, because the PukeCall subscriber is stealing the identity of the person registered to that number.

PukeCall isn't stupid. It knows it has a stricty time-limited life-span in the UK. It's invested nowt in its website (well, allright, maybe 50p then) and is taking a punt on how much money it can rake in before it's closed down.

By comparison, UK legislators / UK Parliament are stupid.

By the time anyone / any agency actually gets around to doing anything at all, PukeCall will have made its fast buck.

In the UK nowadays, it isn't a case of knowing right from wrong.

It's a case of figuring out how long you can stay in the wrong until something's done about it.

So I can call....

So I can call my wife on her mobile whilst she is at her work from anywhere, but spoof my number so she thinks I am at work or home?

Or phone into work sick from my mobile on a beach in the South of France and they will think it is from my home line!

Marvelous!

SpookCall trading details

SpookCall address:

22, Harlesden Walk, Harold Hill, Romford, Essex RM3 9HS:

http://www.spookcall.com/distribute

Romford area trading standards department link:

http://www.havering.gov.uk/index.aspx?articleid=304&contactid=2394

Trading Standards works with law enforcement agencies to ensure that trading activity in the UK is lawful. Identity theft in the UK is unlawful.

As SpookCall's "business model" centres upon the commission of an illegal act (by conspiring with others in the passing-off of identities for the purpose of deliberate deception) the Romford trading activity would appear to be unlawful.

Reg readers can email the London Borough of Havering Trading Standards department via the above link.

Caller ID not working

I think this is absolutely terrible. Phone providers have a caller ID system which no longer works.

And probably nothing will happen, till someone big gets put out by it.

Who has the number for 10 Downing Street?

And I don't mean the one everyone knows.

1471 RIP?

Presumably all UK telcos will now be informing all their customers that their 1471 service is now useless, and hence will be withdrawn forthwith?

Bank Phishing

I've had two calls in the last two days, claiming to be from my bank.

The call appears to originate from a number which is *almost* the same as one of the banks actual numbers, and the caller claims to have an enquiry 'on my account'.

Fortunately I have refused to answer the security questions the say to have to ask before telling me anything about the enquiry - I have since verified through two separate departments of the bank that there are no notes on my account and the enquiry must be bogus.

The caller offers an alternative 0870 number I can call back on. I have had the bank call it and test them with internal security questions - no suprise they were not able to answer the questions.

<OUT OF AREA>

The indians already mastered this one, hello hello answer the telephone.......

Nope as its <OUT OF AREA> another marketing call by someone over there selling someone over here something they know nothing about.

RE: Actually...

"I had exactly the same thing a few months ago, and told the guy I wouldn't answer questions on an incoming call. The bloke offered me what he said was his DDI to call. How helpful. I declined and looked the number up on their website instead.

You do know that web sites can be spoofed as well? I would look it up on a paper statement. Or don't banks in the UK mail out statements?

I kept getting calls about a new credit card account. I kept ignoring them because the calling company was not the one I opened the account with (they contract with the other company), and I had no reason to believe I owed them (it was supposed to be 0% for a year). As it turned out, it was 0%, but they still wanted a payment every month (not the usual practice over here), and I hadn't sent them the first one.

Finally they sent me a letter. I called the number they left, but didn't give them any financial details. I told them I'd call back to the customer service number on my statement. He didn't understand my concern. "But you'll just get forwarded to us at collections again, until you pay the arrears."

-Chris

Verifying incoming calls

There's actually a simple way of verifying if an incoming call is from your bank's call centre, or indeed any company's call centre. Sadly, I don't know if I'd be able to get it patented.

@Information Commissioner informed and very interested !!!

The ICO!!! interested?

That would make a change.

Why would they be interested in this but totally ignore the greater issue of Phorm/Webwise doing deep packet analysis on all our personal data while web browsing and illegally profiling copyrighted website data.

What about the illegal BT trials which injected javascript into our http data?

The ICO is a joke in my opinion.

Paris, because she loves a deep packet inspection.