FCC to crack down on robocall spammers' beloved loophole The US Federal Communications Commission (FCC) has put forward rules to close a loophole used by robocallers and text-message spammers. The proposed regulations, if approved, will ban robocallers from harassing citizens when they take over a previously used number. Even if the previous owner of the number was OK with the calls …
Like the call I got a few hours ago. It was a TERRIBLE VOIP (I assume) robo-call that was only half intelligible as it stuttered quite badly. From what I could make out they said they were the IRS and wanted me to know something. I just hung up.
When the person on the other side of the call is trying to scam you, they really don't care about the rules.
Unfortunately, our government doesn't feel this is important to go after them, but that is probably another story. It would keep agents very occupied (lots of them!).
You can get housephones now that play a call screening message so incoming caller has to prove they are human before your handset even rings. You can whitelist the numbers of your friends and family so they can skip this part. My parents got one and they love it.
How is the "push 9 to connect" thing arranged? It sounds useful.
My phone company is CallCentric who has it on their extensions option menu, but other companies are implementing similar features. If you run a PBX you should be able to do it on any line. My axe to grind is say good buy to the featureless and overpriced old companies and take control of your own phone.
I hate to say this - it is a complete waste of time when you are dealing with offshore companies.
The rules simply do not apply to them, and they know it.
Beyond summary execution of the offending scammers involved, there really is no way to stop them. And execution is not much of a deterrent, when you 'waste' one scammer, another crawls our from under its rock to take the place of the newly departed. You are just playing "whack-a-mole", and expending energy in a vain effort to eradicate them.
FTC/FCC fines are just a cost of doing business.
You are 100% correct! Current technology is leaving enforcement in the dust on this issue across the board. The ability for callers to spoof phone numbers and ID's has the FCC by the shorty shorts and they have no clue as to how such technology should be handled.
The only way the FCC would have a chance at preventing such spam is by threatening to sever entire blocks of IP addresses incoming from overseas. Personally I don't see that happening with the current administration.
The Robocallers and dial-for-dollars crowd just dont give a tinker's cuss.
The telco's couldn't care less since they are getting paid to put the calls through and no amount of bleating from the punters has made any difference whatsoever. Most of the calls to me (I get about six a day on my home phone in he US) come with spoofed caller-ids.
This would all stop pretty quick if the punters were allowed to sue the telco's for putting through junk calls, to numbers that ar on the Do Not Call lists. I do not believe for one second that the telco's don't know who these clowns are.
Hell, it would be easy enough to give the telco's my white list - if the caller is not on it, straight to voice mail - when I don't pick up they very seldom leave a message, and when they do it usually some dumb ass saying "hello? hello?" then hang-up.
It's just not that hard!!
I like the white list thought.
I'm studying IT right now and white lists have the appeal of being more efficient long term, with only a little hassle in the beginning. Black lists are massive and potentially a drag on connectivity as the database is searched before connecting. Something to ponder I'd say.
The problem with a pure white list system is that sometimes one is receiving an important call from a number not on the list such as a lost pizza delivery driver. My solution is if it is an unknown number I only pick up if there is a reasonable chance it is a legitimate call otherwise if it is not on my phone to voice mail which normally means trashed.
That's why it needs to be a scaled response:
On the Whitelist > Straight through -
not on Whitelist > Challenge of some description -
Fail challenge > No connection.
The problem will arise when bad actors get hold of voice recognition software that can beat the challenge and/or certain scams are profitable enough to justify using 3rd world call centres "Hello this is Microsoft calling we have detected a problem with your computer".
I'd lose the exceptions the FCC has graciously handed its masters in congress. Friends and family in the US go nuts during the 3.9 year election cycle since political lobbyists are allowed to harass anyone they like.
@Ole Juul - is there a clever bit of hardware that lets you do that or are you running Asterix or something similar?
Probably over the arc limit even for Strowger switchgear. I wouldn't want to damage the exchange...
Although, given all this metadata analysis which the spooks seem so fond of, you'd have thought it not beyond the wit of man for a telco to observe that a particular trunk subscriber makes a vast majority of outgoing calls, most of which last only seconds, and has very little downtime. Easy enough to legislate simply to ban onward transmission of such calls, whether they originate in the country or out of it.
Although, given all this metadata analysis which the spooks seem so fond of, you'd have thought it not beyond the wit of man for a telco to observe that a particular trunk subscriber makes a vast majority of outgoing calls, most of which last only seconds, and has very little downtime
Now there is an amendment to the Patriot Act that would get popular support, or call it the USA Freedom from Robocalls Act (UFRA). Given that its tentacles are global it would also nullify the idea of hiding across the border.
All we need is a plausible connection between robocalling and terrorism. Anyone? :)
"They only do something after some law maker's phone rings off the hook all day"
So, when I fill out forms both real and online, those random phone numbers which are not mine that I enter, really ought to be a little less random in future? It would be sad coincidence if they happened to be the phone numbers of relevant politicians or judiciary.
"The proposed rules will ... also set limits on robocalls made by political organizations"
Presumably also religious and charitable groups too. (they were all previously exempted)
Political/religious/charity robo spamming has been one of the most tenacious categories of call and I'm willing to bet it figures high on the FCC's complaint radar. Unlike the criminal stuff it's fairly easily traceable too.
Is there not some way that telcos can detect that the caller ID is spoofed? Doesn't the C7 (SS7) info path contain enough information to tell that the number displayed and the real originating number don't match?
If so, it seems easy enough to give consumers the option to completely block or route to voicemail any call with the ID blocked or spoofed. I don't know about you, but I don't recall ever receiving a call with spoofed ID that was somebody I actually wanted to talk to.
s there not some way that telcos can detect that the caller ID is spoofed? Doesn't the C7 (SS7) info path contain enough information to tell that the number displayed and the real originating number don't match?
Sometimes the reason for the mismatch is genuine - some companies give out the caller ID of the switchboard instead of the specific extension, so you'd end up having to manage some register. Having said that, the way it's going (and the profits made in the process, let's not forget this) should have created plenty of budget to do this. Call volume vs duration seems to be still the best independent metric.
So much so that I actually now have to unplug my phone. Which kind of defeats the purpose of having a phone, especially as I don't have a mobile phone and the rest of my family have no other way of contacting me.
Today was the last straw. I've been answering the phone and every time they hang up. A lot of the time it is talk talk. I've told them not to call me, but they won't listen. They phone me 3/4 times a day for a few weeks, give it a few weeks off, then start their bollocks again.
However, this morning it was actually a call from Microsoft Bombay Division - Sir Bob Showaddywaddy himself. I kept him going for a full hour, hook line and sinker, before letting it drop that I've no idea why this remote desktop stuff is not working, this is why I always use Linux - it's so much easier. I gave a brief description of how I like to compile my own graphics drivers in the kernel, but it went over his head to be honest. The phone went dead.
An hour later, the phone goes again - a very irate Indian man with a very deep voice started ranting on to me about how I had wasted his colleagues time. His voice sounded familiar, and it was quite darth vader ish and menacing, almost as if it had been put through a voice scrambler and taken down an octave or two. Turns out it was Mr. Bob Showaddywaddy himself. I asked him several times after he slipped up why his voice was a couple of registers deeper, but he just ignored me and said I was 'not a gentleman'. Quite an insult really, seeing as to what he was up to.
His tone bordered partly on menace and fury, mixed in with a bit of anguish and desperation, but I played him like a violin even further, and got him to carry on the call for another half an hour while we went through it all again. Of course I've installed enough OSs to know what windows R does and all that stuff, and it wasn't difficult at all to really lead him down the garden path. After another half an hour he hung up on me again. Maybe it was the fact that I read verbatim from the remote desktop website about scam calls from India. The penny had still not fully dropped however. They then decided another tactic.
A half an hour later, another chap calls - his supervisor! Not sure what he was rambling about but it was more of the same of 'We are Microsoft, we are doing you a favour. Your computer has been infested with malware and we have had an alert from your area that your computer is downloading some very bad things that you could get in trouble for, and you had best pay up for the time we have spent helping you or else.'
I'd had my fun by this point, but then it got personal. He knew my real name. I have a theory that it was a disgruntled person at talk talk that gave this information, as when they stopped calling, these calls started. I have no proof of that. But he got my name and tel. no. from somewhere. Game on, my good Showoddywaddy!
He put me back on to Sir Bob himself, who then proceeded to intimidate me (this time minus the Darth Vader sound device) into giving him my credit card no. - but of course, I will be only too happy to give you my credit card details and make a payment of 99.99 GBP into your account. I asked him what it was for. He said that that did not concern me, simply because I was not paying now, but paying later, so it was irrelevant. This wasted another half an hour or so and I painfully went through all my credit card details and at the end of it, he still wouldn't give up and just said, 'you are wasting my time - this is not a real card no.' - and then hung up again.
About 20 minutes later, the phone goes again. I wonder who it could be? Talk about hot to trot. Another guy comes on the phone - same tact - intimidation mixed with scare tactics, actually lying and saying this is Microsoft Certificate Renewal Centre. We had a problem with your credit card, could you please tell us when you have made this payment. WTF? I mean. So I told him that I had not yet made a payment as his good man put the phone down on me yet again. But I would be only too happy to give it another shot if they had the time. Oh they had the time alright.
I then gave it all again, but of course it didn't work. Another half an hour down the pan. I was then passed on to a woman this time who tried a bit of the old flirting. Could I please give her my card details one more time. Sure, of course I could. I went and made a cup of tea in the mean time.
So far I've spoken to about 5 people there. That call centre is deafening - there must be like a hundred people working there. I gave her another false credit card no. which she said was not working so I then gave her another one. She didn't say whether that one worked (it wouldn't) but she then proceeded to take me through the whole windows R remote desktop stuff again. She tried with teamviewer and also with AMMYY. So far I have wasted about 4 hours of their time. Bob Showoddywoddy should have cut his losses at one hour. I'm in this for the long game now.
The irony is that when that woman gave up after her feminine charms did not work the requisite magic, I was put onto another man, who this time seemed fairly reasonable. They played all the angles - intimidation and shouting, flirtation, understanding and charm, scaremongering, extortion etc.. To be fair to the woman - she was the only one that said to me: "Is that your REAL name?" after I told her that the name on my credit card was, yes, you guessed it 'BOB SHOWODDYWADDY', that's with an A at the end, not an O - a lot of people make that mistake!
We went through the whole A for Alpha, B for Bertie, thing. How long oh lord, how long?
But I'm in this for the long haul now. I even actually went through all the steps and fired up a virtual machine in Virtual box just to be more convincing. I also angled the phone so that they could hear the little 'tippy taps' on the keyboard as I repeatedly kept hitting F8 - yup, that old chesnut - safe mode. The fuckers! I mean, anything but that dirty low down trick, right?
I was almost, but not quite, running out of ideas by this point, so I told them that I had a call waiting on the other line and could they phone me back in half an hour - Mrs. Showoddywaddy does not like to kept waiting. Of course they could, of course they could. They called back about 4/5 times and I unplugged the phone. Plum tuckered out and haven't had so much fun for ages (yes I've got a day off). But they will be back tomorrow when I plug the phone back in. And this time, I shall be waiting. Oh yes I will!
:-)
What has struck me with all of this is how much of a slick and professional operation all of this is (apart from the Darth Vader voice masker - obviously works on other people - be nice, then if that doesn't work, lower the tone [literally] and give them a bit of LUKE - YOU ARE NOT A GENTLEMAN). They really have done this a lot and you can tell they aren't used to people playing them as much as I have. They really do think I am stupid.
When I told the bloke that internet explorer (which I just use for banking only) was a bit slow and I couldn't think why, but it might have something to do with the fact I have 40 tabs open, he chuckled to his mate and put his hand over the phone saying in 'Indian' to his chum "This fucking idiot has got 40 tabs open in internet explorer". What larks eh pip, what larks? Little did they know. My sides were almost splitting by this point as I heard the two of them cracking up. Obviously I had interjected a little bit of light levity into the day's fraudulent proceedings. <Indian> Vor-TEE Tabz, oh oh oh, ha ha ha, we have got a right one 'ere cor blimey </Indian> Oh yes, indeed you have, indeed you have.
The best bit though was reading from the disclaimer on the scam warning page on the legitimate website, about how this is a scam and to never give anyone your credit card details, and do you know what the brass bollocked little Ex Darth Vader Impersonator said to me? He said "that is just Google". Google is a blog. Anyone can write anything on a blog about anyone. Oh lord, I was in stitches. My only regret is not recording the whole thing and putting it on youtube, like Linux 4 U' N Me did - but to be fair, he only trolled him for half an hour. I'm up to about 4 or 5 now and it's not over yet. I can't stop laughing coz at the end of that call, the Indian bloke got very annoyed as well, and kept saying in a very very thick Indian accent 'Mr. Smarty Pants'. Fucking hilarious.
I have nothing against Indian people by the way. In fact, they have just gone up in my estimation, and I can't really put my finger on why, just at the moment. I think they are absolutely lovely people (apart from the ones that try and extort and intimidate little old grannies into setting up a remote desktop). When I asked her how the weather was in India she said to me 'Oh no sir, we are in America'. She even gave me the address of Microsoft - the actual real address.
They honestly believe they have found a mark in me and they won't stop fishing. I really wonder how long it will take for them to cotton on. Then, hopefully the bastards at least won't ever call me again, and put me onto some kind of list like 'Do not fuck with this bloke - he is an expert troll and will waste not just hours, but days of your time'.
Eh, maybe I'm sad. Some people go fishing, others go trainspotting, and good luck to them I say. Me, I've just found a new hobby - SCAM BAITING!
I'll post back here tomorrow how it all turns out. For they will call again. Oh yes. They will. They can smell the blood in the water...
Yours, Bob Showoddywaddy. Most certainly not a Gentleman, by any measure of the standard, in fact, a bit of a (adopt very thick Indian accent here) Smartypants.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
