back to article Raiding party! UK's ICO drops in unannounced on couple of dodgy-dialling dirtbag outfits

The UK's data protection watchdog today raided two businesses suspected of making millions of nuisance calls. The Information Commissioner's Office has been investigating the companies, based in Brighton and Birmingham, for a year after receiving roughly 600 complaints about them. The calls – said to involve road traffic …

  1. Nunyabiznes
  2. disgustedoftunbridgewells Silver badge
    Pirate

    Hangin's too good for 'em.

    1. Nagy, Balázs András

      Depends...

      ...on the body part from which you dangle them. I'm sure some of the call recipients would also like to have a live stream from the affair.

  3. Anonymous Coward
    Anonymous Coward

    When those admins get home they will just change the cloud password.

    1. Lee D Silver badge

      Which will earn them a prima-facie charge of obstructing justice, by the simple act of a warrantable search request to said cloud providers (who are required to comply by law) asking for the details of the account that's seen loaded on all those computers.

      Though I don't doubt you can evade justice a little by running everything from the cloud - that leaves an audit trail as long as your arm through Google/AWS/whoever you used detailing every action you took and is likely to be much more incriminating than anything on the machines themselves.

      The bigger problem you have is that really all the ICO need are your telecoms devices/logs. Much more interesting, direct evidence of infringement, and probably what caused this to happen in the first place.

      Again, though you could do everything over a pseudo-anonymous SIP trunk with multiple providers, hiding that information for a significant length of time is beyond your control and in the hands of the industry that is offering those services and which you're giving "a bad name" - the SIP trunk providers, telecommunications suppliers, people allowing you to use certain phone numbers, cell-phone equipment providers (for spam texts etc.) and so on.

      More likely, they've seized a bunch of PCs with a huge spreadsheet of numbers, a few dozen cellphones or 4G dongles with a big pile of SIM cards next to them, and a bunch of email accounts talking about exactly what they've been doing.

      Because to be honest most criminals, especially those in office jobs only casually infringing the law in pursuit of sales, are as dumb as rocks.

  4. Blockchain commentard Silver badge

    How about phoning them up asking if they need a lawyer?

    1. Kez

      "Hello, have you been involved in an ICO raid that was very much your fault? Get fast and easy legal representation today!"

  5. macjules Silver badge
    Paris Hilton

    Nuisance Calls ...

    .. business owners who operate outside the law by making nuisance marketing calls to people who have no wish to receive them,

    That puts just about every IT recruitment agency on the wrong side of the law then.

  6. Wellyboot Silver badge
    Thumb Up

    First a warning shot

    Then fire for effect :)

    1. Anonymous Coward
      Anonymous Coward

      Re: First a warning shot

      It depends on the circumstances.

      With these companies, I believe SOP should be an initial salvo to sink the company before sending in teams to execute any survivors.

      I know there is some debate over the policy on survivors with some favoring a slow lingering death or allowing one survivor to escape to warn others, but my opinion is that completely addressing the issue is more important than warnings or thoroughly deserved lingering, painful deaths.

  7. Semtex451 Silver badge
    Pint

    OK ICO please deal with the ones I get from Manchester & Glasgow next

    1. Martin Summers Silver badge

      They probably aren't from there at all, like most they will be spoofing their number usual using VOIP and an allocation of many geographical numbers. What once would most likely have been a legitimate call with a UK number, everyone eyes with suspicion now and that's a shit situation to be in. I let those calls go to voicemail and inevitably they're crud. Unfortunately these kinds of companies can operate outside of the UK so the ICO has no effect on them. Its nice to see the ICO being as effective as they can be though, just time for the telcos to step up.

      1. Doctor Syntax Silver badge

        "Unfortunately these kinds of companies can operate outside of the UK so the ICO has no effect on them."

        Just go for their clients. Ultimately they're the ones to blame .

        1. disgustedoftunbridgewells Silver badge

          Or their VOIP carriers. I assume that it's possible to track down where the call came from.

      2. Anonymous Coward
        Anonymous Coward

        spoofed numbers

        Got two calls yesterday morning from "unallocated" geographical area codes 01265 and 01232.

        Both were to my home number, which seriously narrows the range of places they could have got the number from (the obvious culprit to have leaked it is Virgin Media). Most calls are to my mobile, which is a much more widely-shared number.

        1. John Brown (no body) Silver badge

          Re: spoofed numbers

          "Both were to my home number, which seriously narrows the range of places they could have got the number from (the obvious culprit to have leaked it is Virgin Media)."

          Unless they had other details linked to your number, then it's most likely they were just block dialling. If it rings, answered or not, the number goes in the database of live numbers, waiting to be called again or to be linked to other data if/when some turns up.

        2. 0laf Silver badge

          Re: spoofed numbers

          I moved house and had to get a new telephone number. the telco made an arse of it and I ended up being allocated 6 different phone numbers over 6 weeks only the last one ever worked.

          Within 4 hours of the phone line being activiated sucessfully, with the last issued number, I got my first call, it was from a claims scam company.

          Cooincidence or the telco selling on numbers

          1. Jedit

            "Coincidence or the telco selling on numbers"

            Coincidence. As mentioned above, these companies no longer bother buying number lists. There's no need for them to do so when they can use a robodialler to call 20 or 50 numbers in sequence and connect the first number to pick up. That's why you'll often hear the phone but it stops after one ring.

          2. WonkoTheSane
            Headmaster

            Re: spoofed numbers

            Coincidence.

            Telco was probably recycling numbers from people who'd left their tender loving care.

        3. phuzz Silver badge

          Re: spoofed numbers

          When I was a skint student I worked in a double glazing call centre (for one shift, it was a shit job), and they just had lists of consecutive numbers.

          These days they probably just pick an area code, and dial every combination of numbers from 000 001 to 999 999. After all, they won't be charged for numbers that don't exist, and the dialer can probably run just fine on a second hand desktop pc.

          Personally I try to keep them on the phone as long as possible, it's the only easy way to make life more difficult for them.

          1. S4qFBxkFFg

            Re: spoofed numbers

            There's a very slight chance you may have spoken with me - do you recall dealing with a dozy sounding man who expressed interest in getting a double-glazed conservatory, only specifying several minutes in, that it would be for a 2nd floor flat?

            1. Spacedinvader
              Thumb Up

              Re: spoofed numbers

              Had them on much longer myself. It was only when they asked for the address to come and do the survey...

              "and your address sir?"

              "2h..."

              "H?"

              "Yeah, I'm 4 up. Will that be an issue?"

            2. phuzz Silver badge

              Re: spoofed numbers

              Nah, I didn't get anyone who was interested in anything except how I got their number ("well your number is 123, and just now I rang 122, and next I'll ring 124").

              I seem to remember that we were only supposed to tick the "never call again" box if they asked in a specific, legalese, way, but I just ticked it for everyone who sounded annoyed in the slightest.

              The real cheat code though was to tell them you lived in a rented property, they know that tenants are of no use to sell to, so they'd never bother ringing that number again.

      3. M.V. Lipvig

        Want it to stop today? 5K fine per call on the telco originating the call, not allowed to pass fines on to customers, with potential jail time for executives of the telco if they are fined too many times. The telcos know where the calls are coming from and can instantly stop them were they given the correct incentives. I work for a rather large telecom and know this for a fact, but I am a little peon whose word means nothing so I can't do it. It's just a matter of not allowing spoofing, a simple switch option, and shutting down numbers they recieve complaints about. I can see allowing a couple hundred complaints being the action threshold with 500 being the start fining threshold and 5000 being the jailtime threshold, just to give them time to ID the spammer and stop them without incurring a fine because someone decides to make a complaint about a business due to an argument or something.

    2. Steevee

      Well, the problem is that these cold-callers are constantly tweaking their practices to fool both you and the ICO. First they tried to not give their number at all, but then we the public cottoned onto this and started ignoring unknown numbers.

      Then they pretended to be a "real" number, usually a London one, but these could quickly be blocked, so they moved to a system where the (virtual) number they called you from would increment slightly. For a time last year, my wife and I were both plagued by London numbers that had the same first seven digits, but unfortunately phones can only block specific numbers, not a range of numbers.

      However these numbers were all apparently in London (0203 usually), so if, as even my dear old Mum pointed out, you don't know anyone in London, you will end up simply ignoring anything with 020 at the beginning. So now they've moved onto pretending to be from other geographical areas. I've had cold calls supposedly from Manchester, Liverpool, Bristol, Leicester, and recently two from Leeds; they can also mimic mobile numbers too. I can't ignore any number I don't know because I'm desperately job hunting, and it might just be the break I'm needing. You're right about the ICO needing to deal with these clowns, because it's clear from their tactics that they are devious, malicious, and putting great effort into bypassing the letter and spirit of the law.

      1. David 132 Silver badge
        Facepalm

        Here in the states, the phone scammers have started spoofing "local" numbers - presumably on the principle that if my number is 503 123 4567, I'll be more likely to answer a call from 503 123 4568. Yeah, that might have worked about 30 years ago when everyone had landlines and numbers were (I'm told?) allocated sequentially by neighborhood. Now, not so much.

        And as for the genius last month who decided to spoof my own number when calling me... in what world did he think that was going to work? "Herpderp... I am calling myself... must answer it..."

        And btw, good luck with the job hunting. You'll find something, it just takes time and perseverance. Having to deal with cold-callers is a hassle you need less than most people at this time.

  8. Mark 85 Silver badge

    The ICO was also last year granted the power to levy personal fines of up to £500,000 on the directors of dodgy-dialling companies in a bid to prevent execs from simply liquidating their companies to dodge penalties handed to them under PECR

    Well.. they have some deterent, maybe 2 or 3 million might be better but if actually start enforcing and if some jail time could be added, then maybe these calls and companies will go away. Maybe.

    1. John Brown (no body) Silver badge

      "Well.. they have some deterent, maybe 2 or 3 million might be better but if actually start enforcing and if some jail time could be added, then maybe these calls and companies will go away. Maybe."

      That is just the upper limit of the personal fines for directors. The company is fined separately. And because the ICO can now walk in unannounced, the company can't be wound up before the fines are imposed. And that's just the nuisance dialling fines. I can pretty much guarantee these jokers will also fall foul of GDPR too. And that's whole other world of hurt.

      1. Antron Argaiv Silver badge
        Thumb Up

        The company, of course, has no assets. None at all, as they exist only to connect the clients with the phone lines. Any income is quickly shuffled to an offshore account or company.

        Fine and/or imprison the directors, by all means, and add their names to "The List". Because they'll pop up elsewhere, doing something else dodgy. (e.g.: William "Rick" Singer, of Edge College & Career Network LLC)

    2. KillStuffMount

      Maybe if the ICO was allowed to liquidate the directors themselves.

      Publicly.

      On free to air telly.

  9. Anonymous Coward Silver badge
    Terminator

    Timing

    Is it just me, or have those calls become far less frequent recently anyway?

    Seems about par for the ICO to swoop after a problem has gone away.

    (but I would definitely believe that it's just my number that they're not dialling)

    1. Anonymous Coward
      Anonymous Coward

      Re: Timing

      Not just you - My truecall logs show only one unrecognised call in the past 3 months, the past 6 months show 21 unrecognised calls. So they're either tailing off, or the culprits have realised I'm using a call blocker and are pestering someone else.

    2. Doctor Syntax Silver badge

      Re: Timing

      "Seems about par for the ICO to swoop after a problem has gone away."

      Alternatively the increased penalties may be having an effect and deterring them. Isn't that what you want?

      1. Loud Speaker

        Re: Timing

        The penalties are not severe enough yet. I got an "about your recent accident" call from 0117 030 8248, and I tell them to report themselves to the ICO and delete me from their database. My sIster-in-law said "I hope you have an accident, and all your family has accidents".

        <p>

        I get about 2 calls a week pretending to be from BT* saying my PC has a virus or I have been downloading illegal stuff on my IP, and my internet will be disconnected. When asked which of my IPs do they refer to, they can't answer. <p>

        *BT does indeed stand for Bloody Terrible.

        1. Toltec

          Re: Timing

          The initial contact, if any, on most of the recent ones I get appears to be voice bot, I'd imagine it is running voice recognition for any kind of positive reply to having had an accident.

          1. Roland6 Silver badge

            Re: Timing

            >I'd imagine it is running voice recognition for any kind of positive reply to having had an accident.

            You can have some fun with these...

            When I first heard the radio advert for transit van leasing - that took the micky out of the voice bot telephone sales, I thought it was a joke, until I played around with one of these accident/ppi etc voice bots.

        2. PeterM42
          Trollface

          Re: Timing

          "*BT does indeed stand for Bloody Terrible."

          I disagree. BT stands for Bunch of Tossers.

    3. Anonymous Coward
      Anonymous Coward

      Re: Timing

      The number of calls to me have decreased. Recently it has been the recorded oven cleaning one once. The rest are several times a week the recording of "This is BT your internet connection has been compromised. Press 1 to talk to the BT engineer, or 2 for other companies". Once or twice that has been a live caller who gets very indignant when you call the scam.

      The jury is still out on the call from "Halo" purporting to be on behalf of Demon/Vodafone for the potential migration. When they immediately wanted my date of birth and Direct Debit bank sort code etc details - I challenged it. They said Vodafone hadn't supplied them those details. I called it a scam.

      1. Anonymous Coward
        Anonymous Coward

        Re: Timing

        Had someone recently claiming to be working for O2 - who are indeed my 'phone provider. Then they started asking for details that O2 and I both know, but that I declined to share.

  10. Flywheel Silver badge

    Why stop there

    It's good news that these B******* are getting fined etc,but what the ICO really needs to do is find out where they got their information from.

    I had 6 months of these calls and eventually contacted everyone involved in the vehicle repair chain (including my insurer) to find out who'd leaked

    my data. They all denied it strenuously of course, but I'm sure that a visit/chat with the ICO would be well worthwhile. I doubt the ICO have the resources though!

    1. qwertyuiop

      Re: Why stop there

      Why assume that any data has leaked?

      I frequently get these calls asking me about the accident I was involved in; they never have any details, probably because haven't had an accident in 15 years*. I think they work on exactly the same principle as spam - if you contact enough people at random then by the law of averages some of them will have had an accident. You just need the total cost of the calls to be less than the money you recoup from the suckers you convince to let you help them.

      * and if that's not tempting fate...

      1. Anonymous Coward
        Anonymous Coward

        Re: Why stop there

        The serious guys, the ones working as a front for solicitors as part of the personal injury claim scam, will have every detail you gave your insurance company about an accident - witness details, the lot. They will also use a script that could almost have been designed to encourage you to believe they're acting for your insurer without actually saying so. It is only when they start talking about £3000 for "soft tissue damage" (a stiff neck) and how their online doctor will "confirm your injury by asking 2 or 3 questions to which you must agree to answer yes", that you may suspect all is not what it seems. If you go along with them for long enough you get to talk to a solicitor who knows a lot about "traffic accident claims" but is surprisingly vague on their cut of any award by the court. OTOH, if you drop them part way through then you'll get a lot of follow up calls apparently originating from every part of the UK, such that you end up adding a dozen or more numbers to your block list.

        So I've heard.

        1. Doctor Syntax Silver badge

          Re: Why stop there

          "If you go along with them for long enough you get to talk to a solicitor who knows a lot about "traffic accident claims" but is surprisingly vague on their cut of any award by the court."

          If by that time you've got the name of the solicitors concerned it's time to mention the words "Law Society". Or not bother mentioning them, just grass them up.

          1. Anonymous Coward
            Anonymous Coward

            Re: Why stop there

            >"If you go along with them for long enough you get to talk to a solicitor who knows a lot about "traffic accident claims" but is surprisingly vague on their cut of any award by the court."

            Recently had an approach from an "investment house" that seemingly knowledgeable about my shareholdings.

            Managed to play them along long enough to convince them of my honest desire to make money

            be exploited and on complaining about a poor phone line got the guy to call back on another number, which wasn't screened. Not heard from them since I passed the number on to the FSA/Serious Fraud Squad...

        2. Androgynous Cupboard Silver badge

          Re: Why stop there

          A few years ago I was in a motorbike crash - enough to snap my bike into two pieces, but I walked away with a broken shoulder. My own insurers pushed me down the path of filing personal injury claims and when I said I didn't want to play that grubby game, they threatened to sue me for costs they'd incurred while working on the claim.

          I ended up following the path of least resistance and going along with it as they had chronically undervalued my bike, but there was a very sour taste in my mouth from the whole experience.

      2. Anonymous Coward
        Anonymous Coward

        Re: Why stop there

        "[...] if you contact enough people at random then by the law of averages some of them will have had an accident."

        I received a call this week from a call centre called "Halo" purporting to be acting on behalf of Vodafone in contacting Demon customers. Fair enough - although I wasn't expecting a call. I had received a letter about Demon's demise - and had been using online chat to Demon/Vodafone about my migration options.

        The caller knew my name - but after stating their purpose immediately asked me for my Date of Birth, and my Direct Debit bank sort code etc. When I queried why they needed it - they said that Vodafone/Demon hadn't passed those details to them.

        Of course I refused. There followed some pushy talk - followed by "Ok - you'll lose your internet connection".

        Either Vodafone are being very insecure - or it was a scam speculative call that may or may not have known I was a Demon customer.

        I tend to think the former. Makes my migration to Vodafone even more unlikely. Especially after their only option offered was to transfer all my comms including my BT phone plan. My existing ADSL2 was also not on offer - only FTTC at speed I don't need.

        1. Jedit
          Boffin

          "FTTC at speed I don't need"

          I wasn't aware that Vodafone offered this. For that matter, I wasn't aware that anyone offered it.

          (Speed I can't afford, now, that's different.)

          1. Anonymous Coward
            Anonymous Coward

            Re: "FTTC at speed I don't need"

            "I wasn't aware that Vodafone offered this. "

            Have I used the wrong abbreviation? Fibre To The (street) Cabinet - then existing local loop wires to the house. Gives a potential significant improvement over existing ADSL speeds. The local loop wire from the street cabinet to the exchange is replaced by a fibre link.

      3. Flywheel Silver badge

        Re: Why stop there

        It must have been leaked, because the callers knew the make, model, colour and registration number of my car. Most of them didn't know the accident details, but some did, leading me to surmise that it was either my insurer or the repair company.

  11. m0rt Silver badge

    Soooooo....

    ....just wondering why the two companies in question were not named in the article? Do we not know? Is there a legal reason for not naming them?

    1. Andy Non

      It's so they aren't pestered with nuisance calls: "Have you been raided by ICO in the last six months? Do you need a lawyer? ..."

    2. Doctor Syntax Silver badge

      "just wondering why the two companies in question were not named in the article?"

      I'd guess the ICO didn't include that in their PR. After all we don't want to give them a chance to wriggle out under sub judice rules.

  12. swm Bronze badge

    Can't we just have a mechanism for forwarding these calls to your local politician?

  13. Sgt_Oddball Silver badge
    Coat

    So the lesson to learn from this..

    Is you've got a year to fire your spam cannons and run before the ICO decides finally makes a move? Say 6 months to be on the safe side.

    Then fold... Rinse, wash and repeat.

    Coat icon because it needs a wash (though those ICO jackets looked kind of cool, needed aviator shades though to complete the look)

  14. Mystic Megabyte Silver badge
    Coat

    A secondary effect of the late-night raid on the Cambridge Analytica offices was that it made the enforcement officers' kit the envy of the data protection Twitterati.

    I'm envious of their transparent heads, is it an all over effect?

    Coat please, the one with the bandages in the pocket.

  15. wiltshirejohn

    Partial solution

    New answerphone - on my old answerphone I had recorded my own greeting. This mostly resulted in the scum leaving some sort of message.

    On the new machine (can I say Panasonic) there is a pre-recorded greeting by a nice sounding and apparently very well known young lady. Most of the sh1tbags seem to know it and rarely get beyond her first few words before hanging up.

    Of course, anything not recognised on the caller display is left for my electronic ladyfriend to deal with.

    1. WonkoTheSane
      Headmaster

      Re: Partial solution

      If you really want to screw them over and be deleted from the dialling lists, use a recording of a fax machine bleeping "Hello, I'm out of paper".

      Apparently the fines for fax spam are far higher than the usual robocalls.

    2. Antron Argaiv Silver badge
      Happy

      Re: Partial solution

      In the USA, you can record the annoying 3-tone "Nonexistent Number" SIT and cause their autodialler to remove you from its sequence (or so I've heard):

      http://yourhomenow.com/sit.html

  16. Ponta
    FAIL

    The ICO however remains woefully incompetent, and alarmingly benign for data abusers

    If you've ever tried complaining to the ICO you'll know they routinely lose important data relating to cases (they've already lost all of the pre-GDPR Data Controller Registry Database so good luck if you're pursuing a DPA1998 case where a controller has abused the purposes of their registration) and they often conduct 'compliance negotiation meetings' with offending companies in utter secrecy. They are basically an appallingly benign data protection enforcement capability, evidenced by years of registered entities persistently abusing personal data and not being held accountable for it by the ICO.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019