Thousands of Brits bombarded in caller spoofing riddle

Re: Incoming CLI from abroad should be tagged as such?

CLI is a presentation service, where the final exchange can optionally present the caller's number to the person being called. It wouldn't have mattered even if there was no CLI active, anyone with a phone can still be woken up in the small hours by a malicious caller dialling at random.

The problem here seems to be that the info in the SS7 signalling packets was invalid, and that's the responsibility of the originating telco. An ordinary customer should not be able to change the values in those packets, since that would break the whole charging model. The customer may be able to add additional packets, but whoever the originating telco was here should be in deep shit for not validating the signalling info before passing it on. Since Ofcom was able to trace the calls it seems likely that the full signalling info was present, so they should be able to take action againt the perpetrator.

Then again, it's Ofcom we're talking about.

Re: Broken... ?

So how come I only get a call from some sort of 'claims company' about once a month?

The number is registered with TPS and I only get calls from abroad.

Also even more rare are the apparently random machine-generated phone calls .

TPS seems to work for me.

Re: whitelists

You can do anything you want with asterisk.

I whitelist outside "business hours" taking information from my phonebook for "allowed calls" and send calls without callerid or with 08*/09* callerid straight to voicemail 24x7.

I wrote the rulesets (and scripts to read mozilla obscene phonebook format) around the time when I still had a BT line. They got really heavy use despite me registering for TPS and going through all the motions as prescribed by "the book".

I found a new solution after that - I moved to sipgate. Ever since I did that I get a couple of hits per year (tops) which are still filtered by the old scriipts.

I can comment on the reasons for the difference, but I rather not.

Re: whitelists

it is called skype, oddly enough

Re: whitelists

There are free apps for that. Since i applied for a loan about two years ago i have been getting about 10 spam texts a day and several cold calls from scammers and marketing companies.

The TPS does not work. Thing settle down for three months and then it flares up again. You see, registering on the TPS confirms that your number is a good one that works.

Also, replying STOP to the spam sms's just confirms that your number is real and is resold again and again.

I was forced to install a spam filter and blacklist app and it's been great.

Re: Dragons Den

You may not want to advertise the device (which retails for about three times the cost of manufacture, watch the original Den extract) but others already did.

Callers code

You can give people a 4 digit code which they enter after the phone number and it will bypass all the international/CLID/night mode stuff. Alternatively there's a "breakthrough" key that can be used.

In my experience virtually no sales droids ever say anything at the whisper, they just hang up so you never even hear the call.

Re: YES you CAN buy a phone like that!!!

Yep - it is quite good but you have to add each number to the book in order to assign it to the category that gets dropped so you get a phonebook full of numbers you never want to call.

Re: and yup, in uk at least it's f******..

The presentation numbers you list aren't valid for UK origination - so those calls either originated elsewhere or on a UK IP-PBX with a service provider who doesn't check that what's being sent is valid.

Some telcos police this stuff, some don't.

@Veti

1: Someone who didn't allow for the time difference

2: A thief checking to see if anyone is awake or can be disturbed by a sudden noise prior to jimmying your door to pinch your car keys.

There you go :)

"...obliged to take her call"??

The examples you give, with all the ducking and diving around truth and good manners they entail, are why I am, without exception, as impolite as possible to any and every unsolicited caller whose purpose ,when all's said and done, is selling something or getting something for nothing. They are making a choice to call me, and as I am on the TPS list they know for sure I don't want the call, so one act of bloody rudeness deserves the same in return. The fewer people who find working in the industry acceptable and they less they manage to sell, the quicker the industry will become untenable.

The tactics used are invariably deceitful, manipulative, and uncaring of whether they take from the vulnerable or those who have a problem with saying no. The sooner the whole business becomes as widely unacceptable as sending 8 year olds up chimneys or indentured servitude the better.

Re: TPS is useless these days

"... try to be polite..." don't bother.

I asked one Indian gentleman caller asking to speak to me by name "who's calling", to which he replied "I want to speak to Mr Xxx Yyyy" after the third of these fruitless exchanges he changed his response to "F*** off you c***". I assume he'd rapidly found that phrase to be in widespread us in the course of his working day.

If I hear an Indian accent when I pick the phone up I now respond "I don't speak to Indians" and put it straight down. No point wasting my time trying to waste theirs. My time is worth a dollar a minute, they're probably earning a dollar an hour.

BTW the reason I say "I don't speak to Indians" is because unfortunately my UK Bank seems to have relocated to Mumbai I guess if they really do need to speak to me they'll take appropriate action.

Re: TPS is useless these days

I've been dealing with 'surveys' for a while, I just tell them that yes, I'll answer their questions, if they'll answer mine.

My first question? What colour underwear do you have on?

Their answer? Usually *click* *buzzzz* as they hang up. Although I did have one 'lady' who seemed quite happy to tell me that she was wearing red lace, that her thong and bra matched, and she was shaven..

I'd rather that they removed me from their lists for being offensive, it stops them calling me again, and seems far more effective than the TPS

... Obliged to take her call ...

Well, obviously you're not obliged to take her call. You are paying for that telephone line, not her.

According to the Telecom's Code 1984 (don't think it's been revised, and I am working from memory here), it is an offense to call someone who has not invited you to call. So, telesales, marketing and all that stuff is actually illegal.

Why? Well, the telephone is there for you (the person paying for the line) to be able to contact or be contacted by people of your choice. It is there, also, to allow you to call the emergency services in the event of an accident/incident. It is certainly not there for some company to use to harass you with vexatious calls.

Unfortunately there are a lot of businesses out there that don't care about the law. They flaunt it quite happily and then deny it was them. Last example I had of this was yesterday with that great favorite: Auto-dial call with recorded message. It tied up my line for 5 minutes even though I'd hung up due to what I consider a major design flaw: There's no way for the exchange to know I've hung up so it can break the connection for me (had to call BT via another phone to get my line freed).

Re: Why can't the telcos "spam filter" these calls?

It's a little more complicated than that. People are allowed to buy presentation numbers - this is where the number that appears is the inbound number for the caller, rather than the number they're calling from. If a UK bank has a call centre in India, there's no point showing an Indian CLI, it's more useful to everyone to show the UK number that the person receiving the call can ring back if need be.

That's well policed by the larger telcos - normally it's all part of a package - voice VPN and call centre traffic management out to India, outbound calling plan, presentation DNs. The caller might be in India, the call might not enter the PSTN until it reaches the UK.

The issue comes when calls are passed between telcos, two or three or four times - how could you police that? How could you maintain a white or black list when there are hundreds and hundreds of millions of calls a day, and numbers change on a daily basis? Telcos have to trust each other or the whole system falls apart - and that's where careless or rogue behaviour can allow things like CLI spoofing to propagate.

Re: Why can't the telcos "spam filter" these calls?

France Telecom offers that service. Any call that doesn't have a valid number, and authorizes CLI to present it, is diverted to a machine that asks them to speak their name. If they do you are called with a message along the lines of "will you accept a call from ..". It filters out the people who want to remain anonymous, or who know that you won't take their call, or the ones from machines that can't respond to the equipment.

Unfortunately they charge for it, so I take the simpler option of letting all calls whose number I don't recognise fall to voicemail. Just occasionally, after a repeated series of multiple calls per day, I'll answer and refuse to respond until they tell me who they are. If it is a company that I do business with (supermarket was the last one) I formally complain on their website. It's worked so far. If they won't tell me who they are they get sworn at (all calls are recorded!) and then ignored.

Re: Why can't the telcos "spam filter" these calls?

I seem to recall, from the depths of my memory, that there was a proposal to offer a service whereby a call would be automatically rejected if the presentation number didn't match the network number.

Not sure what happened to it, but I bet the marketing industry put a stop to that. Far too useful a service....

Re: easily remedied

How could BT do it? Many of these calls won't go anywhere near BT's network. If a call originates via a SIP client on the public Internet in the Bahamas, enters the UK through Arbinet's switches in London and gets handed to C&W before they pass it onto Virgin, how could BT even begin to police that?

International calls are very much no longer in the hands of the former PTTs - deregulation has worked very well and I'd be surprised if BT handles even a third of international traffic by volume into the UK. Once it's in a national PSTN, telcos trust each other (they have to or the system breaks) - and so the onus must be on all telcos with international gateways to police their own inbound traffic through them.

Even then - policing will be somewhat limited. A non-UK originated call with a UK presentation number could well be legitimate and valid. In a technical monopoly such policing might just be possible, but I'm not certain. In a deregulated world with dozens of competing parallel networks, no chance. The number of telephones in the world is 'quite large' - would you propose a whitelist? How would that be maintained, who would pay for it? Surely you wouldn't expect someone like BT or France Telecom to provide such a thing for free to other telcos who are making money from having taking that international call business away from the very same PTTs? Regardless of who did it, the cost would be enormous - there would be tens of millions of changes a day to be checked, updated, propagated - and every single switch in the UK, regardless of operator, would need to be modified to check the whitelist before handling a call. I'd go so far as to say it's impossible.

Re: easily remedied

One problem is that BT have a legal obligation to connect calls, they can't ignore them jiust because they think they might be spam. In most cases no telco can or will act until a formal police complaint has been made, and few people do that unless the calls really cross the line into harassment or obscenity.

As to money, if they are international calls then they may not make money from them. There's an old agreement that assumes international traffic balances out in terms of calls made/call received, so each telco just bills for calls made and keeps the total rather than trying to share out portions of calls according to which network handles which bit. That all changed with mobiles, and may well be different now for fixed lines. but I wouldn't assume that a receiving telco gets much money, if anything, out of receiving this junk.

Would the BT shill who downvoted Clyde

care to explain why?

Or does the downvoter perhaps benefit from a non-BT outfit providing outbound teleharassment services?

why?

Do you think it is original and witty?

Do you not think that they've heard it all before?

Do you feel much better after it - it doesn't stop the calls.

Re: Simple solution?

Because it's a valid thing to do. Indian call centre rings UK customer of UK bank, it shows the 0800 number of the bank instead of an Indian number that can't receive incoming calls. The next call is to a US customer of the same bank and the presentation number shows the local 1-800 number for the US customer to call.