Raiding party! UK's ICO drops in unannounced on couple of dodgy-dialling dirtbag outfits The UK's data protection watchdog today raided two businesses suspected of making millions of nuisance calls. The Information Commissioner's Office has been investigating the companies, based in Brighton and Birmingham, for a year after receiving roughly 600 complaints about them. The calls – said to involve road traffic …
Which will earn them a prima-facie charge of obstructing justice, by the simple act of a warrantable search request to said cloud providers (who are required to comply by law) asking for the details of the account that's seen loaded on all those computers.
Though I don't doubt you can evade justice a little by running everything from the cloud - that leaves an audit trail as long as your arm through Google/AWS/whoever you used detailing every action you took and is likely to be much more incriminating than anything on the machines themselves.
The bigger problem you have is that really all the ICO need are your telecoms devices/logs. Much more interesting, direct evidence of infringement, and probably what caused this to happen in the first place.
Again, though you could do everything over a pseudo-anonymous SIP trunk with multiple providers, hiding that information for a significant length of time is beyond your control and in the hands of the industry that is offering those services and which you're giving "a bad name" - the SIP trunk providers, telecommunications suppliers, people allowing you to use certain phone numbers, cell-phone equipment providers (for spam texts etc.) and so on.
More likely, they've seized a bunch of PCs with a huge spreadsheet of numbers, a few dozen cellphones or 4G dongles with a big pile of SIM cards next to them, and a bunch of email accounts talking about exactly what they've been doing.
Because to be honest most criminals, especially those in office jobs only casually infringing the law in pursuit of sales, are as dumb as rocks.
It depends on the circumstances.
With these companies, I believe SOP should be an initial salvo to sink the company before sending in teams to execute any survivors.
I know there is some debate over the policy on survivors with some favoring a slow lingering death or allowing one survivor to escape to warn others, but my opinion is that completely addressing the issue is more important than warnings or thoroughly deserved lingering, painful deaths.
They probably aren't from there at all, like most they will be spoofing their number usual using VOIP and an allocation of many geographical numbers. What once would most likely have been a legitimate call with a UK number, everyone eyes with suspicion now and that's a shit situation to be in. I let those calls go to voicemail and inevitably they're crud. Unfortunately these kinds of companies can operate outside of the UK so the ICO has no effect on them. Its nice to see the ICO being as effective as they can be though, just time for the telcos to step up.
Got two calls yesterday morning from "unallocated" geographical area codes 01265 and 01232.
Both were to my home number, which seriously narrows the range of places they could have got the number from (the obvious culprit to have leaked it is Virgin Media). Most calls are to my mobile, which is a much more widely-shared number.
"Both were to my home number, which seriously narrows the range of places they could have got the number from (the obvious culprit to have leaked it is Virgin Media)."
Unless they had other details linked to your number, then it's most likely they were just block dialling. If it rings, answered or not, the number goes in the database of live numbers, waiting to be called again or to be linked to other data if/when some turns up.
I moved house and had to get a new telephone number. the telco made an arse of it and I ended up being allocated 6 different phone numbers over 6 weeks only the last one ever worked.
Within 4 hours of the phone line being activiated sucessfully, with the last issued number, I got my first call, it was from a claims scam company.
Cooincidence or the telco selling on numbers
Coincidence. As mentioned above, these companies no longer bother buying number lists. There's no need for them to do so when they can use a robodialler to call 20 or 50 numbers in sequence and connect the first number to pick up. That's why you'll often hear the phone but it stops after one ring.
When I was a skint student I worked in a double glazing call centre (for one shift, it was a shit job), and they just had lists of consecutive numbers.
These days they probably just pick an area code, and dial every combination of numbers from 000 001 to 999 999. After all, they won't be charged for numbers that don't exist, and the dialer can probably run just fine on a second hand desktop pc.
Personally I try to keep them on the phone as long as possible, it's the only easy way to make life more difficult for them.
Nah, I didn't get anyone who was interested in anything except how I got their number ("well your number is 123, and just now I rang 122, and next I'll ring 124").
I seem to remember that we were only supposed to tick the "never call again" box if they asked in a specific, legalese, way, but I just ticked it for everyone who sounded annoyed in the slightest.
The real cheat code though was to tell them you lived in a rented property, they know that tenants are of no use to sell to, so they'd never bother ringing that number again.
Want it to stop today? 5K fine per call on the telco originating the call, not allowed to pass fines on to customers, with potential jail time for executives of the telco if they are fined too many times. The telcos know where the calls are coming from and can instantly stop them were they given the correct incentives. I work for a rather large telecom and know this for a fact, but I am a little peon whose word means nothing so I can't do it. It's just a matter of not allowing spoofing, a simple switch option, and shutting down numbers they recieve complaints about. I can see allowing a couple hundred complaints being the action threshold with 500 being the start fining threshold and 5000 being the jailtime threshold, just to give them time to ID the spammer and stop them without incurring a fine because someone decides to make a complaint about a business due to an argument or something.
Well, the problem is that these cold-callers are constantly tweaking their practices to fool both you and the ICO. First they tried to not give their number at all, but then we the public cottoned onto this and started ignoring unknown numbers.
Then they pretended to be a "real" number, usually a London one, but these could quickly be blocked, so they moved to a system where the (virtual) number they called you from would increment slightly. For a time last year, my wife and I were both plagued by London numbers that had the same first seven digits, but unfortunately phones can only block specific numbers, not a range of numbers.
However these numbers were all apparently in London (0203 usually), so if, as even my dear old Mum pointed out, you don't know anyone in London, you will end up simply ignoring anything with 020 at the beginning. So now they've moved onto pretending to be from other geographical areas. I've had cold calls supposedly from Manchester, Liverpool, Bristol, Leicester, and recently two from Leeds; they can also mimic mobile numbers too. I can't ignore any number I don't know because I'm desperately job hunting, and it might just be the break I'm needing. You're right about the ICO needing to deal with these clowns, because it's clear from their tactics that they are devious, malicious, and putting great effort into bypassing the letter and spirit of the law.
Here in the states, the phone scammers have started spoofing "local" numbers - presumably on the principle that if my number is 503 123 4567, I'll be more likely to answer a call from 503 123 4568. Yeah, that might have worked about 30 years ago when everyone had landlines and numbers were (I'm told?) allocated sequentially by neighborhood. Now, not so much.
And as for the genius last month who decided to spoof my own number when calling me... in what world did he think that was going to work? "Herpderp... I am calling myself... must answer it..."
And btw, good luck with the job hunting. You'll find something, it just takes time and perseverance. Having to deal with cold-callers is a hassle you need less than most people at this time.
The ICO was also last year granted the power to levy personal fines of up to £500,000 on the directors of dodgy-dialling companies in a bid to prevent execs from simply liquidating their companies to dodge penalties handed to them under PECR
Well.. they have some deterent, maybe 2 or 3 million might be better but if actually start enforcing and if some jail time could be added, then maybe these calls and companies will go away. Maybe.
"Well.. they have some deterent, maybe 2 or 3 million might be better but if actually start enforcing and if some jail time could be added, then maybe these calls and companies will go away. Maybe."
That is just the upper limit of the personal fines for directors. The company is fined separately. And because the ICO can now walk in unannounced, the company can't be wound up before the fines are imposed. And that's just the nuisance dialling fines. I can pretty much guarantee these jokers will also fall foul of GDPR too. And that's whole other world of hurt.
The company, of course, has no assets. None at all, as they exist only to connect the clients with the phone lines. Any income is quickly shuffled to an offshore account or company.
Fine and/or imprison the directors, by all means, and add their names to "The List". Because they'll pop up elsewhere, doing something else dodgy. (e.g.: William "Rick" Singer, of Edge College & Career Network LLC)
The penalties are not severe enough yet. I got an "about your recent accident" call from 0117 030 8248, and I tell them to report themselves to the ICO and delete me from their database. My sIster-in-law said "I hope you have an accident, and all your family has accidents".
<p>
I get about 2 calls a week pretending to be from BT* saying my PC has a virus or I have been downloading illegal stuff on my IP, and my internet will be disconnected. When asked which of my IPs do they refer to, they can't answer. <p>
*BT does indeed stand for Bloody Terrible.
>I'd imagine it is running voice recognition for any kind of positive reply to having had an accident.
You can have some fun with these...
When I first heard the radio advert for transit van leasing - that took the micky out of the voice bot telephone sales, I thought it was a joke, until I played around with one of these accident/ppi etc voice bots.
The number of calls to me have decreased. Recently it has been the recorded oven cleaning one once. The rest are several times a week the recording of "This is BT your internet connection has been compromised. Press 1 to talk to the BT engineer, or 2 for other companies". Once or twice that has been a live caller who gets very indignant when you call the scam.
The jury is still out on the call from "Halo" purporting to be on behalf of Demon/Vodafone for the potential migration. When they immediately wanted my date of birth and Direct Debit bank sort code etc details - I challenged it. They said Vodafone hadn't supplied them those details. I called it a scam.
It's good news that these B******* are getting fined etc,but what the ICO really needs to do is find out where they got their information from.
I had 6 months of these calls and eventually contacted everyone involved in the vehicle repair chain (including my insurer) to find out who'd leaked
my data. They all denied it strenuously of course, but I'm sure that a visit/chat with the ICO would be well worthwhile. I doubt the ICO have the resources though!
Why assume that any data has leaked?
I frequently get these calls asking me about the accident I was involved in; they never have any details, probably because haven't had an accident in 15 years*. I think they work on exactly the same principle as spam - if you contact enough people at random then by the law of averages some of them will have had an accident. You just need the total cost of the calls to be less than the money you recoup from the suckers you convince to let you help them.
* and if that's not tempting fate...
The serious guys, the ones working as a front for solicitors as part of the personal injury claim scam, will have every detail you gave your insurance company about an accident - witness details, the lot. They will also use a script that could almost have been designed to encourage you to believe they're acting for your insurer without actually saying so. It is only when they start talking about £3000 for "soft tissue damage" (a stiff neck) and how their online doctor will "confirm your injury by asking 2 or 3 questions to which you must agree to answer yes", that you may suspect all is not what it seems. If you go along with them for long enough you get to talk to a solicitor who knows a lot about "traffic accident claims" but is surprisingly vague on their cut of any award by the court. OTOH, if you drop them part way through then you'll get a lot of follow up calls apparently originating from every part of the UK, such that you end up adding a dozen or more numbers to your block list.
So I've heard.
"If you go along with them for long enough you get to talk to a solicitor who knows a lot about "traffic accident claims" but is surprisingly vague on their cut of any award by the court."
If by that time you've got the name of the solicitors concerned it's time to mention the words "Law Society". Or not bother mentioning them, just grass them up.
>"If you go along with them for long enough you get to talk to a solicitor who knows a lot about "traffic accident claims" but is surprisingly vague on their cut of any award by the court."
Recently had an approach from an "investment house" that seemingly knowledgeable about my shareholdings.
Managed to play them along long enough to convince them of my honest desire to make money
be exploited and on complaining about a poor phone line got the guy to call back on another number, which wasn't screened. Not heard from them since I passed the number on to the FSA/Serious Fraud Squad...
A few years ago I was in a motorbike crash - enough to snap my bike into two pieces, but I walked away with a broken shoulder. My own insurers pushed me down the path of filing personal injury claims and when I said I didn't want to play that grubby game, they threatened to sue me for costs they'd incurred while working on the claim.
I ended up following the path of least resistance and going along with it as they had chronically undervalued my bike, but there was a very sour taste in my mouth from the whole experience.
"[...] if you contact enough people at random then by the law of averages some of them will have had an accident."
I received a call this week from a call centre called "Halo" purporting to be acting on behalf of Vodafone in contacting Demon customers. Fair enough - although I wasn't expecting a call. I had received a letter about Demon's demise - and had been using online chat to Demon/Vodafone about my migration options.
The caller knew my name - but after stating their purpose immediately asked me for my Date of Birth, and my Direct Debit bank sort code etc. When I queried why they needed it - they said that Vodafone/Demon hadn't passed those details to them.
Of course I refused. There followed some pushy talk - followed by "Ok - you'll lose your internet connection".
Either Vodafone are being very insecure - or it was a scam speculative call that may or may not have known I was a Demon customer.
I tend to think the former. Makes my migration to Vodafone even more unlikely. Especially after their only option offered was to transfer all my comms including my BT phone plan. My existing ADSL2 was also not on offer - only FTTC at speed I don't need.
"I wasn't aware that Vodafone offered this. "
Have I used the wrong abbreviation? Fibre To The (street) Cabinet - then existing local loop wires to the house. Gives a potential significant improvement over existing ADSL speeds. The local loop wire from the street cabinet to the exchange is replaced by a fibre link.
Is you've got a year to fire your spam cannons and run before the ICO decides finally makes a move? Say 6 months to be on the safe side.
Then fold... Rinse, wash and repeat.
Coat icon because it needs a wash (though those ICO jackets looked kind of cool, needed aviator shades though to complete the look)
New answerphone - on my old answerphone I had recorded my own greeting. This mostly resulted in the scum leaving some sort of message.
On the new machine (can I say Panasonic) there is a pre-recorded greeting by a nice sounding and apparently very well known young lady. Most of the sh1tbags seem to know it and rarely get beyond her first few words before hanging up.
Of course, anything not recognised on the caller display is left for my electronic ladyfriend to deal with.
If you've ever tried complaining to the ICO you'll know they routinely lose important data relating to cases (they've already lost all of the pre-GDPR Data Controller Registry Database so good luck if you're pursuing a DPA1998 case where a controller has abused the purposes of their registration) and they often conduct 'compliance negotiation meetings' with offending companies in utter secrecy. They are basically an appallingly benign data protection enforcement capability, evidenced by years of registered entities persistently abusing personal data and not being held accountable for it by the ICO.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
