I worked on countering phone scams and robocalls at the Federal Communications Commission for over a year. This operation was a big win and an impressive international collaboration.
That said, the robocall problem is getting worse, not better. Robocall volume is at an all-time high: https://robocallindex.com/
In many respects, the problem of telephone spam today is similar to the problem of email spam in the early 2000s. Litigating against spammers had limited efficacy, so the community developed blacklists, better filtering, and stronger authentication (SPF, DKIM, and DMARC).
Until the major carriers get serious about similar steps, especially filtering and authentication (i.e. SHAKEN and STIR), these fraudulent calls won't stop. And, in the interim, vulnerable populations will continue to be disproportionately victimized.
I think the problem has gotten so serious that the traditional voice-based phone system is pretty much unusable. I don't even bother to answer the phone. Instead I have a voice mail message that tells people to send a text message instead. I can't be the only one who does something like this or has some other system in place to not have to deal with robocalls/scam callers.
My wife gets a call every day about how she is being sued..... every day a new nasty VM.
I'm talking to random scammers more now because I'm looking for a job and I feel like I have to answer the phone even if I don't recognize the number. Man it is annoying.
Since you have expertise, maybe you can explain why this seems to happen in the US only, while SS7 (which many commenters mention as the culprit) is used all over the world.
I live in Europe, but do not receive robocalls at all (zero), while when I enter the US, and put in my US SIM, I immediately start getting multiple per day.
@jonathanmayer
Any idea why the landline companies don't address this issue? Do they make money from spam calls? I signed up for the Nomo Robo service, that I believe won an FCC sponsored contest to provide a partial solution. And I think the landline providers actively faught against its use.
The problem with fixing this is that, to extend your analogy, SS7 is like how SMTP worked in 1992 before anything like spf, dkim, dmarc, SSL/TLS. Adding extensions to it will break interoperability with the truly gargantuan installed base of old ss7 equipment around the world that nobody wants to pay to replace. It needs to be burnt to the ground and started over from first principles. But really, everything that we need can be implemented with pure VoIP.
I just don't answer my phone anymore unless I recognize the incoming number. And caller ID is trivially easy to spoof. Thankfully nobody spoofs any of the numbers of my top 50 contacts.
This is getting way out of hand, and I don’t know anybody who hasn’t the same observation, and has already changed their behaviour to NOT answer the phone by default.
If the major carriers don't soon understand the magnitude of the telephone spam/scam problem and treat it seriously, They will soon be crippling their business. While this is been likened here to the email spam problem in 2000, back then, everyone in the computer industry took the spam problem much more seriously telephone industry does now. E.,g., Verizon gleefully offers a blacklist where you can block 20 numbers (nevermind that the spam calls typically have spoofed caller IDs) -- they think they’re good, and it’s utterly useless.
They really need to implement a true Source ID (regardless of the presented caller ID), and a way to instantly flag calls as spam then do targeted tracking and prosecution. If they fail to do this or implement another effective solution, I expect they will lose a century-old line of business to new habits that work around the established habits.
Did you all have a sense for the scope of the problem in terms of number participants and market share? Is the bulk of the calls from a few larger networks, or is the bulk of the market one man shows?
So what am I doing that I've never once had a telemarketer call me, other than my car dealership or phone company. Canada can't be special. Is it because I use a cell phone for everything?
Two other conspirators in Illinois were sentenced in February to between two years to just over four years for conspiracy, and a third person in Arizona was given probation in a plea agreement, it said.
Sounds like the Prisoner’s Dilemma paid off for that third person.
Kitboga, over on Twitch[1], frequently livestreams the experience of talking to people executing IRS scams. Among other types of computer scams like "unlock your computer for X dollars," it's fascinating to listen in on the tactics used to prey on unassuming victims.
I am so happy to see some of these predators get caught. A former coworker, a very smart but also very naive network engineer from the middle east, was hooked by these people shortly after immigrating. They said they were the US government and that he would be immediately deported if he didn't cooperate. He ending up sending them $30,000 if I recall correctly. :(
The reality is that the world is complicated. Some calls asking for money are completely legitimate, and if you don't act, bad things will happen. Others are total scams.
If you're new here, they both sound the same because they are: People asking money for stupid reasons. E.g. mis-applied payments, a "1st-world" banking system where payments take several days, lack of chip-and-PIN resulting in overdrafts and failed bill payments.
In some places, if a reporter stops by your work to ask you questions, you'll lose your job if you don't answer them, because the newspaper is the government. In the USA, it's usually the opposite.
> 2 contractors in India involving five call centers in Ahmedabad, a city in western India, have been indicted on wire fraud, money laundering and other conspiracy charges as part of the operation, the department said. They have yet to be arraigned, it said.
Is there any realistic chance of Indian law enforcement catching up with these guys?
None. Especially from that state, Gujarat. Home of corporate and financial crime. Sagar Thakkar fled to East Europe last year after netting $300 MM. It is upto FBI too pull its weight.
I wonder why this isn't a problem in Europe, at least I haven't heard of anything like it. Is it because Indians don't speak German/French/Spanish/etc.? Or is the American phone system somehow worse than the European?
Probably because it’s easier to find Indian/Filipino call center operators who speak English and the US is such a large market that there’s no need to expand into smaller European markets.
I have the same question, the situation seems pretty dire in the USA but as far as I'm aware we don't have nearly the same problem over here. And while most Indians probably don't speak French many African countries do (after all, that's where we put our call centers) and I'm sure if it was possible to make millions that way somebody would've tried.
I've been pestered several times a day with the "last chance to lower your credit card rates" phone scam. I finally hit on a solution. I press 1 to speak to a representative, I get a human, then I follow their script until it gets to the "what's your credit card number" question.
I say I have to go look for it. So I randomly make noises like opening doors, closing drawers, shuffling papers. I had one on the line for 10 minutes before he gave up.
After a couple doses of "the treatment", they stop calling. Blessed relief!
This method works because it costs them human time. Just hanging up on their robot, or their human, doesn't work. They just call again.
I had an old landline number ported to Google Voice about 10 years ago. Now, 90% of the calls on that number are spam. Anything marked as spam in Google Voice still passes through to the Hangouts app. Google has done the most supremely crap job with Hangouts and Google Voice integration. Hey let's passthrough spam to the app and have no search function!
Hilariously quite a lot of calls are "Google SEO" related, scammy sounding credit offers, and political donation solicitations.
A lot of the Indian scammers have moved on to pretending to be the CRA (Canada revenue agency), the Canuck version of the IRS. Toronto and Vancouver area codes are plagued by robodialers connecting to fake cra scam call centers. Canada has a lot less resources than the US to spend manpower investigating and building cases with the Indian law enforcement agencies.
A friend lost a significant amount of money to what could have been this scam. The MO fits (posing as the IRS, threatening with arrest/deportation, collecting payments via gift cards).
The article mentions restitution. Does anyone know how he could find out if he's eligible?
This response is going to sound like a joke but it isn't: be sure to tell him that they won't call him to discuss restitution. It's extremely common for scammers to sell the list of their successful "buyers". Marks on the IRS scam lists will now be called by people saying "we are from the IRS scam restitution department, just need your bank details so we can return your money..."
Business idea: shared phone assistants. Whenever someone calls your number, the assistant answers only "hello?", they have to speak to your assistant and ask for you by name and/or passphrase to be connected to you.
You can add some prestige to calling someone (having a human answering and screening your calls for you) at a pretty low cost (1 minute per call? 2-3 cheap workers could cover the whole biz, could share lines between ~ 50-100 people with distinct sounding names). eliminate all unsolicited calls for the customer.
I have just read some recent reports and complaints filed by people at http://www.whycall.me/631-318-6350.html about these IRS scams. I think people should have been really aware of such scams, because they have been around harassing us for years. We also need to keep spreading the words to everyone about this.
Dang, I liked wasting these guys time. My technique was to pause as long as possible while obviously stuffing my face with Cheetos and telling them hang on
> They chose their victims through information obtained from “data brokers” or from other sources, the department said.
Would be interesting to know more about this. In the legit call center business the phone numbers of people who have previously bought something are more valuable. The ability to target specific demographics is probably a prerequisite for a scam like this, calling randomly would be really expensive.
It could be either way. Obviously targeted to specific demographics is the most effective, but phone calls especially robocalls are very cheap. Even ratios as low as 10^-6 are profitable when you make millions of robocalls. The USA Do Not Call list is a de facto live number list. Illegal telemarketers (redundant?) can directly use it as their target list. Another method is to randomly call numbers and mark "Hello?" responses as live.
I rarely receive calls these days and when I receive, they are mostly scams or telemarketers, so I basically accept call from a small set of whitelist and drop the rest.
Most people who need to speak to me attempt to contact me via different means anyways. I don't have much faith they will ever fix PSTN that I'm dreaming for the day I can start ignoring all calls.
You know, this scam probably wouldn't have been as successful if the real IRS didn't behave like a bunch of shady scam artists themselves. Twice over the years, I've been sent very intimidating letters by the IRS claiming I owe back taxes on clearly erronous assumptions by them. These have both been cleared up by submitting documentation but I've had to spend a good chunk of time in doing so. I also cannot phone them directly, I must fax reams of personal info to some random fax number with no confirmation they even received it.
By the time I received the IRS letters, I typically had to respond within a matter of days or face additional penalties (what if I was on vacation). Even the most basic of cross checking my tax forms would have clearly shown everything was legit. And these were by no means unusual or complex tax situations, just very basic things that millions of Americans report on their taxes every year. But even though I knew everything was above board, the tax laws are so convoluted that I was in constant fear the IRS would still find some BS reason I owed them more money.
[+] [-] jonathanmayer|7 years ago|reply
That said, the robocall problem is getting worse, not better. Robocall volume is at an all-time high: https://robocallindex.com/
In many respects, the problem of telephone spam today is similar to the problem of email spam in the early 2000s. Litigating against spammers had limited efficacy, so the community developed blacklists, better filtering, and stronger authentication (SPF, DKIM, and DMARC).
Until the major carriers get serious about similar steps, especially filtering and authentication (i.e. SHAKEN and STIR), these fraudulent calls won't stop. And, in the interim, vulnerable populations will continue to be disproportionately victimized.
[+] [-] anonymous5133|7 years ago|reply
[+] [-] duxup|7 years ago|reply
I'm talking to random scammers more now because I'm looking for a job and I feel like I have to answer the phone even if I don't recognize the number. Man it is annoying.
[+] [-] sureaboutthis|7 years ago|reply
[+] [-] raarts|7 years ago|reply
I live in Europe, but do not receive robocalls at all (zero), while when I enter the US, and put in my US SIM, I immediately start getting multiple per day.
[+] [-] majos|7 years ago|reply
[+] [-] jimmydddd|7 years ago|reply
[+] [-] walrus01|7 years ago|reply
I just don't answer my phone anymore unless I recognize the incoming number. And caller ID is trivially easy to spoof. Thankfully nobody spoofs any of the numbers of my top 50 contacts.
[+] [-] toss1|7 years ago|reply
If the major carriers don't soon understand the magnitude of the telephone spam/scam problem and treat it seriously, They will soon be crippling their business. While this is been likened here to the email spam problem in 2000, back then, everyone in the computer industry took the spam problem much more seriously telephone industry does now. E.,g., Verizon gleefully offers a blacklist where you can block 20 numbers (nevermind that the spam calls typically have spoofed caller IDs) -- they think they’re good, and it’s utterly useless.
They really need to implement a true Source ID (regardless of the presented caller ID), and a way to instantly flag calls as spam then do targeted tracking and prosecution. If they fail to do this or implement another effective solution, I expect they will lose a century-old line of business to new habits that work around the established habits.
[+] [-] cascom|7 years ago|reply
[+] [-] Waterluvian|7 years ago|reply
[+] [-] shawn|7 years ago|reply
Sounds like the Prisoner’s Dilemma paid off for that third person.
[+] [-] randomdrake|7 years ago|reply
[1] - https://www.twitch.tv/kitboga
[+] [-] fallat|7 years ago|reply
[+] [-] MatthiasP|7 years ago|reply
[+] [-] nerflad|7 years ago|reply
[+] [-] Scoundreller|7 years ago|reply
If you're new here, they both sound the same because they are: People asking money for stupid reasons. E.g. mis-applied payments, a "1st-world" banking system where payments take several days, lack of chip-and-PIN resulting in overdrafts and failed bill payments.
In some places, if a reporter stops by your work to ask you questions, you'll lose your job if you don't answer them, because the newspaper is the government. In the USA, it's usually the opposite.
It takes a while to sort it all out.
[+] [-] _bxg1|7 years ago|reply
https://m.youtube.com/watch?v=EzedMdx6QG4
[+] [-] Scoundreller|7 years ago|reply
The phrases that keep them on the line the longest get played in the pool more frequently.
Long recordings get automatically posted to youtube.
They're so internet 1.0, we need to get to 2.0!
[+] [-] JumpCrisscross|7 years ago|reply
Is there any realistic chance of Indian law enforcement catching up with these guys?
[+] [-] supertrope|7 years ago|reply
https://www.bbc.co.uk/news/world-asia-india-37564408
[+] [-] iamshs|7 years ago|reply
[+] [-] foepys|7 years ago|reply
[+] [-] toasterlovin|7 years ago|reply
[+] [-] simias|7 years ago|reply
[+] [-] realusername|7 years ago|reply
[+] [-] workshop_leads|7 years ago|reply
[+] [-] supertrope|7 years ago|reply
[+] [-] nasredin|7 years ago|reply
Bonus: a FU to warrantless NSA metadata spying.
[+] [-] duxup|7 years ago|reply
>“hundreds of millions” of dollars
I guess I'm not scamming anyone out of anything but if I was and got a million.... I like to think I'd be smart enough to burn everything and enjoy...
[+] [-] WalterBright|7 years ago|reply
I say I have to go look for it. So I randomly make noises like opening doors, closing drawers, shuffling papers. I had one on the line for 10 minutes before he gave up.
After a couple doses of "the treatment", they stop calling. Blessed relief!
This method works because it costs them human time. Just hanging up on their robot, or their human, doesn't work. They just call again.
[+] [-] cmurf|7 years ago|reply
Hilariously quite a lot of calls are "Google SEO" related, scammy sounding credit offers, and political donation solicitations.
[+] [-] walrus01|7 years ago|reply
[+] [-] mintplant|7 years ago|reply
The article mentions restitution. Does anyone know how he could find out if he's eligible?
[+] [-] jasongill|7 years ago|reply
[+] [-] cwkoss|7 years ago|reply
You can add some prestige to calling someone (having a human answering and screening your calls for you) at a pretty low cost (1 minute per call? 2-3 cheap workers could cover the whole biz, could share lines between ~ 50-100 people with distinct sounding names). eliminate all unsolicited calls for the customer.
[+] [-] torbjorn|7 years ago|reply
[+] [-] tonyquart|7 years ago|reply
[+] [-] exabrial|7 years ago|reply
[+] [-] supertrope|7 years ago|reply
sip:[email protected] or plain old 1-347-514-7296
A lot of spam callers hang up once I say I'm transferring them, but sometimes they talk to Lenny until the whole script loops!
[+] [-] praneshp|7 years ago|reply
[+] [-] jacobr|7 years ago|reply
Would be interesting to know more about this. In the legit call center business the phone numbers of people who have previously bought something are more valuable. The ability to target specific demographics is probably a prerequisite for a scam like this, calling randomly would be really expensive.
[+] [-] supertrope|7 years ago|reply
[+] [-] unsignedint|7 years ago|reply
Most people who need to speak to me attempt to contact me via different means anyways. I don't have much faith they will ever fix PSTN that I'm dreaming for the day I can start ignoring all calls.
[+] [-] joejerryronnie|7 years ago|reply
By the time I received the IRS letters, I typically had to respond within a matter of days or face additional penalties (what if I was on vacation). Even the most basic of cross checking my tax forms would have clearly shown everything was legit. And these were by no means unusual or complex tax situations, just very basic things that millions of Americans report on their taxes every year. But even though I knew everything was above board, the tax laws are so convoluted that I was in constant fear the IRS would still find some BS reason I owed them more money.