Phishing and telemarketing telephone calls
Has anyone else noticed a steep decline in annoying phone calls since the FCC threatened legal action against three major VOIP gateways if they didn't make efforts to prevent Caller ID spoofing from scammers? Writing on behalf of myself and not any organization or employer. Please remove me from your mailing and contact lists.
Oh, never mind. I just saw a similar thread: FCC and FTC Demand Cut-Off Robercallers of Coronavirus Scam The free Marriott vacation and Social Security Number suspension calls are no more! From: NANOG [mailto:nanog-bounces@nanog.org] On Behalf Of Matthew Black Sent: Friday, April 24, 2020 4:26 PM To: North American Network Operators' Group Subject: Phishing and telemarketing telephone calls Has anyone else noticed a steep decline in annoying phone calls since the FCC threatened legal action against three major VOIP gateways if they didn't make efforts to prevent Caller ID spoofing from scammers? Writing on behalf of myself and not any organization or employer. Please remove me from your mailing and contact lists.
On Fri, 24 Apr 2020, Matthew Black wrote:
Has anyone else noticed a steep decline in annoying phone calls since the FCC threatened legal action against three major VOIP gateways if they didn’t make efforts to prevent Caller ID spoofing from scammers?
Not that it's at all on-topic for NANOG, but no. I still get numerous "last chance to renew my car warranty" and whatever the scam is from the credit card callers per day on both my home and cell numbers. ---------------------------------------------------------------------- Jon Lewis, MCP :) | I route StackPath, Sr. Neteng | therefore you are _________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
No different than any other network abuse mechanism and regulatory and legislative measures meant to control it. ----- Mike Hammett Intelligent Computing Solutions http://www.ics-il.com Midwest-IX http://www.midwest-ix.com ----- Original Message ----- From: "Jon Lewis" <jlewis@lewis.org> To: "Matthew Black" <Matthew.Black@csulb.edu> Cc: "North American Network Operators' Group" <nanog@nanog.org> Sent: Friday, April 24, 2020 6:36:28 PM Subject: Re: Phishing and telemarketing telephone calls On Fri, 24 Apr 2020, Matthew Black wrote:
Has anyone else noticed a steep decline in annoying phone calls since the FCC threatened legal action against three major VOIP gateways if they didn’t make efforts to prevent Caller ID spoofing from scammers?
Not that it's at all on-topic for NANOG, but no. I still get numerous "last chance to renew my car warranty" and whatever the scam is from the credit card callers per day on both my home and cell numbers. ---------------------------------------------------------------------- Jon Lewis, MCP :) | I route StackPath, Sr. Neteng | therefore you are _________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
Mike, Except in this case the flaw was acknowledged back in the 80' and it room the FCC almost 40 years to do something about it. Joe Klein On Sat, Apr 25, 2020, 8:54 AM Mike Hammett <nanog@ics-il.net> wrote:
No different than any other network abuse mechanism and regulatory and legislative measures meant to control it.
----- Mike Hammett Intelligent Computing Solutions http://www.ics-il.com
Midwest-IX http://www.midwest-ix.com
------------------------------ *From: *"Jon Lewis" <jlewis@lewis.org> *To: *"Matthew Black" <Matthew.Black@csulb.edu> *Cc: *"North American Network Operators' Group" <nanog@nanog.org> *Sent: *Friday, April 24, 2020 6:36:28 PM *Subject: *Re: Phishing and telemarketing telephone calls
On Fri, 24 Apr 2020, Matthew Black wrote:
Has anyone else noticed a steep decline in annoying phone calls since
the FCC threatened legal action against three major VOIP gateways if they didn’t make efforts to prevent
Caller ID spoofing from scammers?
Not that it's at all on-topic for NANOG, but no. I still get numerous "last chance to renew my car warranty" and whatever the scam is from the credit card callers per day on both my home and cell numbers.
---------------------------------------------------------------------- Jon Lewis, MCP :) | I route StackPath, Sr. Neteng | therefore you are _________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
Where I was meaning to counter was Jon Lewis's point that it was offtopic. ----- Mike Hammett Intelligent Computing Solutions http://www.ics-il.com Midwest-IX http://www.midwest-ix.com ----- Original Message ----- From: "j k" <jsklein@gmail.com> To: "Mike Hammett" <nanog@ics-il.net> Cc: "Jon Lewis" <jlewis@lewis.org>, "North American Network Operators' Group" <nanog@nanog.org> Sent: Monday, April 27, 2020 11:29:12 AM Subject: Re: Phishing and telemarketing telephone calls Mike, Except in this case the flaw was acknowledged back in the 80' and it room the FCC almost 40 years to do something about it. Joe Klein On Sat, Apr 25, 2020, 8:54 AM Mike Hammett < nanog@ics-il.net > wrote: No different than any other network abuse mechanism and regulatory and legislative measures meant to control it. ----- Mike Hammett Intelligent Computing Solutions http://www.ics-il.com Midwest-IX http://www.midwest-ix.com From: "Jon Lewis" < jlewis@lewis.org > To: "Matthew Black" < Matthew.Black@csulb.edu > Cc: "North American Network Operators' Group" < nanog@nanog.org > Sent: Friday, April 24, 2020 6:36:28 PM Subject: Re: Phishing and telemarketing telephone calls On Fri, 24 Apr 2020, Matthew Black wrote:
Has anyone else noticed a steep decline in annoying phone calls since the FCC threatened legal action against three major VOIP gateways if they didn’t make efforts to prevent Caller ID spoofing from scammers?
Not that it's at all on-topic for NANOG, but no. I still get numerous "last chance to renew my car warranty" and whatever the scam is from the credit card callers per day on both my home and cell numbers. ---------------------------------------------------------------------- Jon Lewis, MCP :) | I route StackPath, Sr. Neteng | therefore you are _________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
On Apr 24, 2020, at 5:36 PM, Jon Lewis <jlewis@lewis.org> wrote:
On Fri, 24 Apr 2020, Matthew Black wrote:
Has anyone else noticed a steep decline in annoying phone calls since the FCC threatened legal action against three major VOIP gateways if they didn’t make efforts to prevent Caller ID spoofing from scammers?
Not that it's at all on-topic for NANOG, but no. I still get numerous "last chance to renew my car warranty" and whatever the scam is from the credit card callers per day on both my home and cell numbers.
Well, while we are already engaged in the thread, some of you may be interested to know (especially if you find yourself with time on your hands these days), that you *can* actually get money from these scum. In fact, it turns out that they cave pretty easily because they *know* they are violating the law, and they *know* what the penalties are. In fact, we wrote up how to do it (link below) and I *know* that it works because I just got myself $1000 out of a text message spammer! So, harass those phone spammers for fun *and* profit! ;-) Here's the write-up I did, feel free to ask me any questions you may have. :-) https://www.theinternetpatrol.com/how-to-shake-down-robocallers-and-robotext... Anne -- Anne P. Mitchell, Attorney at Law Dean of Cyberlaw & Cybersecurity, Lincoln Law School CEO/President, SuretyMail Email Reputation Certification Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law) Legislative Consultant, GDPR, CCPA (CA) & CCDPA (CO) Compliance Consultant Board of Directors, Denver Internet Exchange Former Counsel: Mail Abuse Prevention System (MAPS)
Good grief, selling a kit for $47. Since all robocalls employ Caller ID spoofing, just how does one prove who called? Will the telephone company simply hand over detailed transport records or the hidden Caller ID information? I don't care about making money or imposition of government fines; I just want the calls to cease. mb Writing on behalf of myself and not any organization or employer. Please remove me from your mailing and contact lists. -----Original Message----- From: NANOG [mailto:nanog-bounces@nanog.org] On Behalf Of Anne P. Mitchell, Esq. Sent: Saturday, April 25, 2020 10:23 AM To: nanog@nanog.org Subject: Re: Phishing and telemarketing telephone calls
On Apr 24, 2020, at 5:36 PM, Jon Lewis <jlewis@lewis.org> wrote:
On Fri, 24 Apr 2020, Matthew Black wrote:
Has anyone else noticed a steep decline in annoying phone calls since the FCC threatened legal action against three major VOIP gateways if they didn’t make efforts to prevent Caller ID spoofing from scammers?
Not that it's at all on-topic for NANOG, but no. I still get numerous "last chance to renew my car warranty" and whatever the scam is from the credit card callers per day on both my home and cell numbers.
Well, while we are already engaged in the thread, some of you may be interested to know (especially if you find yourself with time on your hands these days), that you *can* actually get money from these scum. In fact, it turns out that they cave pretty easily because they *know* they are violating the law, and they *know* what the penalties are. In fact, we wrote up how to do it (link below) and I *know* that it works because I just got myself $1000 out of a text message spammer! So, harass those phone spammers for fun *and* profit! ;-) Here's the write-up I did, feel free to ask me any questions you may have. :-) https://www.theinternetpatrol.com/how-to-shake-down-robocallers-and-robotext... Anne -- Anne P. Mitchell, Attorney at Law Dean of Cyberlaw & Cybersecurity, Lincoln Law School CEO/President, SuretyMail Email Reputation Certification Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law) Legislative Consultant, GDPR, CCPA (CA) & CCDPA (CO) Compliance Consultant Board of Directors, Denver Internet Exchange Former Counsel: Mail Abuse Prevention System (MAPS)
Good grief, selling a kit for $47. Since all robocalls employ Caller ID spoofing, just how does one prove who called? Will the telephone company simply hand over detailed transport records or the hidden Caller ID information? I don't care about making money or imposition of government fines; I just want the calls to cease.
Just to be clear, *we* are not selling the kit to which Matthew refers, and *I* am not selling the kit either, it is referred to in the article. Nor is it an affiliate thing (although I believe they do offer that). Anne
On Sat, Apr 25, 2020 at 7:32 PM Matthew Black <Matthew.Black@csulb.edu> wrote:
Good grief, selling a kit for $47. Since all robocalls employ Caller ID spoofing, just how does one prove who called?
You don't. AFAICT, that's the point of Anne's comments. Finding them is good enough. Paying off anyone who both finds them and appears well connected with the law is cheaper than allowing the legal system to become aware of their identities and activity. Blackmail 101 dude. Find someone with a secret and demand payment for your silence. The best part is that if you're legitimately entitled to the money because of the secret then it's not technically blackmail.
Will the telephone company simply hand over detailed transport records or the hidden Caller ID information? I don't care about making money or imposition of government fines; I just want the calls to cease.
Presumably the meat of the $47 kit is about how to tease out enough clues to search public records and identify them. Regards, Bill Herrin -- William Herrin bill@herrin.us https://bill.herrin.us/
On Mon, 27 Apr 2020, William Herrin wrote:
On Sat, Apr 25, 2020 at 7:32 PM Matthew Black <Matthew.Black@csulb.edu> wrote:
Good grief, selling a kit for $47. Since all robocalls employ Caller ID spoofing, just how does one prove who called?
You don't. AFAICT, that's the point of Anne's comments. Finding them is good enough. Paying off anyone who both finds them and appears well connected with the law is cheaper than allowing the legal system to become aware of their identities and activity.
Blackmail 101 dude. Find someone with a secret and demand payment for your silence. The best part is that if you're legitimately entitled to the money because of the secret then it's not technically blackmail.
Presumably the meat of the $47 kit is about how to tease out enough clues to search public records and identify them.
In my experience, the caller-id is always forged, and the call center reps hang up or give uselessly vague answers if I ask what company they're calling from. I suspect the only sure way to identify them is to do business with them, i.e. buy that extended warranty on your car, or at least start walking through the process until either payment is made or they tell you who you'll have to pay. I wonder, if you agree to buy the extended warranty, solely for the purpose of identifying them, can you immediately cancel it / dispute the charge? Then there are the 100% criminal ones calling from "Windows Technical Support" who want to trick you into giving them remote admin access to your PC. I assume that's a dry well and the best you can hope to do is waste as much of their time as yours and see how foul a mouth they have. ---------------------------------------------------------------------- Jon Lewis, MCP :) | I route StackPath, Sr. Neteng | therefore you are _________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
On 4/27/20 11:12 AM, Jon Lewis wrote:
On Mon, 27 Apr 2020, William Herrin wrote:
On Sat, Apr 25, 2020 at 7:32 PM Matthew Black <Matthew.Black@csulb.edu> wrote:
Good grief, selling a kit for $47. Since all robocalls employ Caller ID spoofing, just how does one prove who called?
You don't. AFAICT, that's the point of Anne's comments. Finding them is good enough. Paying off anyone who both finds them and appears well connected with the law is cheaper than allowing the legal system to become aware of their identities and activity.
Blackmail 101 dude. Find someone with a secret and demand payment for your silence. The best part is that if you're legitimately entitled to the money because of the secret then it's not technically blackmail.
Presumably the meat of the $47 kit is about how to tease out enough clues to search public records and identify them.
In my experience, the caller-id is always forged, and the call center reps hang up or give uselessly vague answers if I ask what company they're calling from. I suspect the only sure way to identify them is to do business with them, i.e. buy that extended warranty on your car, or at least start walking through the process until either payment is made or they tell you who you'll have to pay. I wonder, if you agree to buy the extended warranty, solely for the purpose of identifying them, can you immediately cancel it / dispute the charge?
Then there are the 100% criminal ones calling from "Windows Technical Support" who want to trick you into giving them remote admin access to your PC. I assume that's a dry well and the best you can hope to do is waste as much of their time as yours and see how foul a mouth they have.
On the IETF list, I've been making the case that a DKIM-like solution for SIP signalling would in fact give you the way to blame somebody, which was DKIM's entire raison d'etre. Who cares what the actual fake e.164 address is and whether the sending domain is allowed to assert it or not? That is rather beside the point. All I care is that the originating domain is supporting abuse, and I know what the domain is to complain to, ignore, etc. Mike
STIR/SHAKEN? On Mon, Apr 27, 2020, 14:34 Michael Thomas <mike@mtcc.com> wrote:
On 4/27/20 11:12 AM, Jon Lewis wrote:
On Mon, 27 Apr 2020, William Herrin wrote:
On Sat, Apr 25, 2020 at 7:32 PM Matthew Black <Matthew.Black@csulb.edu> wrote:
Good grief, selling a kit for $47. Since all robocalls employ Caller ID spoofing, just how does one prove who called?
You don't. AFAICT, that's the point of Anne's comments. Finding them is good enough. Paying off anyone who both finds them and appears well connected with the law is cheaper than allowing the legal system to become aware of their identities and activity.
Blackmail 101 dude. Find someone with a secret and demand payment for your silence. The best part is that if you're legitimately entitled to the money because of the secret then it's not technically blackmail.
Presumably the meat of the $47 kit is about how to tease out enough clues to search public records and identify them.
In my experience, the caller-id is always forged, and the call center reps hang up or give uselessly vague answers if I ask what company they're calling from. I suspect the only sure way to identify them is to do business with them, i.e. buy that extended warranty on your car, or at least start walking through the process until either payment is made or they tell you who you'll have to pay. I wonder, if you agree to buy the extended warranty, solely for the purpose of identifying them, can you immediately cancel it / dispute the charge?
Then there are the 100% criminal ones calling from "Windows Technical Support" who want to trick you into giving them remote admin access to your PC. I assume that's a dry well and the best you can hope to do is waste as much of their time as yours and see how foul a mouth they have.
On the IETF list, I've been making the case that a DKIM-like solution for SIP signalling would in fact give you the way to blame somebody, which was DKIM's entire raison d'etre. Who cares what the actual fake e.164 address is and whether the sending domain is allowed to assert it or not? That is rather beside the point. All I care is that the originating domain is supporting abuse, and I know what the domain is to complain to, ignore, etc.
Mike
The obvious way to id them is to buy whatever it is they are selling. So that reduces the problem to being able to cancel the transaction once id'd, and probably using fraudulent credentials. It might take a little more strategy than what I just described, there are other potential pitfalls. I wouldn't suggest that route to amateurs but it's not quite rocket surgery. -- -Barry Shein Software Tool & Die | bzs@TheWorld.com | http://www.TheWorld.com Purveyors to the Trade | Voice: +1 617-STD-WRLD | 800-THE-WRLD The World: Since 1989 | A Public Information Utility | *oo*
On Mon, Apr 27, 2020 at 11:12 AM Jon Lewis <jlewis@lewis.org> wrote:
I suspect the only sure way to identify them is to do business with them, i.e. buy that extended warranty on your car, or at least start walking through the process until either payment is made or they tell you who you'll have to pay. I wonder, if you agree to buy the extended warranty, solely for the purpose of identifying them, can you immediately cancel it / dispute the charge?
Hmm. I wonder... if you get a one-time credit card number from your bank and limit it to $1, do you get a charge declined message in your log identifying the merchant? -Bill -- William Herrin bill@herrin.us https://bill.herrin.us/
On Sat, 2020-04-25 at 11:23 -0600, Anne P. Mitchell, Esq. wrote:
Well, while we are already engaged in the thread, some of you may be interested to know (especially if you find yourself with time on your hands these days), that you *can* actually get money from these scum. In fact, it turns out that they cave pretty easily because they *know* they are violating the law, and they *know* what the penalties are.
This is awesome! Not being a lawyer, I have no idea, but how effectively could a non-US- resident (i.e. somebody who lives in Canada) apply this? Do the laws being violated still count if they are to a non US-resident? Does not being a US resident weaken the leverage you have over these scum? I.e. wouldn't they be more likely to ignore a non-US-resident on the assumption that such a person is not likely going to bring suit? Cheers, b.
Well, while we are already engaged in the thread, some of you may be interested to know (especially if you find yourself with time on your hands these days), that you *can* actually get money from these scum. In fact, it turns out that they cave pretty easily because they *know* they are violating the law, and they *know* what the penalties are.
This is awesome!
Not being a lawyer, I have no idea, but how effectively could a non-US- resident (i.e. somebody who lives in Canada) apply this? Do the laws being violated still count if they are to a non US-resident? Does not being a US resident weaken the leverage you have over these scum? I.e. wouldn't they be more likely to ignore a non-US-resident on the assumption that such a person is not likely going to bring suit?
Well, if the org is in or has a connection to the U.S., then they are still in violation of the law. Whether they would even come to know that you are not a U.S. resident would depend on how it unfolded, and even if they did come to find out that you are not a U.S. resident, to fight it on that basis would cost waaaaaay more than just settling with you. The whole basis for this is basically that you are reminding them of something they already know (they are in violation of the law), and something else that they already know (each single violation of TCPA can carry a fine up to $500, and triple that if they knowingly violated TCPA and your phone is on the Do Not Call list - and of course you let them know that your phone number *is* on the DNC list, and that you have reason to believe that they knowingly violated the TCPA, so each call/text to you is worth $1500). What they count on is that people receiving their calls/text messages won't know the law, or how to proceed against them. YOU are letting them know that *you* know these things also, and that you are prepared to actually take them to court, where they know the odds are very much against them. They *know* how much those penalties are, so if you are offering to settle for substantially less, it is in their best interest to agree to your terms. Whether your place of residence would ever come up is an open question; their wanting to spend the money to fight an otherwise slam-dunk (in your favour) lawsuit on that basis, which would cost them waaaaay more than what your now very reasonable offer requests, seems unlikely. Hey, even if some of the orgs tell you to go pound salt if they find out you're not a U.S. resident, if even one comes through...free money (other than the time you have invested). :-) Anne -- Anne P. Mitchell, Attorney at Law Dean of Cyberlaw & Cybersecurity, Lincoln Law School CEO/President, SuretyMail Email Reputation Certification Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law) Legislative Consultant, GDPR, CCPA (CA) & CCDPA (CO) Compliance Consultant Board of Directors, Denver Internet Exchange Former Counsel: Mail Abuse Prevention System (MAPS)
On 4/25/20 10:23 AM, Anne P. Mitchell, Esq. wrote:
On Apr 24, 2020, at 5:36 PM, Jon Lewis <jlewis@lewis.org> wrote:
On Fri, 24 Apr 2020, Matthew Black wrote:
Has anyone else noticed a steep decline in annoying phone calls since the FCC threatened legal action against three major VOIP gateways if they didn’t make efforts to prevent Caller ID spoofing from scammers? Not that it's at all on-topic for NANOG, but no. I still get numerous "last chance to renew my car warranty" and whatever the scam is from the credit card callers per day on both my home and cell numbers. Well, while we are already engaged in the thread, some of you may be interested to know (especially if you find yourself with time on your hands these days), that you *can* actually get money from these scum. In fact, it turns out that they cave pretty easily because they *know* they are violating the law, and they *know* what the penalties are.
In fact, we wrote up how to do it (link below) and I *know* that it works because I just got myself $1000 out of a text message spammer!
So, harass those phone spammers for fun *and* profit! ;-) Here's the write-up I did, feel free to ask me any questions you may have. :-)
What exactly is this "basic internet research"? I thought the big problem is that they are trivially capable of covering their tracks. Mike
On Sun, 26 Apr 2020, Michael Thomas wrote:
So, harass those phone spammers for fun *and* profit! ;-) Here's the write-up I did, feel free to ask me any questions you may have. :-) What exactly is this "basic internet research"? I thought the big problem is
On 4/25/20 10:23 AM, Anne P. Mitchell, Esq. wrote: that they are trivially capable of covering their tracks.
I think the bigger issue is they are all entirely operated out of india. -Dan
I think the bigger issue is they are all entirely operated out of india.
Why is that specifically a problem, exactly? There are many reasons why it is *easier* to setup a scam call center in India, but it's not like the Indian authorities completely ignore the problem. One operation in India was just raided and shut down after some of Jim Browning's work was picked up by the BBC. The VoIP gateways allowing CID spoofing isn't an India specific thing. Neither is companies like Paypal who will continue to process payments for an account even after being provided evidence of fraudulent activity, and REFUNDING people who manage to file complaints on that same account. On Sun, Apr 26, 2020 at 6:02 PM Dan Hollis <goemon@sasami.anime.net> wrote:
On 4/25/20 10:23 AM, Anne P. Mitchell, Esq. wrote:
So, harass those phone spammers for fun *and* profit! ;-) Here's the write-up I did, feel free to ask me any questions you may have. :-) What exactly is this "basic internet research"? I thought the big
On Sun, 26 Apr 2020, Michael Thomas wrote: problem is
that they are trivially capable of covering their tracks.
I think the bigger issue is they are all entirely operated out of india.
-Dan
What exactly is this "basic internet research"? I thought the big problem is that they are trivially capable of covering their tracks.
There is always a money trail. Always. Because the whole point of these calls/sms messages is to get money out of you. And the money trail almost always provides a nexus to the U.S. (or whatever country you are in). In the case of spam calls, you do have to get a bit creative (and actually interact with the spammers on the phone...ewwww), to try to get them to give up on whose behalf they are working. In the case of text message spam, it's often much easier because there will often be a link to a website, which, yeah, is likely a front for another website, but hey, if you are part of NANOG, following those trails should be trivially easy. In the case of the outfit that just coughed up the $1000 to me, it was a text message spam that was ostensibly about one product, but the url in the text message actually forwarded through two intermediate urls to land on a site hawking a completely unrelated product - no big surprise there (this was nice because I was also able to accuse them of violating laws about misleading advertising ;-) ). Even with whois basically being useless now in terms of figuring out who is behind stuff, it was pretty easy to figure out who exactly stood to profit from my buying what was advertised on the landing site. As it happened, when I contacted them, they (rather surprisingly) referred me to their lawyer - which turned out to be great because he understood immediately the predicament they were in. :~) Anne -- Anne P. Mitchell, Attorney at Law Dean of Cyberlaw & Cybersecurity, Lincoln Law School CEO/President, SuretyMail Email Reputation Certification Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law) Legislative Consultant, GDPR, CCPA (CA) & CCDPA (CO) Compliance Consultant Board of Directors, Denver Internet Exchange Former Counsel: Mail Abuse Prevention System (MAPS)
On 4/27/20 9:15 AM, Anne P. Mitchell, Esq. wrote:
What exactly is this "basic internet research"? I thought the big problem is that they are trivially capable of covering their tracks. There is always a money trail. Always. Because the whole point of these calls/sms messages is to get money out of you. And the money trail almost always provides a nexus to the U.S. (or whatever country you are in).
In the case of spam calls, you do have to get a bit creative (and actually interact with the spammers on the phone...ewwww), to try to get them to give up on whose behalf they are working. In the case of text message spam, it's often much easier because there will often be a link to a website, which, yeah, is likely a front for another website, but hey, if you are part of NANOG, following those trails should be trivially easy.
In the case of the outfit that just coughed up the $1000 to me, it was a text message spam that was ostensibly about one product, but the url in the text message actually forwarded through two intermediate urls to land on a site hawking a completely unrelated product - no big surprise there (this was nice because I was also able to accuse them of violating laws about misleading advertising ;-) ). Even with whois basically being useless now in terms of figuring out who is behind stuff, it was pretty easy to figure out who exactly stood to profit from my buying what was advertised on the landing site.
As it happened, when I contacted them, they (rather surprisingly) referred me to their lawyer - which turned out to be great because he understood immediately the predicament they were in. :~)
From everything i've read, the complexity of finding them is directly related to their cost of doing business. If they can get by with few layers of indirection, they do. If they need more, they will. You can be guaranteed that they will add layers if they need to. Which is to say, I don't see how this scales to actually reduce these scams. Mike
https://www.theinternetpatrol.com/how-to-shake-down-robocallers-and-robotext...
I absolutely endorse this idea. Very early in my career, I worked for a shop that provided network/IT services for a bottom tier debt collector, one of the early innovators of the 'rent-a-lawyer' concept in that industry. It disgusted me to overhear the tactics they used when I was in their offices setting one thing or another up, and I reveled in the schadenfreude when they started getting splashed with such 'stock' FDCPA complaints and losing constantly. On Sat, Apr 25, 2020 at 1:25 PM Anne P. Mitchell, Esq. <amitchell@isipp.com> wrote:
On Apr 24, 2020, at 5:36 PM, Jon Lewis <jlewis@lewis.org> wrote:
On Fri, 24 Apr 2020, Matthew Black wrote:
Has anyone else noticed a steep decline in annoying phone calls since the FCC threatened legal action against three major VOIP gateways if they didn’t make efforts to prevent Caller ID spoofing from scammers?
Not that it's at all on-topic for NANOG, but no. I still get numerous "last chance to renew my car warranty" and whatever the scam is from the credit card callers per day on both my home and cell numbers.
Well, while we are already engaged in the thread, some of you may be interested to know (especially if you find yourself with time on your hands these days), that you *can* actually get money from these scum. In fact, it turns out that they cave pretty easily because they *know* they are violating the law, and they *know* what the penalties are.
In fact, we wrote up how to do it (link below) and I *know* that it works because I just got myself $1000 out of a text message spammer!
So, harass those phone spammers for fun *and* profit! ;-) Here's the write-up I did, feel free to ask me any questions you may have. :-)
https://www.theinternetpatrol.com/how-to-shake-down-robocallers-and-robotext...
Anne
-- Anne P. Mitchell, Attorney at Law Dean of Cyberlaw & Cybersecurity, Lincoln Law School CEO/President, SuretyMail Email Reputation Certification Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law) Legislative Consultant, GDPR, CCPA (CA) & CCDPA (CO) Compliance Consultant Board of Directors, Denver Internet Exchange Former Counsel: Mail Abuse Prevention System (MAPS)
On 4/24/20 16:26, Matthew Black wrote:
Has anyone else noticed a steep decline in annoying phone calls since the FCC threatened legal action against three major VOIP gateways if they didn’t make efforts to prevent Caller ID spoofing from scammers?
Not particularly. The car warranty and credit card robocallers are still very much at it. -- Jay Hennigan - jay@west.net Network Engineering - CCIE #7880 503 897-8550 - WB6RDV
participants (13)
-
Anne P. Mitchell, Esq.
-
Brian J. Murrell
-
bzsï¼ theworld.com
-
Dan Hollis
-
Dovid Bender
-
j k
-
Jay Hennigan
-
Jon Lewis
-
Matthew Black
-
Michael Thomas
-
Mike Hammett
-
Tom Beecher
-
William Herrin