
Calling a real estate robocaller back - danso
https://www.philly.com/business/robocall-scam-philadelphia-home-buying-selling-20190430.html
======
fpgaminer
We all hate robocallers and scammers. We all hate getting called every day by
them. But did you know there's something worse? My wife recently discovered a
not so fun side effect of spam calls...

Scammers have this popular trick of spoofing the caller ID for a number local
to you. People are more likely to pick up the call if it's a number that seems
familiar to them (like, the first 6 digits are the same as your phone number).

I've known about this trick, but I never really thought about the collateral
damage. See ... that number they're faking is a _real_ phone number. And it's
someone else's phone number. It's not the scammer's number.

Well my wife's phone number got used. You wouldn't believe the number of
people who call scammers back! She was getting hundreds of calls a day; non-
stop. Most people were calling back trying to figure out who called them. Some
were angry. A few threatened her with violence.

And there's absolutely nothing you can do about it. You can't stop someone
from spoofing your phone number on Caller ID. You can't stop people from
mistakenly calling "you" back. You're just stuck in phone hell. The only
solution is to change your phone number ... not really a great option.

It lasted about a week; we resorted to just keeping her phone on Do Not
Disturb.

What a nightmare.

~~~
softwaredoug
I’m totally ignorant here, so I’m sure there’s a good reason: why is secure
caller id so hard?

~~~
cobbzilla
The telephone network was designed with total trust for “network operators”
who essentially have “root” to do anything.

This worked OK when the only operators were the various national phone
monopolies (Cap’n Crunch notwithstanding), but today that level of access is
much easier to get and abuse, and is difficult to trace.

There are efforts to bolt-on security to the telephone network but it’s really
hard.

I think it’s more likely that (over the next handful of decades) the phone
network fades into obscurity as more voice calls are connected over data links
which offer much improved security models.

~~~
bostonpete
> Cap’n Crunch notwithstanding

I assume you mean Captain Crunch, not the breakfast cereal... :-)

~~~
ars
He probably does mean the cereal, since it had the whistle that gave Captain
Crunch (AKA John Draper) his name.

------
danso
There's an idea for a dystopian comedy skit somewhere in this:

> _Will’s so busy leaving messages all over town that he never answers the
> phone when you call him back...Sometimes calls were forwarded to a host of
> people who went by “Pat.” They said they worked for PATLive, an answering
> service firm that takes calls for businesses when they’re busy or closed.
> Pats were taking messages for “Steven’s Office” in Alexandria, Virginia._

> _Asked why there were several Pats, a Pat said: “We’re all Pat.”_

> _“We all go by Pat to keep it easy,” said Pat. “But we do have some Pats in
> the office.”_

~~~
tyingq
I read their "how it works" and other pages, and the sales pitch isn't bad.
They should be more selective about clients though.
[https://www.patlive.com](https://www.patlive.com)

~~~
FussyZeus
Am I the only one who thinks this is bullshit? How is PATLive not also
complicit in the crimes they're looking for "Will" to prosecute in?

I get so tired of these B2B service providers who get caught up doing
borderline illegal shit and then just shrug their shoulders and say "not our
responsibility." Everybody has these clauses doing the ass covering so they
can sell services to anyone who knocks and they're never held responsible
because of some bullshit contract.

WHY is that allowed? You're doing business with an individual/organization
that is breaking the law, and you know it, or you would know it if you cared
to look. That's gotta be at least worth a charge of negligence?

I'm just saying the "Will"s of the modern era would have a much harder time if
the call centers, teleco providers, internet hosters, etc. were held
responsible when they were found to be operating in cahoots with a scammer and
I don't understand why they aren't.

Vet your fucking clients. And if you don't wanna do that, then shut your
doors.

~~~
turc1656
On a related note - I've had the opposite experience but it wasn't with
telecom related services - it was cloud services. A friend of mine started a
business that focuses on the highly anticipated luxury clothing and sneaker
releases. He basically does a proxy business that routes traffic through his
network so that people can use multiple IPs that aren't banned on those
retailers websites so that they can purchase multiple units of these products
which are usually restricted to one per customer.

We had a lot of trouble finding a reliable cloud services provider. Even
though none of this is illegal at all, a bunch of them have clauses against it
in the service agreement. So we avoided those. We figured the ones that didn't
have it shouldn't have any problems because nothing was illegal and it's not
like we are abusing the cloud services - we're talking about a significant
amount of time with nothing on the network (that we pay them for) and then a
short burst of traffic that is still low on bandwidth while all the clients
are trying to hit the sites up at the same time. But one after another kept
cancelling our accounts, citing a violation of the terms of service. We
pressed a number of them for an explanation. Many just ignored us. A few
outright lied and said they received complaints from ISPs about our IPs
sending spam emails. I challenged them on that because nothing of what we did
or any of our client did was sending emails. And we tightly controlled the
network traffic, ports, etc. So it's simply not possible, they were lying to
get rid of us because their terms didn't account for it. To this day, I still
can't figure out why all these providers were so against what we were doing.
Eventually my friend explained his use case to the CEO of one of the companies
and they signed and agreement and were totally fine with everything so I'm
really perplexed.

~~~
Larrikin
I applaud them. Reseller middlemen buying up the releases so they can profit
are awful and inhibiting that activity is a greater good for society. In the
ideal world sneakers could only be sold at retail, let the people who actually
want to wear them buy them.

~~~
number_six
yeah internet scalpers suck!

------
ianhawes
“Will” doesn’t want to buy your house. Will wants to collect the lead,
determine how appealing the property is, and sell the lead to someone local.
Will isn’t touching that property with a 10 foot pole. Phil on the other hand,
just bought the lead and will make a lowball offer.

Oh, and "Will" on the voicemail isn't Will either. It's a voice actor off of
Fiverr that likely has no idea their voice is being used for this scheme.

------
TuringNYC
I've had people wanting to "buy" some property you have. Once they get you to
agree to sell, then they ask if you can self-finance the sale (i.e., you
become the bank and "sell" for nothing and they give you a monthly mortgage
payment.) Sounds OK in theory, but you'd need a lot of paperwork/legal to vet
the whole deal and you have no idea if the person can even pay until you spend
even more on credit checks, etc. And If at some point they stop paying, you
have to spend yet more on foreclosure and all the other stuff real banks have
to deal with.

~~~
nmeofthestate
>Sounds OK in theory

Sounds terrible in theory!

~~~
toomuchtodo
It’s not if the income stream and high yield rate from a seller financing deal
is more important to you (as the maker of the note) than a lump sum of cash.
Everyone has different financial requirements, collateral they’re willing to
put at risk, etc. You’re using today’s dollars (or assets) to find ways to buy
more of tomorrow’s dollars (“investing”).

The paperwork isn’t too difficult to put together either.

~~~
Jesus_Jones
I can't imagine why this ever would make sense. Only scammers would benefit
would accept this, because of the lack of clarity in ownership, it's like a
deliberate attempt to circumvent normal financial transactions, which only
benefits scammers.

It strikes me as the same thing as the fake-check auto purchase scams that
infest different on-line auto sales channels.

~~~
toomuchtodo
You should read more on seller/owner financing to understand why one would use
it in a transaction before dismissing it as a scam. To think only scammers
would benefit is an ignorant position to hold if you don't understand why
counterparties in a real estate transaction would elect this financing
mechanism over conventional financing. Ownership interest is still recorded
with the local jurisdiction, so nothing is hidden (although with a land trust,
you _can_ hide beneficial interest [it's treated as personal property and
handled with trust docs; you could think of it as tracking real estate
ownership "off ledger" since it's not recorded with a deed] so people don't
know who own a parcel).

------
mothsonasloth
In the UK I get robocallers phoning me about car accidents or triple glazing
grants.

I always say "yes", then you get a real person who picks up.

Then I will do the old bait and switch. Start talking about how my car got
written off after the great M25 exodus of 2018. That I lost my foot from a low
flying scooter delivery driver. The story then becomes more and more
ridiculous and eventually they will hang up.

Since opting for this tactic my phone call count has gone down considerably.

~~~
rscho
Even more cruel: say yes, listen to the start of the spiel, then gently lay
the phone down. They'll call back not knowing if it was a line malfunction.
Now rinse and repeat.

I got some so angry that they threatened to come over and break my face at
home. This technique has up to now never failed me.

~~~
braindouche
I once decided to talk with a "Hi this is Windows your computer wanted me to
tell you it has a virus" guy once, and he's going through his script, trying
to determine whether I have a Windows box or a Mac by describing whether I
have a command key or a win key on my keyboard. My fancy-pants programmer
keyboard happens to have neither, but in trying to explain this to him, he got
so mad I literally heard him throwing things off his desk, last of which being
the phone itself. I assume my family is still cursed, though I never took his
physically improbable suggestions.

~~~
logfromblammo
I got one of those on the rental's land-line while away on vacation once.
Since I was on vacation, I decided to have some fun. So I said I had two
computers wired to the Internets, and could he please tell me the IP address
of the one that had the problem. The answer, of course, was 127.0.0.1, so then
I pretended to log in to my imaginary computer. He was magically able to see
that I had logged in, and he told me that yes, my computer was definitely
infected with a very bad virus.

I played along until I got bored pretending to be a fumbling, bumbling, low-
knowledge user, and revealed that I was not really at my computer, or any
computer at all, and I was just messing with an obvious scammer for fun. And
that induced a spluttering, heavily accented rage-stream of insults, which was
also fun. "I am not scam people! _You_ are the scam!"

------
Etheryte
Forgive me for being out of the loop here, but why is it so hard to make this
business unprofitable and easily trackable? For any kind of contracted
relations as mentioned in the article (automatic call centers etc), the law
enforcement can get a trace. For off-the-shelf temporary SIM cards, make them
rate limited and block them when a complaint is filed. Is there something I'm
missing here? Given the numbers, this seems like a huge problem, is there
simply no incentive to solve it?

~~~
tyingq
The patlive.com service does seem to be the obvious place to track down who
their lawbreaking client is. It's a US company, which was probably a mistake.
I assume "Will" could have contracted with a service outside the US.

On the plus side, patlive.com charges $1/minute as their cheapest plan.
Robodialing them back, with a sufficiently clever script, would be costly for
"Will".

~~~
criddell
I looked at PatLive's FAQ and there's no contract required. You pay by Visa,
MC, or AMEX. If you can use a reloadable card then they probably don't know
who you are.

~~~
Jesus_Jones
Since the patlive service and all those 'answering services' that you get are
basically faciliating a scam, I'm sure a serious prosecutor could get a court
order telling them to pass the information on that they had about the
underlying person.

If it was a reloadable card, you can still figure it out with more effort. You
threaten to sue them into oblivion as facilitating criminal actions, and you
get them to get you on a real phone number with the scammer, and then you
track them down that way. You just have to try harder.

A reporter could pursue this by getting a job with that firm and tracking
backwards.

------
CHsurfer
I want a phone service that automatically charges the caller a small amount
($1-$2). I can waive the charger for known numbers. Each time an unknown
caller calls, I get an SMS right after the call to waive the charge for this
and all subsequent calls or to proceed with the charge.

~~~
lemcoe9
And how would you expect to collect on any of that?

~~~
jrockway
I think it's easy, right? Forward your number to a voice that says, "to call
me, please type your credit card number on the keypad. a charge of $2 will
apply." If they pay, you connect the call. If they don't pay, the call
disconnects. Easy.

Nobody will call you, of course, including spammers.

~~~
SketchySeaBeast
Why not just not have a phone line, instead of inexplicably paying for a
service to not have a service?

~~~
jrockway
I think the point is to send a message.

~~~
SketchySeaBeast
And that message is "Don't call me."

------
gnicholas
I regularly receive calls from an agent at a reputable (or at least I used to
think) brokerage here in Silicon Valley.

They use the typical trick of calling you twice simultaneously, so the second
call can go straight to your VM box. The message was boiler plate: " _we 're
looking for a home in your neighborhood for a client, but inventory is very
thin as you know so we're wondering if you know anyone who might be open to
selling._"

The thing is, there were 3 houses for sale on my street at the time, so it was
immediately clear this wasn't based on an actual client. I had recently spoken
with an agent from this brokerage firm and I sent her a follow-up email to let
her know that her colleague's (illegal) shenanigans were undercutting her
company's reputation.

------
tyingq
An investigative reporter had no luck figuring out who it was. I'm curious if
STIR/SHAKEN makes it possible to find the culprits, or if it just drives them
to more niche VoIP providers.

~~~
BenjiWiebe
It will prevent the robocallers from using local numbers to call you without
actually buying/renting said numbers.

------
cr0sh
Just going to throw out the call/sms blocker I use and love:

[https://github.com/kaliturin/BlackList](https://github.com/kaliturin/BlackList)

I have no connection to the software other than being a satisfied user. Yes,
it's open source. Yes it's Android only.

Yes, it's SMS app is bare-bones. And the UI is ugly.

That's the tradeoff for this kind of thing. It's a shame there isn't an active
development community around it making it so much better.

The basics are all there and they work great. Mainly if the UI was updated,
and certain "extras" were added to the SMS app (for me, that'd be emoji/smiley
usage and photo upload/download) - it would be perfect. But I'm willing to put
up with the "bad" to gain the "good" parts of the app.

------
herodotus
There is an effort underway to end spoofing. It is called Caller ID
Authentication. See [https://www.fcc.gov/call-
authentication](https://www.fcc.gov/call-authentication)

------
uptown
I tracked down one of these robocallers once. I'd been getting multiple calls
a day from the same number. The number was tied to a business name, which had
an old domain name registry in some online index. From there, I was able to
find the original domain name purchaser name and phone number. I also found
his Facebook page, with poor privacy settings - and a few other details about
the guy. So I gave him a call. He was very surprised to get a call - but
listened, and accepted that a phone call wasn't where I'd stop if his calls
continued. They stopped that day.

------
MagicPropmaker
Why is it so hard to catch them? Can't the FTC set up a house sale, and when
the buyer presents himself at closing, have him arrested? Eventually the buyer
needs to be available to close the sale. I suppose it can all be done
electronically (I bought property with an electronic closing) but for the
demographic they're trying to market from, electronic signatures and document
handling may not be easy. Someone will have to meet with them, and there an
arrest can be made (for the robocalling).

------
devm0de
What many of these real estate investors do is have a phone number on their
bandit signs or use in their robodialer voice mails that forwards to the
answering service. That phone number might be provided by services like
callfire or callrail where you can generate lists of numbers. Some services
let you script all actions.

Callfire allows for things like enabling recording on the call forward
(potentially illegal) when someone calls it. Then investor themselves or pays
a virtual assistant like $3hr to sift through all those calls for any
potential leads. You can hear the entire call to patlive if you wanted to. Or
they just trust patlive to forward messages as they’re the answering service.

So long as your answering service or where you’re generating your numbers
doesn’t blow your cover then you can keep this game up for a long time. That’s
what these answering services are trained to do is protect their clients
identities. But I doubt that holds up when the FTC comes knocking.

------
Mashimo
Why are Robocalls so common in the US, but not in other countries?

~~~
TomMarius
Because unsolicited calls are not legal in other countries

~~~
AndyMcConachie
They're often not legal in the US either, but it isn't enforced. It has more
to do with enforcement than it does legality.

------
mtw
I'm seriously contemplating cancelling my cell plan. The annoyance I get from
robocalls spam (plus monthly cost) is far greater than the utility. Relatives
and close friends can always send messages through other services

~~~
drb91
I believe you can disable incoming calls at the telecom level. Not sure who
offers this but I do some phone banking and run into this about 1/100 calls.

Apple really needs a way to enable permanent do not disturb for just phone
calls, ie your phone only rings if you are in the contacts.

~~~
dmix
> Apple really needs a way to enable permanent do not disturb for just phone
> calls, ie your phone only rings if you are in the contacts.

That's a really great feature idea. I hope someone here who works at Apple or
Google reads it.

------
taborj
Not sure if this is carrier-specific, but the phones my family uses will
receive robocalls, but they come in with the name "Scam Likely." So somewhere,
someone is keeping track of the various numbers that are used in a list, and
using that to alter the carrier ID information to our benefit.

It doesn't catch all, but it hasn't incorrectly flagged one yet.

~~~
eitland
Google does on my phone. Sometimes it will ask me after a call if it was spam.

Works surprisingly well considering it is Google in 2019, but now that I think
of it I can see a number of ways they'll mess up this as well ;-)

~~~
criddell
I use Google's Call Screen service. It answers the call and tells the caller
to state their name and reason for calling. The response shows up on my screen
as text and I can decide to pick up at any time.

99% of the time, the call just disconnects.

I really wish Google would let me set my phone to ring only for numbers in my
address book and give everybody else a busy signal.

~~~
tehlike
On android, you can go to settings of the caller app, and enable "filter spam
calls". Not exactly the same thing but still... You might have some trouble if
you are a fi user.

~~~
criddell
I am a fi user.

The problem with settings like that is it still lets the call go to voicemail
and I don't want to deal dozens of 4 second messages every week.

------
NoblePublius
Can someone explain why it’s so easy to spoof caller ID? And can someone else
explain why spoofing caller ID isn’t a felony worthy of life imprisonment?

~~~
cr0sh
Not that this explains it, but IIRC, caller ID information is sent (or was, at
one time with land lines) "out of band", in a particular data format, that
occurs between the first and second rings.

IIRC, it's done using frequencies that either can't be heard (ie, outside the
freq response of the phone), or the sound is "switched off" between rings
(quite possibly this, since the "ring" voltage is completely different from
the "line-in-use" voltage - so this voltage change can be detected and switch
the signaling as needed).

At any rate, it's a known thing, and if you understand how it works, it's
possible (well, again, was - for land line phones) to build a box that can
inject these signals between the rings so the phone being called will display
it. Normally, this is done (IIRC) by the CO, but I think if the info is
already there, it doesn't override it.

I might be completely wrong, though; it's been a couple of decades since I
last read about how it worked; also, I have no idea how it works in cell-phone
land, but likely it hasn't changed because "inertia" and having to support
older land-line phones...

~~~
AnimalMuppet
When you have an incoming call ringing on a landline, the ring signal is very
much out of band - it's 48 volts, with enough current to drive a solenoid to
move a mechanical hammer against a physical bell. (You do not want to be
electrically in contact with a phone line when ring comes in!)

The caller ID information comes as a frequency-shift-keyed (FSK) message (I
think). As you said, it's between the first and second rings. But you can't
hear it, not just because it's not a normal audio tone, but also because the
phone is still on hook and isn't playing any audio that comes over the line.

That's regular caller ID, which is type 1. Call waiting caller ID is type 2.
It's also an FSK message. (That is, I'm sure that it's an FSK message. I
_think_ type 1 is also FSK, but I'm less certain of that.) This comes
immediately after the call waiting "beep". It's short enough that I don't
think your ear can pick it out of the transition from the beep tone to the
regular conversation that the beep interrupted.

I'm not sure whether you could get fake caller ID that you send through a CO.
The phone line isn't "off hook" yet, so the CO isn't passing audio. (If you
say "hello" into the phone while it's ringing, I don't think that audio goes
down the destination phone line either.) But that's only how I _think_ it
works; I don't _know_.

------
billyt555
Is it just me or does this article end mid-thought?

------
mtw
does everyone has a subscription to Philly? I've never been to the site and
wants me to pay to read 1 article

~~~
RandallBrown
I was able to see the article without any issue. There was a banner telling me
I should subscribe, but that was it.

~~~
mtw
Changing to Firefox worked. It seems Philly is able to work around privacy
mode in Safari.

~~~
ilikehurdles
I've noticed that certain newspaper-oriented sites (like the Denver post) ask
you to subscribe if it detects you're running in incognito mode.

That said, I viewed this page in incognito on chrome without issue.

------
whenchamenia
"Hello this is Lenny..."

