Fake voices are already being used to steal millions (https://www.bbc.com/news/technology-48908736). I co-authored the paper linked here, which goes into some detail about why this all matters, particularly for voice cloning... https://medium.com/@aviv/reducing-malicious-use-of-synthetic...
(I just came up with a version for robocalls but I don't want to post it here because it's a giant wall of text that I don't think pays for itself in terms of contribution to the discussion.)
It’s incredible in a world were we’re all being forced to move to RealIDs so our every move can be tracked, that criminals can continue to scam the elderly and disabled anonymously by phone.
SHAKEN/STIR is the (technical) answer to this, though I'll be interested to see to what extent it's adopted.
There is, at least for foreign calls: assuming US provider A gets an incoming call from the country B's operator C, then A has to verify if the phone number supplied by C is in the country phone number range of country B. If there's a mis-match, deny the connection.
(And that's not even mentioning the issue of how you'd map providers to prefixes. It's somewhere between non-trivial and impossible in practice.)
Its easy to send an IP packet with a source address that is whatever you want, but if you do that the receiver is going to reply to someone else and you won't be able to establish two way communication.
Yes, I know most ISPs don't do this. But they could if they wanted to.
There's a bunch of solutions. I received 19 spam calls spoofing cell numbers. That's a felony
I suggest everyone that get an illeagl robo call to call your rep Everytime. Ask them to block India entirely. The problem would be solved very quickly. Or block all calls from Florida and Texas. The nuclear option
The basic one is just waste their time. Ask a lot of questions. And then tell them you were doing that
IOW: They have so many resources available, and it is so cheap for them to make the calls, that even after they knew I was going to waste their time, they continued the calls.
This was after I had tried their options for "press 1 to be removed" and talking to someone and saying "please remove me from your list".
The thing they may not have been anticipating: I had 3 numbers forwarding to my cell phone. Up until this call I didn't know which of them was on their list. I cancelled that phone number, and the calls dropped to almost 0.
This could very well be an urban legend, and I know that most telemarketers are untrustworthy anyway, but I've heard somewhere that you actually have to explicitly say "put me on your do-not-call list" because the phrase "remove me from your list" allows them to interpret it a request to remove you from the do-not-call list.
Like I said, probably an urban legend.
> If a person or entity making a call for telemarketing purposes (or on whose behalf such a call is made) receives a request from a residential telephone subscriber not to receive calls from that person or entity...
This is from 47 C.F.R. § 64.1200(d). If someone says "please remove me from your list," I believe any reasonable individual should understand that as a request to stop calling.
If they get a request to stop calling, a telemarketer must immediately record the number to the company's do-not-call list and comply with the subscriber's request in a reasonable period of time not exceeding 30 days, and the telemarketer must honor the request for 5 years.
If you want to get technical about it, it doesn't even say the request must be made on a phone call. Presumably, one could make a written request. Perhaps someone could even offer as a public service a way to preemptively send copies of form letters to the addresses of known telemarketers requesting no calls. Someone like the postal service.
Considering they are committing a felony by simply making the phone call. It's a felony to spoof phone numbers. Everyone from the top down should be facing 20 years
No one wants the hearing damage, I suspect.
I need a Mandarin sound board to keep them on the line since I don’t know any more than “Nihao”.
Until the scammers figure this out and respond with their own bot. Then, just like Twitter, it'll be bots spamming each other..
It's honestly pretty great, I use it all the time.
Fuck your ban.
And please don't give me a lecture about civil discourse. I clearly stated my opinion
If I am banned. Fuck my ban as you clearly stated
Wouldn't it make more sense to punish the phone companies letting them do this? Is this just prejudicial hatred on your part against a couple of states you don't like for some reason?
It would be easy enough for a regulator to simply fine any company whose products are advertised or sold through telemarketing.
Make it the companies problem that some of their marketing contractors or affiliate schemes lead to illegal calling.
- which regulator has the power to fine a company when it didn't do anything wrong?
- how would you prevent abuse, e.g. if I want to destroy your small business, I can just spend a few thousand dollars on a robocall campaign selling your products (not even claiming to be you)
That same difficulty would arise when trying to identify those abusing the process in the way I described.
There is a lack of will
Small fines, for the issuer of the number used to make calls reported by more than N consumers, should do the trick. Small to accommodate false positives. Fine to create an incentive to vet before issuing numbers. Number issuers because they’re less numerous and clearly in the FCC’s jurisdiction.
If one wanted larger fines, N could be lowered but only count complaints with a recording of the call and proof it came from that number (e.g. a telephone bill). Harder to make a complaint, but also harder to turn the mechanism into a home for general grievances.
Spoofing numbers could be considered a criminal organization
Take down every single person
Actions need to have consequences. But they currently have none
Management/c-suite? Sure. Your typical telemarketer working at minimum wage? No.
If they're claiming to be the IRS so they can scam you out of iTunes gift cards, why not? They know what they're a part of.
If the callers (who LE can get to already with enough questions) are safe now, they'd be safe after the change. Sure, the hn crowd will easily set up appropriate filtering, but we were never a viable target to begin with, so that's actually helping the spam calls reach better targets quicker.
It would maybe reduce the number of scam calls though. Spam, not do much.
To sue someone, the court would still need to ask the telco about the owner of the number. Right now they would need to ask for the initiator of a call to XYZ at 12:34. Seeing the number doesn't change anything.
Sounds great, lets do that.
STIR/SHAKEN has the potential to help here, but there are still shortcomings, e.g. when originating calls with source numbers obtained from other carriers.
These calls are largely preying on the elderly. They're despicable and it's disgusting it's taken us so long to stop them—there's no excuse, it's not like human beings don't control every part of what's happening, this isn't some force of nature. Nuke them from orbit.
In the past she'd been scammed by the "your grandson is in jail" scam and the bank stopped her.
One day she was really worked up because she was sure someone was going to come to her facility at 4pm and demand their money from her, and it was all tangled into my family needing money or something. Luckily she has no direct access to funds anymore.
Enough was enough. I found a product that I could put on her phone line that lets me white list her calls. It also suppresses the first ring because with Alzheimers, the last thing you need is the phone ringing once constantly.
It isn't perfect -- it has to be configured over bluetooth and only from a cell phone. I'd prefer a device that lets me do this remotely over the web, but this is what we're using for now:
For ourselves, I have a linux box running ncid. I just wish I could find a first ring suppressor that works on POTS. The FRS22100 I tried resulted in a fast busy for any caller -- didn't conform to whatever the central office required.
Payments are kind of a world of their own, but basically there are 5 parties involved in a credit card purchase:
1. The party that receives the payment. For example, a retailer like Amazon or Target. In payments lingo: "merchant".
2. The merchant's bank. This is where funds are going to end up. In payments lingo: "acquiring bank" or "acquirer" (because they're acquiring funds I guess).
3. The customer's bank. This is where funds are going to come from. Usually on credit. For example, Citi, Capital One, Chase, HSBC, Bank of America. In payments lingo: "issuing bank" or "issuer" (because the customer has an account with them and they issue the actual card).
4. The customer, the person who makes the purchase. This person's name is printed on the credit card. In payments lingo: "cardholder".
5. A payments network. These arrange payments (including operating computer networks as well as defining rules and policies) and facilitate the purchase. For example, Visa, Mastercard, American Express. In payments lingo: "credit card association".
Back to something vaguely relevant, one way you can instantly detect these scams is that they always seem to claim they're from Visa or Mastercard, then try to talk about lowering your interest rate. Your interest rate is between you (the customer) and your issuing bank (Citi, Capital One, etc.), not between you and the card association. Visa or Mastercard doesn't care about your interest rate. The scammers are not even claiming to be from the right type of organization!
I assume they do this because they get a higher hit rate. If they claimed to be from, say, Chase, then lots of people would think "I don't have an account with them" and hang up. If they say Visa or Mastercard, odds are good that you'll think "yes, I have one of those".
A scammer using a domain may be able to conceal their identity, but they can't hide the domain name itself.
The reality is that no one should care. The telephone system is broken when most of the calls we get are fraudulent. I want my phone to be useful; I don't care if fixing it breaks some phone system set up by a sketchy IT wannabe.
You can have the "I don't care" attitude when you have one telephone number in your life. You have to care when you have a couple hundred thousand telephone numbers in your life, like I do, working for a Class 3 ITSP.
Yet, we seem to be committed into destroying the entire system.
At least on personal devices/lines, everyone I've talked about it with now refuses to pick up any call from a number they don't recognize, which is really the only option when 2/3 of the calls you get daily are spam. Most just assume that if it's important, the caller will leave a message.
This is true, and also burned me last weekend. My dog set off my alarm system and the phone identified ADT as "potential spam" so I didn't answer it. The police showed up at my house. Fixed by adding ADT to my contacts, but the distrust is real.
I wish this was the case where I work. My boss answers every single call that comes in to her cell phone. Sometimes 15 a day. Then everyone in the office has to listen as she tries to interrupt the sales pitch and tell them "take me off your mailing (!) list."
And she's a millennial. I thought millennials didn't use voice.
It's far too early for carriers to block by default, but consumers should have the choice. If I could set my phone to give a busy signal to any caller not authenticated through STIR/SHAKEN, I would in a heartbeat.
And then pop-ups were replaced by divs, and adblockers got blocked by paywalls.
I don't think either problem has been solved yet.
Isn't "call forwarding" another name for "caller ID spoofing"?
Since the act itself is illegal, blocking cannot be contested.
† Why just among your friends? Cos we all know that the minute you make it open to everyone, the marketing and MBA folks will get their fangs in it and monetize and data-mine.
I never get calls from the same number. I've had the same scammer call me 3 times in one day from 3 different numbers.
This is the scammer that has called me 100s of times in the last 2 years: http://www.caribbeandiscountsinternational.com/about/
I tried to contact Tucows to complain, no way to do that. Then, I filed a report with ICANN that Tucows was violating their contract (because I can't report abuse), and that case was closed after two weeks.
The entire system is supporting the scammers.
This shared block list is basically how Nomorobo works and it’s quite effective for me.
I seriously doubt that, given the locality to my own number.
AT&T's seemed to work OK for the first few months. Then calls started slipping through. Then AT&T started trying to sell me an "enhanced" version for $x/month.
So now the telcos have found another way to make money from phone spam.
The problem is scammers spoof numbers. So, even if you share the number and try to call it, the number will be dead.
It has made phone calls probably the worst way to reach me, though. Not sure why I don't receive more text spam, which is nearly nonexistent—must be some technical reason.
On my cell phone, the biggest annoyance is that I have to turn on Do Not Disturb when traveling internationally which means only the specific numbers in my contacts list can reach me in an emergency at all hours.
That occurred to me, but you can direct someone straight to a website that can then do god-knows-what with a text message, and they're even easier to automate and do in quick, huge batches than phone calls, so even at a much lower % success rate I'd think they'd be viable for scammers, and maybe even preferable to calls. Maybe they're more expensive to send? That'd be dumb, but then phone billing's never made any sense.
In future networks you’ll have to have an invitation path from the user, and if it gets abused you just mute a subpath so those people’s invites don’t result in auto-accepting messages. Simple!
A -> B -> C -> D
D attempts to send a message to A’s mailbox
A’s mailbox automatically accepts the message
If too many messages were sent from the subtree of invitations of B or C, just mute that branch.
Then the others have to jump through hoops like proof of work or pay crypto to be whitelisted and start a conversation to you.
Fixes all SPAM.
You can make this compatible with an email gateway where the invitation is added as an email alias such as “firstname.lastname@example.org” and then emails to and from “foobar@“ would be proxied as messages to the actual non-email system I described, where foobar was the gateway corresponding to the “path A -> B”. It was compromised? Don’t accept emails from any new unknown email addresses sending to that endpoint without jumping through hoops.
I installed the public beta for that alone because I get so many of these types of calls, and it's saved me 19 interruptions so far this week.
Obviously blocking all unknown numbers isn't an option for everyone, but it's been great for me.
I will just continue to block and report spam for calls from all numbers which I did not myself enter into my contacts.