Slashdot Mirror
More on Scammers Abusing TTY Services
edward ericson writes "A more comprehensive look at IP Relay scams and their effect on relay operators, the deaf, US business and the relay providers like Sprint, AT&T and MCI. Unlike a previous piece in the AZ Star, this one shows that the problem is at least a year old, and estimates that the companies have earned at least $23 million by facilitating scams. Anyone here care to discuss IP blocking techniques?" See our previous story for more.
It's more or less proven now that this system is implemented very poorly. IP-based TTY calls should be suspended until an effective authentication solution is in place.
The deaf people with computers can still get to this service by using their modems as a TTY terminal, and by calling a 1-800 number, there would be effective proof that the call is coming through the USA. Data calls don't get along well with VoIP services...
Those scammers should have their eardrums busted when they are caught.
This is the first I've ever heard of this, but the article does a really good job of explaining the background behind it. Hefty read, though.
I would not want to be in the position of the CAs that have to put up with this. According to TFA, not only can they not legally refuse to process these calls, in most cases (no international calls), but they are also prohibited from breaking the privacy barrier. That's not something I ever considered, but it's good to know your translator is not allowed to tell the world that you just bought Viagra over the phone.
On that note, they have to translate prank calls and phone sex. Jesus.
Auto-reply to ACs: "Truly, you have a dizzying intellect."
Also interesting to know how much the government playes in it?
The conservative is the man who has a real concern for injustices and takes thought against the day of reckoning.
Will somebody just pull africas isdn line out of the wall.
Might be better as "Moron Scammers..."
Or rather, my girlfriend.
I told the scammer in question to quit abusing her TTY services or I would beat the living hell out of him, and he did. Got right up and walked out of the bar after dropping a $20 for the drinks he'd bought. I recommended to my gf that she consider re-evaluating how her protocols broadcast the availability of her TTYs on public networks, and suggested she wear a turtleneck next time we went out. It hasn't been a problem since.
Sometimes you need to know the right techniques to apply.
You see? You see? Your stupid minds! Stupid! Stupid!
In Apache:
/sbin/iptables -A CUSTOMFORWARD -i $INET -p TCP -s xxx.xxx.xxx.xx -j DROP
Deny from xxx.xxx.xxx.xxx
For iptables:
I'm sure other people can come up with more.
I work overnights in a call center, doing mostly tech support, but I am in a overflow buffer for a customer service/retail catalog. These calls are some crazy stuff. They take forever, the person is slow to respond, always wants the item shipped right now, before we run the credit card. It's always obscene amounts of stuff too. For example they may call and ask for one thing, and you say we are out, then they take the next item up, 5-10 of them. They are items that people would never buy more than 1 of, maybe 2. Does the company care? The outsourcing company doesn't, they are getting paid per call. The retailer, doesn't seem to care as much as they should. I don't know how various write-offs work, but my guess is they probably use this in their taxes, the fraud loss I mean. The relay(phone) companies need to put a stop to this.
I say rather than block IPs, we block these scammers access to air.
See how long they can scam then.
Blargh. POS people.
Sent from your iPad.
Anything that's totally given away for free meant to help a certain segment of society should at least seek proof that the person taking advantage of the service is a member of that segment of society.
No government in the USA hands out handcapped parking permits to everyone who asks. There's a documentation process to certify that one is entitled to it. Sure, that process sometimes gets fooled into giving a permit to somebody not entitled to it, but as least there's a paper trail created by such a fraud that can be followed once it is discovered.
Free TTY services be allowed to issue usernames and passwords to their customers, keep text logs of the conversations, and able to revoke the access of those who abuse their accounts. Basically, the laws that are requiring them to be open are also regulating this service to its death. This needs to be fixed quick.
Even the hard of hearing could use a bigger penis.
They're deaf, not dead [] ) --laforge smiley
Go to phonelosers.net for some info on TTY related pranks, including, but not limited to:
1. making the TTY operator saying funny things("PLA go away")
2. Prank calling your friends across the USA via 800 numbers
3. Don't have a voice changer? use the TTY relay operator's voice!
RedBoxChiliPepper and friensds have been doing fun TTY for years!
... but have you considered that some of the set "deaf people" might overlap with the set "assholes"?!!!!
What's bugging me is reading this Clarke book, in particular the lack of information awareness of the FBI. It's small wonder that more of the clowns spamming and scamming aren't getting busted. It would seem a fairly minor effort to look these people up, gather some evidence and send an agent over to bust their chops (or pass the stuff along to local athorities.)
That I'm still getting piles of spam states very clearly that tracking and apprehension are sorely lacking. That much effort is now put onto tracking terrorists rather than domestic criminals and they budgets for intelligence and law enforcement have taken some big hits under the current administration is a fairly clear message to perpetrators, "We will pass laws, but we A) Wont't enforce them OR B) Can't enforce them.
A feeling of having made the same mistake before: Deja Foobar
Nigerian scams are but one annoyance CAs encounter on the job. They also facilitate phone sex and, frequently, endure prank calls in which college students and others call their friends--or even themselves--just for fun.
Obligatory Simpsons reference: Moe: Is there a Symore Butts in the bar?... Hey, alright I am going to strangle you next time you do this kid...
Who are you? The new #2 Who is #1? You are #617565. I am not a number, I am a free man! Muhahaha.
Funny mental images - A penis enlargement spam translated to sign language :)
My family runs their own mailserver (Sendmail). There is a perl script on our server (self-made) that denies mail for a number of reasons. If a reverse DNS lookup does not work, then the mail is rejected, if the mail is in NJABHL, then the mail gets rejected. Then, if we have ever gotten spam from that IP before, the mail is rejected. If we get mail from more than one IP in a subnet, the entire subnet is blacklisted. And finally, we have a few key-words that if found in piece of mail, it will be rejected.
OMG OMG OMG WTF OMG WTF BBQ STFU RTFM, OMFG OMG OMG OMG ROFL LMAO OMG WTF STFU ROFLMAO
While the addresses are not tied to geography, generally speaking you can tell which IP's are from inside the US and which are from outside. This is supposed to be a system used by deaf Americans, right? Just block all foreign IP addresses. It won't stop all of the false calls, but it will stop a lot of them.
That seems the only solution, unless you come up with some kind of authentication.
Of course, as the article states, the phone companies don't really have an incentive to stop the calls since they are paid either way. This may be one time that legislation is required.
From the article...
the companies have earned at least $23 million by facilitating scams
That speaks for itself
The person on the other end wanted to order 40,000 of our EverLED LED flashlight bulbs. We only sold 1000 of these in all of last year. At $40 a pop, most people only want to buy one. So right away warning bells went off in my head. Some toolbag wants to buy $1,600,000 worth of product from a retailer he has no relationship with and he is doing it over TTY relay???
I figured I'd try to find out a little more about the individual. I asked him where he was from. "Nigeria." WHOOP WHOOP DANGER WILL ROBINSON!!! Needless to say I cut the conversation short.
It was a very difficult exchange, the Nigerian used broken english that neither myself nor the operator could really understand. It must have been very frustrating for the operator, I felt bad for her. The whole exchange took about an hour, it was extremely tedious. And it was a complete waste of my time. Thankfully that hour is ALL I lost.
The Nigerian tried to call me back TWICE both times using the TTY relay, of course I wasn't about to give him any more of my time. Selling $1.6 million worth of product via TTY relay is unconventional, but I don't discriminate against the disabled. I do NOT however do business with ANYBODY in or from Nigeria.
-73, de n1ywb
www.n1ywb.com
fake link, goes to crap search page
I am currently employed by an online retailer. We've been dealing with this problem for at least TWO years. The basic scenario goes something like this: we receive an order placed online with an obscene total, next day shipping, a yahoo email addy, or a combination of other flags that tell us it's fraud. The credit card address verification always comes back "does not match" in these cases. Then we send them a polite email stating that we can't process their order any further until the address does match. Within minutes the call center receives a call from an IP relay operator. Occasionally, they don't identify themselves as IP operators. So we always ask "Is this an IP relay call?" So far, they've never denied it. (In the last two years we've documented ONE TTY call.) At this point we accept the call and then explain to the scammer that we can't accept IP relay calls and that they should send us an email. Shortly thereafter we get an email from a different yahoo account that reads like a 419 scam. It's fun.
Basically, the theory is that if someone is legitimately using the service, they're perfectly capable of sending email. The benefit is that we minimize the time spent dealing with scammers.
If anyone else has methods of dealing with this nonsense, I'd love to hear it.
The owner of my company received one of these the other day. He's in his 70's, but he's on the ball.
He had one the other day where the operator relayed that the person wanted to know what credit cards our company accepted. He told the operator to tell them that we only accepted certified checks or wire transfers, and then told the operator that the person was going to hang up when they got that message.
The operator relayed the message, and there was a pause. Then she said "I'm sorry sir, but it is my job to relay this message: 'Fuck you. Fuck you. Fuck you.'"
I tried conversing with them through a relay, but they refused the call :/
Maybe it was the relay that refused to make the connection.. I'll call the relay through the relay and ask to talk to the manager. But I'll order a pizza first, if they'll let me. Mmmm, cheese. We'll see if they can get it hear^H^Hre in 30 min this time..
Read; Write; Execute
At least this was posted AC... it is a total rip of What I posted in the earlier story about this, which is mentioned in the summary.
What's likewise crazy about online fraud to me is the following scenario.
As an online merchant, we see online orders that are clearly fraudulent. But the credit card still goes through (we 'authorize' first which just deducts from your credit limit). We decide not to take the order; thus we don't do a 'capture' on the card that would deduct the money from the poor guy's credit card account. That way we avoid getting charge-backs that would ruin our merchant rating and that would cost us in the end anyway (if caught). But we do log that credit card # in our database. Sometimes SIX MONTHS LATER the fraudster will use that same credit card # on our site again and it is *still* being accepted by Visa/Mastercard!
This is a broken system. As a merchant, we have no way (that I know of) to warn Visa/MasterCard or the issuing bank or the card holder that the number is being used for fraud! (Besides just going ahead and charging the card, knowing its fraud.) Certainly not an automated way to do so in the same way that we connect to payment gateways. It's just not in Visa's/Mastercard's interest to put a system in place because at the end of the day, the merchant is liable.
I'm interested if anyone knows of a place where merchants can swap info about fraudulent cards or other fraud data.
--LP
Don't the Deaf in the US get benefits from the Social Security office? If that's the case, perhaps the FCC can team up with the SS office to issue unique logins and passwords that are sent to all the hearing impaired people out there. Then the hearing impaired person could use the login/pass combo to access the IPRelay services.
This is the forum they reference in the article.
i work in a computer shop. monday i had a deaf person call and wanted me to order 3 dell laptops and ship them to africa for him. i was hesitant. i'm glad. the last e-mail i sent him saying if he wanted it done to mail me a check instead of the cc # he gave me. glad i did'nt buy those laptops, i'd of been punked.
Having worked at the National Technical Institute for the Deaf, I can tell you that IP Relay is the hottest thing there. Computer kiosks that were set up in the building used to be pointing to web pages within the school. When I left in 2002, most every time I walked past them, the browsers were opened to the Sprint IP-Relay center.
I wonder. If people shit on the commons, can we go back and chase them off with a gun?
--You will rephrase your request for me to go to hell. Goto statements are not acceptable programming constructs
Many deaf people are going away from the TTYs and are using fax machines.
At least that what my parents and their friends are doing.
Nope. Wasn't me... I'd like to know who's copying my post too
LostCluster thinks reposted comments vi
AT&T spokesman Cruz says his company can block scam calls but would not reveal whether AT&T had ever blocked IP addresses, or for how long. He emphasized that such addresses are not tied to geography.
Wow, the AT&T folks are technically clueless it seems. Deteriming which country an ip is from is reasonably possible given the fact that IP blocks and other tools (traceroute, rdns) exist. Either they don't know what they are doing or they are in it for the money. Remember we are not talking specific geography, but country level location.
http://ip-to-country.webhosting.info/ for example.
Am I missing something. Does ni not have any IP blocks or providers or standard routes? When I ran a site it was pretty trivial to work out what country someone came from even if the block wasn't clear, have things changed?
From the article: The FCC agreed to use the Telecommunications Relay Service Fund to pay for IP Relay for the same technical reason that allows easy access by scammers: unlike phones, which can be quickly traced to a particular location, computer IP addresses are not tied to any place. As one FCC document put it, "WorldCom states that there is no way of determining the origin of IP Relay calls, because Internet addresses have no geographical correlates."
I'll plead ignorance -- I assume they're right in saying there is no strict, one-to-one relationship between IP address and locale. But isn't it possible to identify with a HIGH degree of likelihood that a given IP is originating in Nigeria? Or that the packets have been routed through Nigeria?
The cure for cancer is coming: Reovirus
I'd submitted the original AZ Star story on this scam, but after reading this new article, all I can say is, "Now THIS is journalism!"
Very impressive, City Paper.
Order away!
Power off before disconnecting connecting connector. Seen on a cash register
The only reason the call centers make money handling calls is that the government taxes every legitimate phone user to pay for this service.
So I'm paying taxes on my landline and my cell phone to run call centers where 80% of the volume is Nigerian scammers. And so are you.
Repeal the taxes and let the deaf people pay to access the IP call center. Or, if that's too free-market for you, then repeal *half* the taxes and let the deaf pay for *half* the service. Also add some authentication so that nobody can use this service that *we* pay for unless (a) they are a US resident and (b) they have a doctor's note that they are, in fact, deaf.
You can. There's a way to use the sidekick terminal program to connect. Search for it on hiptop.com
Just call MCI and they will give the IP w/o a subpoena.
In order for the goverment to care about this, you will have to put in a light that the current goverment administration cares about. Call your reps. and sens. and let them know how concerned you are over the various Nigerian scams and TTY scams in general funding "terrorist" activities. That will get the goverment to care (or possibly Nigeria invaded...).
At $82 an hour, I don't mind being a go-between for anyone, Nigerian OR deaf.
A friend of mine keeps his bike pretty much permanently posted for sale, and a while ago he got one of these calls from Italy from someone "interested" in buying it. He actually told the woman not to take the calls from now on.
Anyway, once we discovered the service, we found out it was a really fantastic way to crank call people. Heh.
autopr0n is like, down and stuff.
Seriously... a "data embargo" against Nigeria may very well be deserved at this point. They've clearly got a problem enforcing their own anti-scam laws.
I think you're forgetting one big point here: the 419 scammers mostly don't scam from Nigeria. Instead, they are active in a lot other countries, with The Netherlands being at the top of the list. So, forcing Nigeria to follow the 419'ers all the way to Hell isn't going to stop this.
In need of reliable and affordable server monitoring?
Has anyone tried to call themselves through relayand either test their limits, or at least have some fun forcing them to say silly things. WE ARE THE NIGHTS WHO SAY NI! ;)
- Just because you can't, doesn't mean you shouldn't
In the UK, you pay normal phone rates to use BT Typetalk, and if you can show you are disabled, you get a rebate on the bill.
The Nigerian Scammers wouldn't be able to show that they were genuinely disabled, so they would end up paying lots of money on their phone bills.
...just a sneaky piece of advertizing for his business. How many have visited his website now? How many have ordered something? Even if only one person has, it's been well worth the five minutes it took him to post the little tale. Hell, maybe it's a true story, so I think we shouldn't begrudge him this one time! :-)
Modems are cumbersome. If I am at work and I need to make a phone call using the relay, simply opening up a web-browser is by far the easiest way.
Not really sure how an authentication system work. One way I guess, would to have the users actually mail in documentation certifying that they are indeed deaf.
Modems though. No. God no.
Like in UK, using a TTY and a land line you are charged for the call based on the services available on your phone line. And also as in UK, if you call the phone company and convince them that you are a TTY user they might give you a discount. Don't go saying this isn't fair, Relay calls take SO MUCH longer than voice calls do... don't forget that land line calls are charged by the minute.
IP Relay wasn't meant to be free once they figured out how to charge people... at least that's what they told us back when it first started...
What does TTY or IP relay have to do with this? It's simple credit-card scamming. Could happen via email or, hell, even a regular phone call. (Someone who expects to recieve $1.6M in free ill-gotten goods surely doesn't care about international long distance charges??) Seems to me any number of alarm bells should be going off in the business-owners' heads regardless of the communications medium used.
"A great democracy must be progressive or it will soon cease to be a great democracy." --Theodore Roosevelt
Dear God! We can no longer trust our TTY services!
OK. I think I should be safe now.
Sincerely,
Pan Tarhei Hosé, PhD.
"Homo sum et cogito ergo odi profanum vulgus et libido."
"capture" the value *and* do not deliver the goods. the "poor fellow" whose cc# was taken will complain, you reimburse him his money, the cc# is now blacklisted.
It's better to be the foot on the boot than the face on the pavement. ~~ tkx Kadin2048
Not really.
The problem is that the merchant does not have a way to detect which purchase is fraud and which is legitimate. To delay shipping erases merchant's own competitive advantage. Would you buy from a merchant who waits for a week "just to make sure" before shipping??
Get real. Introducing a delay is too artificial and it is as much useless as it is simple. It should not be the merchant's task to be the anti-fraud police. You have obviously never run a business before, so the term "customer satsfaction" probably seems like an overused cliche to you.
There is one solution that is already in place: one-time disposable cc numbers. When you make a purchase online, you log on to your cc account, your bank generates a combination of a cc number (taken from a pool), together with the expiration date (e.g. a month from now) and an amount up to which that number can be used, and you supply that to the merchant. This means the customer never has to reveal his "real" cc number and even if the number gets stolen, it's absolutely useless. But the customers are too dumb right now to use this feature. Or I should say, noone pressures them to use it. If the banks transferred the responsibility for fraud from merchants to the customers, the use of such features would skyrocket. But the banks won't do that, because it would make their services relatively tougher to use, which means they could potentially loose customers for their cc products.
Think before you write.
The marketing guy, who gets this crap from our web page contact form, passes it on to me. I always can it, and marvel that not a *single* one of these bozos ever has a real domain name...it's always edscomputers0284742@yahoo.com or something. They've got moolah for 150 inkjet cartridges, but they can't afford a freaking domain for their alleged computer bizness. And of course *no* one ever speaks English as a first language.
Mindful of the chatter here on Slashdot earlier this week about the importance of not discriminating against people, I do at least look them over for signs that they might actually be in my state. But I never see them, and so I deep six 'em immediately.
Think before you write.
Eat you own dogfood.
It should not be the merchant's task to be the anti-fraud police.
Even when it is on the merchant's money when fraud occurs? Merchants have to protect themselves.
I was even half-joking in my comment, but your reaction makes me sure it has to be something right: Yes, if you suspect of fraud, delay the delivery.
one-time disposable cc numbers
Not every bank has those available. In particular, in Brasil none has.
If the banks transferred the responsibility for fraud from merchants to the customers, the use of such features would skyrocket.
No, use of credit cards would be zero in a week.
You have obviously never run a business before, so the term "customer satsfaction" probably seems like an overused cliche to you.
You don't know me, do you?
Introducing a delay is too artificial and it is as much useless as it is simple. It should not be the merchant's task to be the anti-fraud police.
No, it's not. If it's not fraud, the suspicious client will complain to the credit card company. When investigation starts, your company will say I'm sorry, there was an error, here's your merchandise, should you take it, or else here's your money, here's some compensation gift, whitelist the CC# and voilá.
Get real. Well, I'm the one posting here under my real name, instead of some mildly offensive nick.
So, think before you write.
It's better to be the foot on the boot than the face on the pavement. ~~ tkx Kadin2048
[...] REPORT ADVANCED FEE FRAUD
These con artists target senior citizens. It is important to be alert to any sign that a vulnerable family member is being victimized and to discuss such a fraud with loved ones and their caregivers. If you or any member of your family has been a victim of any form of the Nigerian scam, contact the United States Secret Service, the lead agency fighting this fraud at 202-406-5572.
If you receive an email relating to advanced fee fraud, please forward the email to the Secret Service at:
419.fcd@usss.treas.gov.
If you receive a letter in the mail, you may send or fax it to:
U.S. Secret Service
Financial Crimes Division
950 H. Street, NW
Suite 5300
Washington, DC 20223
Fax: (202) 406-6930
If the scheme targets a United States resident but involves a Canadian address or phone number, inform PhoneBusters by sending an email to
info@phonebusters.com
or calling toll-free 1-888-495-8501.
If you, like me, tried to read the linked article and found out that it had absolutely nothing to do with the write-up, then you realized that the person that posted this used a link that was only valid while the feature was "current" on the site. Shame on you.
A permanent link, for the archives and anyone that reads this past the first week, is below.
http://www.citypaper.com/2004-04-14/feature.html
Please, check your links before submitting.
The link cited in the story lead points to the current City Paper feature. The stable url is: Out of Africa
I paid the going retail price for a Windows screen reader and got a free Unix computer!