More on Scammers Abusing TTY Services
edward ericson writes "A more comprehensive look at IP Relay scams and their effect on relay operators, the deaf, US business and the relay providers like Sprint, AT&T and MCI. Unlike a previous piece in the AZ Star, this one shows that the problem is at least a year old, and estimates that the companies have earned at least $23 million by facilitating scams. Anyone here care to discuss IP blocking techniques?" See our previous story for more.
It's more or less proven now that this system is implemented very poorly. IP-based TTY calls should be suspended until an effective authentication solution is in place.
The deaf people with computers can still get to this service by using their modems as a TTY terminal, and by calling a 1-800 number, there would be effective proof that the call is coming through the USA. Data calls don't get along well with VoIP services...
Those scammers should have their eardrums busted when they are caught.
This is the first I've ever heard of this, but the article does a really good job of explaining the background behind it. Hefty read, though.
I would not want to be in the position of the CAs that have to put up with this. According to TFA, not only can they not legally refuse to process these calls, in most cases (no international calls), but they are also prohibited from breaking the privacy barrier. That's not something I ever considered, but it's good to know your translator is not allowed to tell the world that you just bought Viagra over the phone.
On that note, they have to translate prank calls and phone sex. Jesus.
Auto-reply to ACs: "Truly, you have a dizzying intellect."
Will somebody just pull africas isdn line out of the wall.
Or rather, my girlfriend.
I told the scammer in question to quit abusing her TTY services or I would beat the living hell out of him, and he did. Got right up and walked out of the bar after dropping a $20 for the drinks he'd bought. I recommended to my gf that she consider re-evaluating how her protocols broadcast the availability of her TTYs on public networks, and suggested she wear a turtleneck next time we went out. It hasn't been a problem since.
Sometimes you need to know the right techniques to apply.
You see? You see? Your stupid minds! Stupid! Stupid!
I work overnights in a call center, doing mostly tech support, but I am in a overflow buffer for a customer service/retail catalog. These calls are some crazy stuff. They take forever, the person is slow to respond, always wants the item shipped right now, before we run the credit card. It's always obscene amounts of stuff too. For example they may call and ask for one thing, and you say we are out, then they take the next item up, 5-10 of them. They are items that people would never buy more than 1 of, maybe 2. Does the company care? The outsourcing company doesn't, they are getting paid per call. The retailer, doesn't seem to care as much as they should. I don't know how various write-offs work, but my guess is they probably use this in their taxes, the fraud loss I mean. The relay(phone) companies need to put a stop to this.
Anything that's totally given away for free meant to help a certain segment of society should at least seek proof that the person taking advantage of the service is a member of that segment of society.
No government in the USA hands out handcapped parking permits to everyone who asks. There's a documentation process to certify that one is entitled to it. Sure, that process sometimes gets fooled into giving a permit to somebody not entitled to it, but as least there's a paper trail created by such a fraud that can be followed once it is discovered.
Free TTY services be allowed to issue usernames and passwords to their customers, keep text logs of the conversations, and able to revoke the access of those who abuse their accounts. Basically, the laws that are requiring them to be open are also regulating this service to its death. This needs to be fixed quick.
Even the hard of hearing could use a bigger penis.
They're deaf, not dead [] ) --laforge smiley
What's bugging me is reading this Clarke book, in particular the lack of information awareness of the FBI. It's small wonder that more of the clowns spamming and scamming aren't getting busted. It would seem a fairly minor effort to look these people up, gather some evidence and send an agent over to bust their chops (or pass the stuff along to local athorities.)
That I'm still getting piles of spam states very clearly that tracking and apprehension are sorely lacking. That much effort is now put onto tracking terrorists rather than domestic criminals and they budgets for intelligence and law enforcement have taken some big hits under the current administration is a fairly clear message to perpetrators, "We will pass laws, but we A) Wont't enforce them OR B) Can't enforce them.
A feeling of having made the same mistake before: Deja Foobar
Funny mental images - A penis enlargement spam translated to sign language :)
While the addresses are not tied to geography, generally speaking you can tell which IP's are from inside the US and which are from outside. This is supposed to be a system used by deaf Americans, right? Just block all foreign IP addresses. It won't stop all of the false calls, but it will stop a lot of them.
That seems the only solution, unless you come up with some kind of authentication.
Of course, as the article states, the phone companies don't really have an incentive to stop the calls since they are paid either way. This may be one time that legislation is required.
You probably meant Phone Losers of America.
The truth about Scientology, Xenu, and you: Operation Clambake
The person on the other end wanted to order 40,000 of our EverLED LED flashlight bulbs. We only sold 1000 of these in all of last year. At $40 a pop, most people only want to buy one. So right away warning bells went off in my head. Some toolbag wants to buy $1,600,000 worth of product from a retailer he has no relationship with and he is doing it over TTY relay???
I figured I'd try to find out a little more about the individual. I asked him where he was from. "Nigeria." WHOOP WHOOP DANGER WILL ROBINSON!!! Needless to say I cut the conversation short.
It was a very difficult exchange, the Nigerian used broken english that neither myself nor the operator could really understand. It must have been very frustrating for the operator, I felt bad for her. The whole exchange took about an hour, it was extremely tedious. And it was a complete waste of my time. Thankfully that hour is ALL I lost.
The Nigerian tried to call me back TWICE both times using the TTY relay, of course I wasn't about to give him any more of my time. Selling $1.6 million worth of product via TTY relay is unconventional, but I don't discriminate against the disabled. I do NOT however do business with ANYBODY in or from Nigeria.
-73, de n1ywb
www.n1ywb.com
I am currently employed by an online retailer. We've been dealing with this problem for at least TWO years. The basic scenario goes something like this: we receive an order placed online with an obscene total, next day shipping, a yahoo email addy, or a combination of other flags that tell us it's fraud. The credit card address verification always comes back "does not match" in these cases. Then we send them a polite email stating that we can't process their order any further until the address does match. Within minutes the call center receives a call from an IP relay operator. Occasionally, they don't identify themselves as IP operators. So we always ask "Is this an IP relay call?" So far, they've never denied it. (In the last two years we've documented ONE TTY call.) At this point we accept the call and then explain to the scammer that we can't accept IP relay calls and that they should send us an email. Shortly thereafter we get an email from a different yahoo account that reads like a 419 scam. It's fun.
Basically, the theory is that if someone is legitimately using the service, they're perfectly capable of sending email. The benefit is that we minimize the time spent dealing with scammers.
If anyone else has methods of dealing with this nonsense, I'd love to hear it.
The owner of my company received one of these the other day. He's in his 70's, but he's on the ball.
He had one the other day where the operator relayed that the person wanted to know what credit cards our company accepted. He told the operator to tell them that we only accepted certified checks or wire transfers, and then told the operator that the person was going to hang up when they got that message.
The operator relayed the message, and there was a pause. Then she said "I'm sorry sir, but it is my job to relay this message: 'Fuck you. Fuck you. Fuck you.'"
What's likewise crazy about online fraud to me is the following scenario.
As an online merchant, we see online orders that are clearly fraudulent. But the credit card still goes through (we 'authorize' first which just deducts from your credit limit). We decide not to take the order; thus we don't do a 'capture' on the card that would deduct the money from the poor guy's credit card account. That way we avoid getting charge-backs that would ruin our merchant rating and that would cost us in the end anyway (if caught). But we do log that credit card # in our database. Sometimes SIX MONTHS LATER the fraudster will use that same credit card # on our site again and it is *still* being accepted by Visa/Mastercard!
This is a broken system. As a merchant, we have no way (that I know of) to warn Visa/MasterCard or the issuing bank or the card holder that the number is being used for fraud! (Besides just going ahead and charging the card, knowing its fraud.) Certainly not an automated way to do so in the same way that we connect to payment gateways. It's just not in Visa's/Mastercard's interest to put a system in place because at the end of the day, the merchant is liable.
I'm interested if anyone knows of a place where merchants can swap info about fraudulent cards or other fraud data.
--LP
Having worked at the National Technical Institute for the Deaf, I can tell you that IP Relay is the hottest thing there. Computer kiosks that were set up in the building used to be pointing to web pages within the school. When I left in 2002, most every time I walked past them, the browsers were opened to the Sprint IP-Relay center.
I wonder. If people shit on the commons, can we go back and chase them off with a gun?
--You will rephrase your request for me to go to hell. Goto statements are not acceptable programming constructs
Many deaf people are going away from the TTYs and are using fax machines.
At least that what my parents and their friends are doing.
AT&T spokesman Cruz says his company can block scam calls but would not reveal whether AT&T had ever blocked IP addresses, or for how long. He emphasized that such addresses are not tied to geography.
Wow, the AT&T folks are technically clueless it seems. Deteriming which country an ip is from is reasonably possible given the fact that IP blocks and other tools (traceroute, rdns) exist. Either they don't know what they are doing or they are in it for the money. Remember we are not talking specific geography, but country level location.
http://ip-to-country.webhosting.info/ for example.
Am I missing something. Does ni not have any IP blocks or providers or standard routes? When I ran a site it was pretty trivial to work out what country someone came from even if the block wasn't clear, have things changed?
Didst said trolle violate thine precious IP?
Yep. I don't have the money to go filing pointless lawsuits that I doubt I'd see anything from... but maybe it'd be cool to just force Slashdot to cough up the IP address of the "anonymous" troll.
Art thou's commentes no longer valid?
They sure are still vaild. I don't disagree with myself very often.
Dear God! We can no longer trust our TTY services!
OK. I think I should be safe now.
Sincerely,
Pan Tarhei Hosé, PhD.
"Homo sum et cogito ergo odi profanum vulgus et libido."