Slashdot Mirror
Sprint Cracks Down on TTY Relay Abuses
An anonymous reader writes "Sprint thinks it has found a way to keep West African scam artists from using Sprint's deaf-relay service to defraud people." Our previous two stories have background information.
But one former MCI relay operator said blocking internet addresses will only be a temporary obstacle for abusers of the Internet-relay system. That's because the scam artists can continuously find alternative Internet-protocol addresses...
I think every popular web-based service dealt with this issue years ago, including Slashdot. I guess nobody involved in setting up the TTY relay services ever ran a message board?
"Obviously it's had the effect of cutting down these calls, but they're going to find new hosts and call back anyway... It's always going to be a cat-and-mouse game."
Or to put it in the Slash vernacular, a troll-and-moderator game.
Grodevant would prefer a system in which legitimate users register in advance to gain access to the system.
Again, Slashdot provides an example of a solution. Sometimes, you need to be anonymous. But creeps and crooks are among those who prefer anonymity. So you simply flag the calls: "You have a call from a registered TTY user" vs. "You have a call from an Anonymous Coward".
I can see why the telcos didn't put these protections in place from the beginning, though... preying on the disabled is about as low as you can get. The companies simply didn't realize that these bastards have to look up to even see "as low as you can get".
Stressed? Me? Of course not. Stress is what a rubber band feels before it breaks, silly.
===
Sprint spokesman Steve Lunceford, would not detail how Sprint is trying to block the calls other than to say the company is looking at problematic Internet-protocol addresses and finding ways to block them before calls go through to operators.
So far, the effort appears successful. The volume of Internet-relay calls has returned to the level it was in early January, before massive abuse of the system began, Lunceford said.
===
This is only a temporary fix. If they're blocking specific IP addresses, then the scammers will start using proxies. I suppose they could also start blocking anything from a proxy server, but there might be legitimate deaf people using Anonymizer or similar service that would no longer be able to get through.
Is it possible to tell whether a particular HTTP request is coming from a proxy server, without knowing the IP address? Perhaps there is a descriptor in the packet somewhere that says it is going to be forwarded beyond the "apparent" destination?
Homestarrunner.net -- It's Dot Com!
I guess we will just have the Nigerian fraud to keep us company. Glad that one will never go away. Ive almost come to enjoy seeing emails with it in the message. sigh...
Party at O'zorgnax's Pub! Buy me a Slurmtini aye?
I hope we'll be seeing a reduction in scenarios like the Midwestern couple who owns a jewelry store:
Wife: Honey, the deaf Nigerian man is on the phone and he wants another $10,000 worth of raw diamonds. He wants to put the order on five different credit cards.
Husband: Hot-diggidy! Another vacation in Malibu!
You are in error. No-one is screaming. Thank you for your cooperation.
Sprint thinks it has found a way to keep West African scam artists from using Sprint's deaf-relay service to defraud people
Uh yeah simple...
You don't allow anyone from West Africa to purchase $30,000 or more worth of laptops from the US!
Duh.
It's a cut-and-paste of a comment from a previous story
There's more fun things to do with a TTY operator than just 419 scams.
Phone sex with a TTY operator relaying the action... ho, boy. I just hope that the operator in the middle's an uber-prim-and-proper woman who blushes like mad at the whole thing.
Striking fear in the authors of godawful fanfiction, I am here, appearing in darkness, Tuxedo Jack!
These TTY scams take up a ton of time for the person who answers the phone. We get about ten TTY scam calls per week, and about 1 legit deaf call per month. That adds up to a lot of wasted time.
As a South African, let me assure you we are annoyed by West African/Nigerian just as much as anywhere in the world. Arguably Xenophobia (against Nigerians) is today a larger problem todya then racism was for us in the past.
So for an effective short term solution change these rules so that any operator who believes that it's a scam can (after some procedures have been followed) terminate the call.
I'm all for alternative solutions too, but this will make some headway into solving the issue. After the scammers know that you'll terminate the call as soon as it becomes evident then they'll look elsewhere.
Avantslash - View Slashdot cleanly on your mobile phone.
And how do the deaf dial the 800 number without using tty? mmm?
"Piter, too, is dead."
Whenever I make a telephone call, for whatever purpose, it is associated with my telephone number. Thus, I am accountable for the use of my communications equipment.
Why should it be different for people using TTY services? Provisions for anonymity only allow people to abuse the telephone system.
Wonderful scam on scammers: check this out - Ha ha ha ha . Some guy out there is a genius, funniest site in years.
REFUSE to accept credit card transactions for non-U.S. customers (primarily those in nations well-known as scamming bases). If they want $30,000 in laptops, they can handle the banking necessary to get a loan and make a wire transfer. Also, the symptoms of these scammers is that they seldom have clear descriptions of what they want. I don't know a single legitimate business that would fork out $30,000 for "whatever your most expensive laptop is".
I don't handle the finance end of things, but I would suggest calling the bank and reporting such a suspicious transaction. The bank then calls the customer and verifies that the intended purchase is legitimate. This would hamper these guys in two ways: You wouldn't accept the card and now the legitimate card-holder knows the number is stolen.
BTW -- what are credit card companies doing to deal with these scammers? How can that many stolen credit card numbers (with those kinds of balances) exist and not have MasterCard or Visa heavily on the tails of the perps?
I was taking one day at a time, but then several days got together and ambushed me. (from a Rhymes with Orange comic)
You (and a lot of people) are missing a key fact: the relay service is ALSO legitimately used by hearing people to call deaf people. You can't just require everyone who uses the service to "prove you're deaf", or whatever.
Perhaps you have not gotten the 300+ Emails that I have gotten ... all people from or claiming to be from Nigeria. (There have been arrests for Nigerian scammers that are Europeans claiming to be from Nigeria). Thus 'Nigerian scam'.
Perhaps you are relegated to posting at -1 because of the inflamatory way in which you ask questions. Claim that three-digit area-codes could apply to Africa *they don't*, and seem to imply that there is a conspiracy against Nigeria (which is the origination of the classic Nigerian scam). Read the FAQ I linked above and educate yourself.
In the past, anyone who needed to use the tty system had to own a piece of hardware to communicate to the relay, however, now with internet based relay calls, they only need to access a computer hooked up to the net.
I think the requirement for specialized hardware is the key to ending the abuse of the system. My idea would be to use a device, where the relay gives you code, and then you input it into the device, and it spits out a response. This would still keep the calls anonymous, but, would add a level of security to stop the scammers.
I wasn't aware that deafness impaired pressing buttons on a keypad. How would they use TTY if they can't type?
I suppose there's a risk that they wouldn't know if they'd dialed a wrong number, and therefore might start keying in their login/pin at an incorrect number. Scammers would likely start registering all of the one-off numbers around that 800 number. Plenty of phones these days do display the number as you dial it though, so that's not insurmountable.
"The question of whether a computer can think is no more interesting than that of whether a submarine can swim" -EWD
Unlikely as it is, they have to pay with their own money... not stolen credit cards!
Our little site gets these Nigerians attempting to purchase with stolen credit cards. It's pretty easy to spot, as we've never has a legitimate order to Nigeria... but it's an annoyance.
Eventually, I ended up logging their IP numbers and now I just drop any packet that appears to have originated in Nigeria. Worked pretty well so far... might have to imclude open proxies if they start using them. For anyone else faced with the same problem, here's a little list:
PJRC: Electronic Projects, 8051 Microcontroller Tools
You (and a lot of people) are missing a key fact: the relay service is ALSO legitimately used by hearing people to call deaf people. You can't just require everyone who uses the service to "prove you're deaf", or whatever.
It's easy - the operator just has to call them back. If they answer the phone, they aren't deaf.
When you have nothing left to burn you must set yourself on fire
I still don't understand why people fall for these scams. As far as I'm concerned, it's a litmus test for stupidity. Anyone foolish enough to ship $30k worth of equipment to a person they don't know in a foreign country without checking the integrity of the transaction deserves to lose their money and learn from the experience.
One of the sites on my server is a classified ad site, and we've had several reports of people getting fleeced with the Nigerian forged-cashiers check overpayment scam. Again, why someone selling something would accept overpayment and then wire the difference back to the party or their agent is beyond stupidity. Ironically the best thing that could happen to these people is for them to get ripped off so some of that naivety will be summarily stripped from their barnacle-encrusted brains.
I'm not saying the scammers should be allowed to operate, but any action taken by "authorities" should be considered more of a favor for stupid people, than a responsibility. No amount of enforcement or technology will ultimately keep a fool and his money from being separated.
The IP TTY relay service costs taxpayers $1.39 per minute.
It is available for free to anyone, anywhere, 24x7.
They will even make long distance calls on your behalf.
Is anyone truly surprised that the system gets abused? Think about it. You, the taxpayer, are paying for scams, phone sex, student college jokes, and pizza. Is this how you want your tax dollars spent?
The next pasture is always greener
I worked for one of the internet relay companies for a year and a half. The nature of the service really prevents a lot of options that seem common sense to techies unfamiliar with the ADA (Americans with Disabilities Act). The internet service needs to emulate the anonymous call setup - no logins, IDs, etc., unless you want to profile yourself or use spell dialing. Registration isn't allowed. The services can (but often don't) block IP ranges, but I think we all know how easy that is to get around. Using a proxy with a dial up connection from Africa makes the service incredibly slow.. so they are prone to drop out, although a lot of fraud callers will keep up 10 conversations at one time. Their strategy is making hundreds of calls and eventually one gullible American is going to fall for the scam. One successful $5,000 fraud a week is a lot more than they could make there. These calls are NOT going to stop as long as there are internet relay services. The big relay companies make money of each call even if they're fradulent, so they have no incentive to block the service other than to stop the tide of bad press and quitting employees. It's a wonderful service for the deaf and speech disabled (TTY phone technology is a joke), but I think it's a matter of opinion as to whether or not it's worth the flood of American taxpayer dollars going down the drain to pay for fraud.