Slashdot Mirror
Handling Caller ID Spoofing?
An anonymous reader writes "A nice little old lady I know has had her number spoofed by some car warranty scammers. They're calling hundreds of potential victims per day pretending to use her phone number, and the angry ones call her back; some of them have even left death threats. She's terrified. Some well-intending anti-telemarketing folks have posted her address on the 'net as well. How can we figure out where these scammer bastards are, and what's the state of the current legislation to prevent caller ID spoofing? I called the FBI in Boston (near where she lives) and they said they can't help. She's called her phone company, but they said they can't help either. She's had the same number for over 50 years and doesn't want to change it." If the Feds can't or won't handle it, what's the best approach here?
Well good grief, the two exact entities who are supposed to take care of this kind of thing refuse, then just what is going on in this country?
I'd just call them both a few more times to see if there's anywhere to get, it's very clear laws have been broken.
"Most people, I think, don't even know what a rootkit is, so why should they care about it?"
Bring the news media in on it, somebody a little more mainstream than Slashdot.
Then start making threats, and if the phonecalls are inter-state commerce it is a federal issue. Back them up against a wall and force them to act.
The call can quite easily be traced back to where it came from -- even if it's voip in nature, at very least you can find the originating carrier and they can deal with their customer.
We run a very popular VoIP service (http://ironvoice.com) and tightly control caller id in a manner that still gives our customers flexibility but still imposes responsibility.
The FBI can certainly help, that's bogus. The phone company can certainly help, that's bogus as well. The phone company knows from which carrier the call came from and so on and so forth until they can pin down the offending carrier.
Legislation isn't the answer -- customer service is.
You can use http://whocalled.us/ to coordinate investigation. Even though the number is spoofed, as long as they are using it consistently it is still an identifier. As everyone shares facts they discover it's possible to find the true identity.
Caller ID spoofing has become a real problem, but political representatives are too busy flashing around fake solutions to hyperinflated problems, like throwing more money at stopping the 9000 pedo penises from raping children over the internets.
If anyone has a technological solution, please post it, as we have more of a chance of fixing this stuff as engineers than the politicians do as legislators.
I calle the FBI in Boston (near where she lives) and they said they can't help
Just tell them people are getting bomb threats... That should easily get this put on their #1 list and resolved in about 5 minutes tops. Isn't that why they phone tap everyone?
Being in that situation I think I would be changing my number first thing -- if the problem is so bad that you are going to the FBI it's time to change the number and spare her the grief and stress from dealing with all the angry calls.
After that is done then it's time to try to sort out the problem from the source; as for what route one would take for that? I cannot be sure, but I do believe that the first course of action should be changing the number and making the calls stop.
I'd think the phone company should be kind enough to happily assist in that, since they're so unwilling to try to help solve the problem itself.
Why should she change her phone number for goodness sake? She has done nothing wrong. She's had that number for over 50 years. Seriously, you should be outraged against those who have actually done wrong here, not suggesting she take the rap herself.
Well intentioned or not, those guys are fucking assholes.
You can try contacting your state's attorney. They're normally pretty helpful ... because most are elected (at least in my state anyway).
Why should she change her phone number for goodness sake?
Even if the perpetrators are caught, she may still have to change her phone number, so she should probably consider just doing it now. Now that her number has been associated with the scammers, the effects may linger for a long time.
Why not, for the immediate future, setup her voicemail to answer after 1 ring, and set the voicemail message to something like "This phone number is being falsely used by a telemarketing company as their caller ID. Please call your local phone company and tell them you have received a telemarketing call using an hijacked caller ID entry.". If you can find out the actual company doing it, I'd throw their real phone number and company name in their too, just for good measure. At the very least, people will know not to leave a nice elderly lady death threats, and hopefully your phone company will take notice and track down the offending telemarketers and cut their "lines" off. I'd bet the voicemail volume drops significantly, legitimate ones get through and leave a message, and you'll probably hear a few less death threats against grandma.
Wisest is he who knows he does not know.
Being in the right does not mean you don't get hurt.
Sometimes bad people get away with things, and there's nothing you can do to get them back. You just have to do the best you can to protect yourself, and changing your phone number is a relatively minor thing to do to end this.
"She's terrified. Some well-intending anti-telemarketing folks have posted her address on the 'net as well. "
Welcome to vigilante justice. I wonder how many folks on slashdot think that posting peoples address like this on the Internet is a good idea?
Well I am sure that if it was a real scammer then it would be okay...
Until you make a mistake.
Call the police, then the news, then your elected reps...
They need to hunt these idiots down.
Both the scammers and the ones that are calling this lady.
See my blog http://ilovecookes.blogspot.com/ for light hearted technical information.
Do you have proof that they are indeed the company responsible?
I hold it, that a little rebellion, now and then, is a good thing. -- Thomas Jefferson
Continue advocating the phase out of the legacy telephone system with its unreliable caller id info. The ideal way this stuff should work, is that if the incoming connection request isn't OpenPGP-signed by someone you have some sort of WoT path to, then you don't know who it is.
We've had the tech to solve The Big Authentication Problem for a couple decades now (thanks, Phil!). We just need to start using it, for voice, email, etc.
You are giving them too much credit. Caller ID is widely known, even to many laymen now, to be unreliable. (And someone who makes a point of going after scammers has little excuse for being behind the curve on this.) They don't really have strong reason to believe she is the scammer. To do such a thing without checking their facts is irresponsible and possibly libelous. I wouldn't sugarcoat their actions.
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
You've never worked in customer service, have you? In call centres especially, that little hold button is so useful when a caller starts getting abusive, as is the release button. I have released calls before when customers start shouting at me for no reason. One even took it upon himself to sue the company, and was ordered to pay our legal fees when our lawyers played the recording before the courts.
And if you do it in person, you need to understand that the newspaper is private property and they can have you escorted off the premises if you get abusive, and they can have you arrested if you don't cooperate with that. And the FBI and police are both law enforcement agencies, and they can throw you in jail for being abusive to them.
You get much farther when dealing with customer service if you are reasonable. A wise man once said... speak softly and carry a big stick. Be reasonable. Don't be abusive. And if you can't get anywhere over the phone, send a letter. Around here, at least, corporations are required, by law, to provide their mailing address when asked.
If you believe everything you read, you'd better not read. - Japanese proverb
So where's the motivation?
We aren't talking about prank calls here, we're talking about scams and the like. These require a method of extracting money from the mark. Therefore, for all of these calls, there has to be some way to transfer money from the callee to the caller. Since this method has to work for dim-witted callees (since it won't for alert and suspicious ones), it can't be too obscure.
People don't run illegal operations just to do something illegal, but to make money. They can't have perfect security or they won't make money.
"When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes
...why doesn't she just change her phone number?!
<officespace>
Why should I change my name?! He's the one that sucks!
</officespace>
Phone companies should read the caller ID information from outbound calls from their customers and block the call if the caller ID doesn't match.
The lady could setup a voice menu explaining that she isn't responsible for those calls, and press 1 if they want to ring through. That should eliminate some of the calls.
Any sufficiently unpopular but cohesive argument is indistinguishable from trolling.
How do we know this is the company and not just someone who pissed off "Lookin4Trouble"? That's the problem with vigilante Justice. Vigilante's don't always check the facts, neither do slashdot editors for that matter.
TODO create witty sig.
The thing is, the lady is well aware that she could change her number - so much is obvious from the original question. But it seems that she has already chosen not to go down that route.
To suggest an answer that has already been rejected is at best unhelpful, and at worst quite insulting if it implies that her views are not taken seriously.
I respect her decision to take a stand on this. I also respect her wish to find a solution that doesn't compromise that stand.
More to the point...is there actually anything ILLEGAL at all about spoofing a caller ID number? I don't know of any laws that require you to give out by any means, the phone number you are calling from.
Since there is no fraud being committed here as far as I can tell, I'm guessing there actually is no crime being committed here...at least in the US?
Light travels faster than sound. This is why some people appear bright until you hear them speak.........
So, the fact that you have YET to provide any proof, after quite a few requests - clearly you don't care if you are correct. What an ass. Post your own story - stop trying to hijack this one.
"Hello?"
"You ^&*% fraudster! How dare you call me and #$%^@^$ demand my money!"
"Call the FBI for me. Please."
"What?"
"No, I'm serious. The Boston FBI specifically. I'll give you the number if you want..."
After you've woken them up with that shock, you can give your sob story. Might work. Might not. I think most of them will come to their senses. At least it will alleviate and redirect some of the anger of the callers. On the plus side, it might tick off the FBI, but they can't blame you for all the calls they'll be getting. (I know religion on Slashdot is taboo, but you might refer to the parable of the unjust judge: Luke 18:2-5) I would also recommend contacting a lawyer.
I won't join Slashcott. OTOH, If Beta goes live, I just won't be back until it's fixed. Sorry Dice.
Yeah, that's the worst problem we face in America today.
It is. Not bogus phone calls, mind you. But governmental apathy. The system doesn't care about the so called "little people" anymore.
If it was the mayor of a big town, or a chief of police, or a congressman that was being harassed in this way the FBI would be all over it - and you know it.
Weaselmancer
rediculous.
Maintain some perspective: she's not making the choice to face down the tanks in Tianaman Square. She's choosing not to switch numbers because doing so is a pain. If nobody is taking her seriously, and her only recourse is to hire a lawyer, or get into a battle with the telco, then it's fair to point out that the aggravation associated with her 'stand' may be far greater than just switching numbers.
you mean if, for example, you were running for VP and your email account was broken into?
A perfect example. Hacking a Yahoo account is fairly trivial. It was some 20 year old kid that just did some simple password guessing.
And of course, the FBI came down on him like a ton of bricks.
I wonder if someone illegally gained access to my email account if they would even notice. I'm guessing not.
Weaselmancer
rediculous.
Slashdot is not your personal army.
93rd rule of Slashdot: No matter how obvious my sarcasm is, my comment will be taken seriously by someone.
No, not religion, just believing in it. Big difference.