FTC To Trap Robocallers With Open Source Software

coondoggie writes: The Federal Trade Commission today announced the rules for its second robocall exterminating challenge, known this time as Zapping Rachel Robocall Contest. 'Rachel From Cardholder Services,' was a large robocall scam the agency took out in 2012. The agency will be hosting a contest at next month's DEF CON security conference to build open-source methods to lure robocallers into honeypots and to predict which calls are robocalls. They'll be awarding cash prizes for the top solutions.

They should also go after...

[rs1n]

the folks who keep calling about my (non-existent) google rankings for the (non-existent) business that I don't own.

Re:They should also go after...

Or the ones that keep calling my great-uncle about the computer virus on the his PC.
It's hilarious to hear him tell how he strings along the callers for a few minutes before telling them that he doesn't own a computer.

Re:They should also go after...

[roc97007]

I've gotten lots of those calls, and I don't think "on the his pc" is a typo. The speech patterns are definitely "lccnglish". (Pidgen english spoken by phone workers from a Least Cost Country.)

"Hello we are from the microsoft (or sometimes, "the internet") and we are calling you because that we have noticed your pc is infested with the viruses."

What's chilling is that they used to start in on their spiel to the first person to answer (daughter would listen a few seconds hand it to me "it's for you"....gee thanks...), but lately they ask for me by name.

Re:They should also go after...

[RockDoctor]

I do a string-along about once a week (instead of just putting the phone back on it's charging cradle and doing something interesting). It normally takes them about 3 minutes to realise that I'm not running Windows XP (or 7 ; I don't know what they're going on about sometimes which I guess is them targetting Win8), then the cry "Mac, Mac!" goes out to their "tech expert". They then waste several minutes more trying to make Mac instructions work on my Linux machine. I've kept them from attacking other people for nearly 15 minutes in total before! A good investment of time.

OTOH, it remains a good indication of the relative popularity of systems.

Really?

[Scutter]

'Rachel From Cardholder Services,' was a large robocall scam the agency took out in 2012.

Are you sure about that? Because I still get calls from Rachel and friends several times per week.

Re:Really?

[Libertarian_Geek]

Ditto. That bitch is still around. Maybe the FTC is losing hard-drives too.

Re:Really?

Summary appears inaccurate. The contest actually says it's to help "zap" Rachel, and other robocalls. A quick search on google doesn't show the FTC claiming to have stopped them, just them naming them as their #1 enemy. And, that they had busted some scammers using the recording.

Re:Really?

[Obfuscant]

Are you sure about that? Because I still get calls from Rachel and friends several times per day.

FTFY. It is important that I contact her, but she never leaves a number. Press 3 to tell them they've reached a valid number and try again. And they've started using forged numbers for caller id that are just a few digits off my own number.

Re:Really?

[Livius]

Does 'zap' mean stopping them? Maybe they're actually trying to help Rachel.

Re:Really?

One of the "friends" I get is a call from is a MALE voice that says it is Rachel from Cardholder Services. Sometime I like playing with them, but most of them time just ask the person (after pressing one) 'are you calling from my bank?' A hangup almost always immediately follows.

Re:Really?

[wonkey_monkey]

'Rachel From Cardholder Services,' was a large robocall scam the agency took out in 2012

to dinner and a show. And she still didn't put out.

Re:Really?

[k6mfw]

is that who that is? I find frequently on my answering machine something pertaining to cardholder, I don't bother to listen as it sounds like another telemarketer, I hit delete button without bothering to listen to the rest of message. I have been getting a slew of calls from some kind of collection agency leaving a phone number with area code I don't recognize. And long distance too so I ain't gonna call.

I am surprised of an agency like FTC actually doing something that can benefit us little people on the user side of the "tubes."

Re:Really?

[roc97007]

At work you can hear them ratchet through the phone numbers allocated to the local prairie dog colony, excuse me, cubicle farm. RingHelloClick... RingHelloClick... RingHelloClick... and eventually me... Ring Hello "Congratulations! You have just won a free..." click.

I've read that some collection agencies will harass phone numbers that had been associated with the debtor in the past. You might be getting collection calls for someone who previously had your phone number. Good luck getting them to stop.

Even when I get what sounds like a legitimate call, I refuse to "verify my identity" by giving out personal information. Instead I'll look up the company phone number online or from my own records and call them back. And a few times, thereby uncovered a scam. Most recently from someone pretending to be from my credit union. (I guess they scammed a lot of people -- it was on the news.)

Re:Really?

[ShanghaiBill]

Ditto. That bitch is still around. Maybe the FTC is losing hard-drives too.

Same here. I always press "1", which transfers to a live operator, and then I play along for a few minutes. Then I ask her what color underwear she is wearing. Most hang up at that point. but a few continue the conversation. If we all waste a little of their time, then these business will no longer be viable.

What would be really nice is a CAPTCHA for phones. So if someone calls me, they get a message that says "press seven if you are a human", and my phone only rings if they pass the test. It would also need to have a whitelist, since I get legitimate robo-calls from my kids' school.

Re:Really?

the FTC runs rachel from cardholder services.

any open-source detections techniques will be used by rachel in reverse to strengthen her further.

you're all puppets.

the ONLY solution to the problem is wasting their time and breaking their spirits deep within. or gas showers, your pick.

Re:Really?

I can confirm. 'Cardholder services' called me yesterday.

Re:Really?

[theskipper]

If you're the type willing to spend time messing with them, consider adding this to your arsenal:

If you have Callcentric or another VOIP provider, you then have the option to create call treatments for forwarding a good percentage of telemarketing calls to any number you want, including the telemarketers themselves.

For example, one of the ways I get target numbers to forward to, is by responding to the Google SEO guys then pretend to be cut off mid conversation. When they call back since they think they have a good lead, the caller ID (surprisingly) is almost always a valid number to the call center. That's the target number. Even just faking an emergency and asking for their number so you can call them back usually works. Once you have that, Bob's your uncle since there's not much reason for them to change their block of unpublished incoming numbers.

Then it's simply a matter of going into the dashboard, creating a forwarding treatment of all obvious caller ids (i.e. any 800*, anonymous, +1, etc.) to the target number and voila, the call center gets hit with all my forwarded telemarketing calls transparently. And of course forward the target number back to itself, or even better, another target.

The best way is if you can whitelist your incoming calls and simply forward any non-matching numbers, especially since most telemarketing calls these days use a random out-of-area code caller id number. Not realistic if you're running a business but for personal lines you can whitelist the area codes you might expect valid calls to come from.

Obviously this doesn't work all the time. But when it does, it's pretty satisfying to check the online report at the end of the week to see all the forwarded calls that transparently went to Raj and Rachel. My way of paying forward the opportunity to lower their interest rates.

Re:Really?

[sjames]

My mom gets collection calls for people we have never heard of. She has had the same phone number for 40 years. The collections weasels not only call the numbers associated with the alleged debtor, they call all numbers of anyone with the same or similar last name. Then they refuse to believe that you have never heard of the person they try to reach. Occasionally I have gotten wrong number collectors to stop by daring them to sue.

Re:Really?

[rogoshen1]

Rachel? really? I thought she was doing pretty well for herself financially. Joey on the other hand.. After the show ended, his career went no where.. One would think he'd have saved enough to avoid having to do telemarketing.. but alas..

Re:Really?

[aardvarkjoe]

Same here. I always press "1", which transfers to a live operator, and then I play along for a few minutes. Then I ask her what color underwear she is wearing. Most hang up at that point. but a few continue the conversation. If we all waste a little of their time, then these business will no longer be viable.

Or if you don't want to be stuck talking to them, just play along until they ask you for your credit card number, tell them, "oh, I have to find my wallet" -- and then set the phone down and do something else.

I once got one of them to waste fifteen minutes on me by picking up the phone every few minutes and making some new excuse.

Re:Really?

I think it's multiple scammers using the same recording?

Re:Really?

[Pinkfud]

Me too. Rachel is still a constant nuisance. Maybe it's a ghost...

Re:Really?

[LSDelirious]

Are there limits on what numbers you can forward to? If you could somehow forward them to a 1-900 phone sex or psychic hotline and stick them with the tab..... ;D

Re:Really?

[theskipper]

Heh, you're more devious than me. No, there's no limit but I suspect there will be some blowback if you start doing that. I just wanted a simple way of breaching their defenses, winning a battle vs. the war so to speak. Like the last act of defiance. Most people see the fake caller id, put a post on 800notes, and figure there's nothing they can do.

And it should be noted that this really only works against business services like merchant processing and SEO, getting past Rachel's defenses is probably different. That scam has a simple goal of getting the credit card number at all costs. Once they've got it they've succeeded; I suspect there's little need to field incoming calls.

But a crowdsourced project towards gathering target numbers/info about Rachel would be interesting. Like what anonymous does, with the sole purpose of exposing her inner sanctum.

Re:Really?

[jbmartin6]

In the land line days you could get a dongle that did exactly that, played a recording that said 'Press 5 to proceed', and just stuck it inline with your phone. I wonder how hard it would be to get a smartphone to do the same thing?

Re:Really?

[ultranova]

What would be really nice is a CAPTCHA for phones. So if someone calls me, they get a message that says "press seven if you are a human", and my phone only rings if they pass the test. It would also need to have a whitelist, since I get legitimate robo-calls from my kids' school.

Or just plain whitelist: if the calling number is on my phonebook, the call gets accepted and the phone rings, otherwise it's silently ignored.

Re:Really?

[rochrist]

Yeah, I hate to break it to them, but they didn't even slow those assholes down. The latest wrinkle is that they somehow spoof the Caller ID into showing a number one off from my home number.

Re:Really?

A great deal of spoofing the Caller ID. I've seen various local numbers, a hospital's number, and MY OWN PHONE NUMBER on the Caller ID when 'Rachel' calls. No way of telling who or what is calling unless you answer it and feign emergency to get them to call back without spoofing.

Re:Really?

[billstewart]

I don't do that to them, though I have occasionally called them a bunch of names (besides crook and scammer.) Sometimes I'll ask how their family feels about them being criminals, or how they feel about working for criminals, or asking why I should trust them with my information now when they've a bunch of lying crooks, or I'll tell them "just a sec" and put the phone down.

Lately I've been telling them that the last time they called, I got cut off, and asking what notes they have on their computer screen from the last time they called. Some of them hang up right away, but the one yesterday said she doesn't have a computer, she just takes my information on paper.

What a cheapass bunch of scammers! Back when I designed PBXs and call center equipment, the main costs changed from telecom charges (early 80s) to labor (90s), but even now, when phone call minutes are basically free, and exploitable workers are pretty cheap, it still seems hopelessly inefficient not to give them good information so you can maximize the money they scam from customers and minimize the labor it takes to call your victims, probably even if you're also ripping off the call center workers by having them work from home on "commission".

Re:Really?

[billstewart]

Rachel never calls my cellphone; she's only called my wife's cellphone once or twice. Her robot army calls my kitchen landline phone a couple of times a day.

Re:Really?

[q4Fry]

IIRC, if they can get you to admit that you owe them money, there is some legal nebulism that says that you do then actually owe them money.

Re:Really?

[msc.buff]

Maybe something like this: https://www.facebook.com/pages/The-Phone-Cop/406292446126450

Re:Really?

[sjames]

I never admitted such a thing. I dared them to sue [insert name they called for].

Taken out in 2012?

[yakatz]

I still get calls from 'Rachel From Cardholder Services' on my cell phone all the time, so I don't know what the summary claims to have "taken out". The linked article even says it is an ongoing campaign.

Go after Comcast etc...

[Kenja]

Comcast etc sell their customers phone numbers to illicit third parties. I ended up having to throw together an Asterix system with a simple "no solicitations, press one to continue" message to filter out all the robo-calls I got when I was forced to switch services over to Comcast.

Re:Go after Comcast etc...

[dj245]

Comcast etc sell their customers phone numbers to illicit third parties. I ended up having to throw together an Asterix system with a simple "no solicitations, press one to continue" message to filter out all the robo-calls I got when I was forced to switch services over to Comcast.

Why stick with Comcast then? Why continue to give them your business if they just stab you behind your back? Their VOIP offerings are hilariously overpriced. Get an OBIHai or Cisco SIP gateway, sign up for any of the dozens of SIP providers, and roll your own. My SIP provider even has voice menus you can set up on their system.

Re:Go after Comcast etc...

[Kenja]

There is no alternative other then DSL from AT&T, which is even less reliable and trustworthy.

Re:Go after Comcast etc...

Nobody voluntarily does business dealings with Comcast.

From what I have seen...

[houstonbofh]

From what I have seen, getting them to call is not the problem.

*WAS* a scam?

[Lexible]

I got robocalled by "Rachel from Cardholder Services" last week.

Re:*WAS* a scam?

[mythosaz]

She doesn't call me near as much as FOGHORN! This is your captain speaking.

Was...?

I've already had four calls from Cardholder Services today! I wish they had been taken out!!!!!!!!

Re:Was...?

[roc97007]

I've already had four calls from Cardholder Services today! I wish they had been taken out!!!!!!!!

...from orbit...

Re:Was...?

I've already had four calls from Cardholder Services today! I wish they had been taken out!!!!!!!!

...from orbit...

...with nukes...

Ah, how adorable...

[fuzzyfuzzyfungus]

I'm not quite sure whether it is cute or sad that the FTC is merrily holding a little contest to attempt to detect robocallers based on the (relatively sparse) information available to the system at the far end of the phone line when it's a matter of public knowledge that somewhere between 'a strikingly large percentage' and 'All' calls connected are logged and potentially retained for quite some time.

Surely the network level is where robocallers stand out most dramatically, unless the caller has spoofing good enough to disguise the origin and frequency of their calls from the telco carrying them (which would also likely allow theft of service and thus be the sort of thing that would actually get fixed, unlike the pitiful state of caller ID), and we know that those logs exist.

Is it just considered polite to pretend that the telephone system can't be so scrutinized, or are robocallers customers who are just too reliable to hunt down and exterminate?

Re:Ah, how adorable...

[Splab]

Why do you think it takes that much hacking?

Setting up a robo dialler takes less than an hour and "spoofing" your number is equally simple. You just sign up with Anveo or any service like that and you are good to go - go through a proxy in eastern Europe and chances are no one can do squat about it.

Re:Ah, how adorable...

[mythosaz]

I've never understood this tact either, but for a different reason.

Follow the money.

About exactly one FTC investigator should be able to sign up for some card member servicing...

Re:Ah, how adorable...

[Razed+By+TV]

I'm going to go with sad.

To this day I still do not understand what makes this such a difficult and complex issue to tackle.

I don't see why it can't be as simple as:
Spam call comes in, I dial a report number, telecom system flags the call and the origin. After 10 reports, 100 reports, that number is blocked. Further outgoing calls from the number are directed to a message to contact a fraud line to get the number reinstated. The longer a number has belonged to a legitimate company, the more immunity it is granted by the system to prevent abuses from angry consumers. The shorter the number has been in service, the more scrunity it is under.

Are the robocallers really able to shield their call origins from the telecoms? That just seems like such a ridiculous concept.

Re:Ah, how adorable...

[Fnord666]

To this day I still do not understand what makes this such a difficult and complex issue to tackle.

I don't see why it can't be as simple as: Spam call comes in, I dial a report number, telecom system flags the call and the origin. After 10 reports, 100 reports, that number is blocked. Further outgoing calls from the number are directed to a message to contact a fraud line to get the number reinstated. The longer a number has belonged to a legitimate company, the more immunity it is granted by the system to prevent abuses from angry consumers. The shorter the number has been in service, the more scrunity it is under.

Are the robocallers really able to shield their call origins from the telecoms? That just seems like such a ridiculous concept.

Let me help you out a bit with this. The thing is, those same telecoms that should be able to put a stop to this? They make money on every call. They have absolutely no incentive to do a damn thing about it except sell you caller id (for an extra fee) and the telemarketers the ability to fake their caller id (for an extra fee).
When in doubt, follow the money. Ask yourself who profits if something is done about a situation and who loses.

Re:Ah, how adorable...

[EvilJoker]

I've always wondered why there weren't honeypot IDs. Fake SS#, card numbers, etc, that would serve as a red flag of fraudulent activity. While the calls may be untraceable, most payloads should not be.

Re:Ah, how adorable...

[EvilJoker]

Thing is, there is no trust in the chain of connections. While my telco can tell where the call came in to their system, it would have to trust that the next link is being honest. Eventually, your options are to block all calls from entire countries, or do nothing, since it's all spoofed.

Now, I am OK with blocking all calls that originate in another country, but many would not be.

Re:Ah, how adorable...

[stoatwblr]

"Surely the network level is where robocallers stand out most dramatically, unless the caller has spoofing good enough to disguise the origin and frequency of their calls from the telco carrying them"

Unfortunately, the ANI spoofing IS good enough to defraud the telcos. The entire global phone routing system works not much differently than BGP4, but with far lower levels of protection (on the basis that access to the networks is by "trusted" entities.)

This means that a good chunk of this stuff is done via corrupt companies injecting bogus routing information into the global system and then placing calls using them as ANI origin(*) - and whilst the activity is known about (2 cases I was peripherally involved in tracking down used unallocated Chilean and Niuean numbering ranges), not enough is being done to prevent it.

(*) ANI is different to CLI. Telcos use it for billing purposes and it's not made available to endusers.

Re:Ah, how adorable...

[stoatwblr]

Banks providing "canary" credit card numbers to customers for use when they suspect attempted scamming would kill a lot of the activity. Think of it as a form of duress code.

If the scammers know that numbers they're given might well result in them being red-flagged and traced quickly, they might give up.

Re:Ah, how adorable...

[q4Fry]

Some robocaller apparently used my work phone for their outbound caller id for a while. This is inference considering that (1) I use my phone for outbound calls twice a year. (2) I got a call from a furious woman who was apparently dialed from my number during a "very important meeting" and who refused to be talked down. I hung up, and she called me back to swear some more and to say that her office had ten calls from my number.

Anyway, this is to illustrate that scammers who have enormous lists of numbers (and probably know which ones have people at the other end) will just use legitimate numbers for their caller id. Frankly, I'm surprised that the scammers haven't started using the numbers of you /. scam trollers as their originating numbers. Hopefully none of the scammers read this.

Can't you just solve it by government?

Here in Sweden we as a community got tired to telemarketers etc, so there were talks about limiting telemarketing by law (politicians working for you).. but before that happened all the telemarketers got together then and announced a common opt-out list you can sign up for (to prevent a more limiting law)..

I have not received any telemarketing phone calls in 10 years now - problem solved.

As for all this robo-calling and faking caller-id stuff etc, can't the telephone companies just police their own customers, and weed out illegitimate phone companies who allow such customers and refuse to forward their calls.. how hard can it be?

Re:Can't you just solve it by government?

[Jarik+C-Bol]

We in the US have the "Do Not Call List" where you can opt out of telemarketing. All telemarketers are supposed to abide by the DNC list. This particular endeavor is targeted at finding and eliminating the groups that ignore the DNC list, and also are scammers. The "Rachel with Cardholder Services" scam is, if I recall, about fixing your supposedly damaged credit rating, or paying off an imaginary forgotten credit card or some other financial woe they invent to strip the gullible of their money.

Re:Can't you just solve it by government?

Minor correction:

They do not ignore the DNC list, it is the biggest source of free, known good numbers available to them. They very specifically calls numbers on this list. They update it every 3 months and target the newest numbers added to it to.

Do not put your number on teh DNC list if:
you are a business. You cannot get helpf rom the FCC if you are apublicly listed number already.
your number is a cell phone number. Telemarketers are already proscribed from cold-calling cell numbers and generally avoid them anyways.

and lastly
Do not put your number on the DNC list if you do NOT want to get calls from scammers of various stripes.

captcha: aiding

I swear these things are psychic!

Re:Can't you just solve it by government?

[roc97007]

I'm trying to imagine a country where all telemarketers abide by an opt-out list. Must be nice. (In the US it's called the "do not call list", and is actually used by scammers and the more slimy of telemarketers as a known list of working numbers to call...)

So... how does Sweden enforce the opt-out list? For that matter, how would they enforce a law against telemarketing? Robocalls can originate from anywhere, including self storage units, and be moved rapidly from location to location. In this day of telephony over IP, escaping detection is probably even easier now -- a matter of programming.

Re:Can't you just solve it by government?

[ve3oat]

Here in Sweden ...

Wish I had mod points; this post should be scored as 4 or 5. The poster evidently lives in a country where the politicians and government actually do work for the people rather than the corporations, not like here in Canada or apparently in our big neighbour (Canadian spelling) to the south.

Re:Can't you just solve it by government?

[Trailer+Trash]

We have a do-not-call list and the requisite legal structure to make it work well. What we don't have is a government agency to enforce it, so it's a joke at this point. Worse yet is that the scammers are brazen enough at this point that they're apparently using the do-not-call list as a calling list.

I actually called the FTC once to inquire about the status of their investigation into one company that was doing this a few years ago - one which I was able to mostly track down. The response from the lady there was "yeah, we're trying to track them down, too, so if you find out who they are please get back in touch with us and let us know". Argh.

As others have pointed out it's trivial to find out who they are, particularly for the government. Just give them the card information that they so desperately want and find out who got the money. Dirt simple.

That is, if someone cares to do it.

Re:Can't you just solve it by government?

[lq_x_pl]

Since we know that the DNC list is being scraped by less-than-reputable telemarketers, why not fill it with garbage numbers?

Re:Can't you just solve it by government?

[stoatwblr]

"can't the telephone companies just police their own customers, and weed out illegitimate phone companies who allow such customers and refuse to forward their calls.. how hard can it be?"

Not very.

It's trivial to set your caller-ID to anything you want on ISDN lines. British Telecom added filters about 7 years ago which only allow callerIDs that are in the ranges allocated to the ISDN connection.

As with spam, filtering OUTBOUND is far more effective than filtering inbound (think of it as fitting chimney scrubbers vs handing out dust masks)

 

Re:Can't you just solve it by government?

[stoatwblr]

Several countries do _exactly_ this. Hitting the canary traps results in fairly intense attention.

I have to say, I am surprised that enterprising DAs in the USA haven't setup a few dozen lines for exactly this purpose.

Nuke from orbit.

It's the only way to be sure. That or some public stockades.

Of course, to be fair we'll need to start with politicians.

Re:Nuke from orbit.

[Livius]

I suggest beta testing on politicians.

Re:Nuke from orbit.

I won't even make politicians use Slashdot Beta.

Deserve it though they may, it's too cruel.

Stop these fsckers

[nightsky30]

I used to get repeat calls from some "continuing education" bullshit asking for someone by the name of Sasha by some Indian guy. When I told him I wasn't Sasha, he asked for my name, and I very politely said I don't give out that information. Then they claimed they were from some health organization... Then they claimed they were from M$ and wanted to remote into my "Windows PC" to install their virus scanner because it "was infected, and they were seeing traffic from it". I called that bullshit outright, told the guy I run Linux, and that he was a fscktard scammer. They hung up... Then the next time they called, I acted like I knew him, was too busy to talk, asked for his number, and repeatedly told him I'd call him back in 5 minutes. Man did that piss him off LOL! I'd report them, but they block or disguise their numbers. Now I just don't answer numbers I don't know. If it's important, they will leave a voicemail.

Re:Stop these fsckers

[Paradise+Pete]

Then they claimed they were from M$

Did he actually pronounce it that way?

Re:Stop these fsckers

[bswarm]

I got those calls too, 3-4 times per week. They say they're from "Windows Support" not M$. I give them the runaround, wasting their time. Here's what to do, tell them you can't talk on this number and use the infected PC at the same time because it's your car phone, and to call back on your home number, and give them a number to... (use you're imagination here) Calls stopped.

Re:Stop these fsckers

[nightsky30]

That is devilishly clever, and wonderful, yet awful and a continuous propagation of their asshatted douchebaggery. The phone calls just get passed on.

Re:Stop these fsckers

[nightsky30]

Nah, it was something like Microsoft Support or Windows Support.

Re:Stop these fsckers

A telemarketer spamming another telemarketer, brilliant!

Was anyone sent to prison?

[mi]

'Rachel From Cardholder Services,' was a large robocall scam the agency took out in 2012

Sure, the "Rachel" didn't kill anyone. Probably. But with the number of calls placed, the overall damage — even if spread among millions of people — certainly exceeded that of a serious bodily injury or even death of one person.

Was any of the scammers sent to prison? I mean, I'd recommend impalement, but prison would've been good enough. Did it happen?

Re:Was anyone sent to prison?

[fuzzyfuzzyfungus]

It seems a waste to imprison or impale them when they are likely still full of usable organs that could be reassigned to somebody who isn't an abhuman sleazeweasel...

Re:Was anyone sent to prison?

How horrifying it would be to wake in the hospital, and find out that you survived a terrible car crash, but they had to patch you up with a new liver, and now you are (scare chord) 10% TELEMARKETER!

Re:Was anyone sent to prison?

[rochrist]

I wonder if the 'Rachel' who supplied that voice recording is out there somewhere aware of what she's become a part of.

Re:Was anyone sent to prison?

[stoatwblr]

"Was any of the scammers sent to prison? I mean, I'd recommend impalement"

Preferably vertically, on a pole outside of the snoking ruins of the call centre they use.

Re:Was anyone sent to prison?

[eric_harris_76]

And if the organs aren't usable, they could still be contestants (or props) on "The Running Man".

A $3133.70 prize for first place?

My eyes are rolling so hard at this.

NSA weakness

So, either the NSA knows exactly who these people are and are not helping the FTC.

OR the Robocallers have found a weakness in the NSA surveillance.

So now, Achmed the terrorist will just robocall his associates for an attack?

We'll keel them!

Re:NSA weakness

[Psykechan]

Don't you get it? The robocallers have been classified as terrorist organizations by the NSA so anyone that they contact can now be classified as "persons of interest" and can now legally have their data snooped, er I mean "collected".

Seriously though, this isn't the movies; tracing a call is instantaneous. The telco can relatively easily follow it back to whoever is paying for the trunk. The problem being that someone is actually paying, which means that someone has a vested interest in keeping a paying customer happy. What makes it even worse is it's hard to justify that type of volume from a robocaller and still claim ignorance under the assisting violators clause of the telemarketer sales rule. Yet somehow they still get away with it.

The FTC needs to focus less on outside efforts like homemade honeypots and instead go directly after the telcos that sell service to these bastards. Under their own regulations, a telco is just as responsible and would have to pony up to 16k a pop per each robocall. If they want to zap Rachel, well they know where she lives and works.

Re:NSA weakness

Back a few years when I was in the belly of one of the telco beasts, you still needed to show the need to pull the info out of the phone switches. And as soon as you went to another telco--or worse, overseas--game over. Caller ID is not reliable and you would never get all the info short of being the NSA.

Re:NSA weakness

Interestingly at least AT&T (and probably other telcos as well) will refuse to provide the ANI logs for calls like this. They act confused when you ask then ask a supervisor and say its against policy to give customers the ANI info for incoming calls. It's almost like they want to protect the robocallers.

Re:NSA weakness

[fuzzyfuzzyfungus]

Interestingly at least AT&T (and probably other telcos as well) will refuse to provide the ANI logs for calls like this. They act confused when you ask then ask a supervisor and say its against policy to give customers the ANI info for incoming calls. It's almost like they want to protect the robocallers.

Pink contract, anyone?

Re:Fuck the FCC

[fizzer06]

Maybe they just hate Anonymous Cowards?

Re:The Republicans will never allow this

Then how come all the FCC commissioners are appointed by Barack Hussien Obama? http://www.fcc.gov/leadership
You are a libtard fuckwit.

Re:The Republicans will never allow this

[mythosaz]

ITT: Idiots who give their real phone number with their voter registration.

She called me 6x / hour -- This is what worked:

Or at least she was as of two weeks ago... After a while, I got tired of constantly dropping what I'm doing to run to the phone to see if my kids had gotten hurt (again) only to see it was rachel from cardholder services. So I started having fun.

The name of the game is keep the human on the phone for as long as possible. While it is ever so satisfying to answer their question of "Do you have at least $2000 in debt?" with "No, I don't have any debt.", the real goal is to stall them for as long as you can. So ask them if your mortgage counts... Or a home equity line of credit. How about your car loan? Ask them if Diners club counts. Do they take american express? You get the idea! Play dumb. Have fun with them!

And always, ALWAYS!, be sure to point out that since they're calling dozens of times a day, you felt obligated to talk to them since they must really want to talk to you.

It took a couple of days, and quite a few runs through this game, but now Rachel won't call me anymore.

I feel like I should feel rejected and not nearly this pleased with myself...

Their business model depends on automated harassing of folks. People cost money. If we all did this, poor rachel might go out of business...

Re:She called me 6x / hour -- This is what worked:

[HiThere]

Don't worry, you're just dealing with the part that hasn't yet been automated. Haven't you noticed the increasing automation of the calls? At the current rate I expect them to start trying to get your credit card number before you reach a person within the next two years.

50% call reduction

[hurfy]

Cage match between Rachel from Cardholder Services and Sharron my Google Specialist, Only one gets out of the cage alive!

Sorry if I actually know anyone named Sharon...I rarely get past "This is Sharron " anymore :/

The MS scammers are sure getting lazy lately. Can't even check the area codes they are calling...even Grandma would find it unlikely MS would call at 6:45am!

Alternative solution

[DoofusOfDeath]

Death penalty for people who set them up.

Seriously, if a person is willing to violate a just law, the punishment clearly is insufficient.

Re:Alternative solution

Ship them out to gitmo. They aren't wearing a military uniform, and are causing damage to American infrastructure. That should be enough by the Cheney/Bush standard to call them terrorists.

Re:Alternative solution

[DoofusOfDeath]

Ship them out to gitmo. They aren't wearing a military uniform, and are causing damage to American infrastructure. That should be enough by the Cheney/Bush standard to call them terrorists.

Maybe we can combine our ideas. Give convicted robocallers Bush's and Cheney's private phone numbers.

Re:Alternative solution

Ship them out to gitmo. They aren't wearing a military uniform, and are causing damage to American infrastructure. That should be enough by the Cheney/Bush standard to call them terrorists.

Wow, you're merciful. The Obama standard is extrajudicial execution via drone strike against you and your kid.

Can't wait to see what the next administration has in store for us!

Rude telemarketer call

[mspohr]

I got a really rude telemarketer call from a "government grants agency" wanting to give me money. I played along for a while but the guy caught on and ended the call with a sexist racist slur.

Took out Rachel?

[Trailer+Trash]

LOL! She's still around, now joined by Bridgette and Carmen. I get called twice a day on my cell phone (which is on the "Do-Not-Call list) from them.

They need to get serious about that as people are apparently still willing to give out their credit card numbers.

Are your carpets dirty?

[PPNSteve]

They need to go after that Roy dude and his, "HELLO!!! Are your carpets dirty?" robo-calls as well.. he never gives up.
Not getting any "Rachel from Cardholder Services" calls here lately..

Turing Test

All you need is a device that sits on the incoming line before the house wiring. It answers every call and makes all non-whitlisted phone numbers key in a random digit before it allows the call through to the home wiring.

I've been doing exactly that with a PBX setup since 2007 - haven't receive a single telemarketing, charity, policital, survey, or scam phone call since then. I check the incoming call logs occasionally and those unwanted calls are still coming in once or twice a day, but they never get through the simple Turing Test. I can even whitelist numbers so they ring straight through without the hassle.

If someone could distill that down into a simple plug-n-play device we could finally end phone terrorism for everyone.

In other words, they offer no employee benefits.

[Bob_Who]

Let's face it, this is something that should be fixed by professionals employed by the FTC because that is the job they are tasked to perform. This cute little bounty program is a clever way of crowd sourcing the benefits of this skill set without the costs of hiring anyone. MAKE 'EM PAY! Not everything involving human labor should be done on the cheap just because employee costs are high. People cost money, and this tactic wont work forever.... I hope.

Late breaking news?

[sgt+scrub]

Leave it to /. to give us the article so we can be ahead of the... 8/8?!? I can't even get a land line installed by then.

Creator: Build a robocall honeypot by Friday, 8/8, at noon PDT :P

Re:Really? Alive and proliferating.

Ditto the ditto, although for the last few months, when I have just picked up on the call without saying anything, it would cycle thru the same message from "Bridget", then without a name, but now they seem to have an algorithm update to just say "goodbye" on the first after a few seconds of silence from my end. What got me doing this was that a couple months ago, they started using a number from my very own local State Farm agency, Id'ed as such on the caller Id, so I was taken in the first time. Then they started using that spoofed number several times a day. I called my agent's office to see if they had heard of that from any other customers, but not so. Finally, 2 days ago, I cleared some older numbers from my phone system's blocked call list, added that number, and informed my agent's office not to bother calling me from that number (not their "public" number anyway) anymore. Then I got "the call" from MY OWN land line number the next day - my wife flipped out, and started screaming at the schmuck who answered when she punched "1 to continue", and the fool kept talking so she hung up on him (said he had an Indian accent).

So now I block my own land line number on the phone block list - insanity! It is kind of creepy that they used the number of someone local with whom I do business, and that office's folks had not heard of anyone else using their number that way - are they able to "see" any other valid phone numbers that call me?

Rachel from Verizon

Is "Rachel from Cardholder Services" the same woman as the "Rachel from Verizon" I also get many robocalls from?

Yes I have a Verizon landline. Yes I intend to ditch it, partly because of their telemarketing.

Obvious solution

Why don't they get NSA to do it? They're already working on public money, they have the tech, resources, legal powers and lack of morals among the other things needed for the job.

Tellecrapper 2000

[Ultracrepidarian]

I want a Telecrapper 2000
http://www.youtube.com/watch?v...

Re:Really? Alive and proliferating.

I have to say your experience sounds more like someone you know playing a practical joke on you.

So easy to avoid...

[Karmashock]

Just put a captcha on your phone calls. Then only a human is getting through to your actual phone line.

Re:So easy to avoid...

captcha's have already been hackable, but good idea.

Re:So easy to avoid...

[Karmashock]

I'll take my chances. Any robo dialer that gets through a phone based captcha might just be interesting enough to listen to if only for the novelty. I've never heard of a robodialer that had advanced speech to text and AI to penetrate a phone based captcha.

I'm sure they could be made but I've never heard of them being implemented.

Simply starting with a message that says "To avoid robo calls, can you please tell me the sum of 1+1?"

I'm pretty sure that would filter 99.99 percent of robot calls right there.

Metadata

Can't tell me they can't figure out what carriers/shady resellers these are originating from... Other government agencies certainly have the from/to metadata data and what carriers they are going through.. Make it not in the interest of the backbone carriers to carry that voice traffic. Make them financially responsible with fines for large infractions, the fine needs to be larger than the income they are getting from turning their head.

Just Another Layer of TCP

[jbmartin6]

It used to be the "handshake" on phones was: Hello (SYN) Hello (SYN/ACK) What's up? (ACK). Now, thanks to human nature it is: Leave message and call back number = SYN, Call back and leave message (SYN/ACK), return call again and person answers since number is known (ACK). I understand this isn't always possible thanks to business needs and circumstance, but most people I know will simply never answer an unknown number on their phones, instead they let the caller leave a message to determine who the number really is. Any legitimate call will leave a message (and a few non-legits) and all the others can go to hell.

Real Time ANI

[Kagato]

The FTC needs to set up Honey pots with actual SS7 ANI feeds. Real time query the calling number and provider. The dirty secret here is the telemarketers need VOIP providers to work. Usually ones that are willing to turn a blind eye and willing to let them advertise the outgoing number as anything they want. The FTC needs to put the pressure on them and their upstream connection into the phone system (most likely a CLEC of some sort).

Re:Real Time ANI

[stoatwblr]

There are virtually no CLECs left in the USA anymore, thanks to the Borg all but completely reassembling itself over the last 30 years without the "universal service" shackles (even GTE is gone)

Thanks to the interconnectedness of the world, I pay nothing extra to make calls from my house in europe to most of the planet's population. Those call centres and robodiallers could be anywhere - and the principals behind them are probably sitting well out of reach of US extradition treaties.

In the old days

[Keith+Henson]

In the long, long ago when telemarketers were humans and more often known as telephone solictors, I listed my phone number under a high school nickname, Heimdallr the Watcher., or Watcher, H.T.

That made it easy to sort out the telemarketers, it was a legit call if they asked from "the Watcher," but a dead giveaway if they asked for Mrs. Watcher.

So the standard rap would be, "Sorry, Mrs. Watcher is here but she can't speak to you."

Sometimes they would bite and ask "Why?"

"Well, you see, Mrs. Watcher used to be a telephone solicitor." [Dramatic pause]

"Until someone caught her." [Another dramatic pause]

"AND CUT HER TONGUE OUT!"

Usually this got a laugh, but at least once the telemarketer said she was calling the cops.

Didn't work for me

[billstewart]

I work from home most days, and Rachel and her robot army usually call a couple of times a day. I've tried anything from stringing them along to yelling at them for being criminals to putting the phone down, and they still call back. (The one serious thing I haven't tried is the combination of reorder tone and a "The number you are calling has been disconnected" announcement, which I should just have as a handy .wav to play at them.)

I wonder where they get their labor - some of it sounds like Canadian or Caribbean call centers, but there are a lot of US prisons, including the for-profit ones, that run call centers as something more lucrative to have prisoners doing than farm work or making license plates. Given how they're wasting their workers' time almost as badly as the people they call, it must be really cheap.

Re:competitors to Comcast for data services.

[billstewart]

At least in most states, DSL service from the main telco can not only carry telco-provided ISP services, but also competitive ISPs, such as Sonic and Speakeasy and whatever Megapath and Covad are called these days. The competitors tend to cost a bit more, but also offer things like static IP addresses at more reasonable prices, and usually don't have usage caps or "no servers at home" policies. They may be renting just the wire from the telco, or maybe the wire and the DSLAM, and usually also some regional distribution network, but it's usually their own email and web servers and upstream bandwidth.

My experience with Sonic.net is that about every 5 years, something goes wrong that takes a day or two to fix, either a telco problem in a box down the street, or my DSL modem getting too old and dying. So I call them up by phone or send them email from work or Starbucks, and get a quick response back from somebody who can diagnose the problem but may need to call the telco to actually fix.

Fiber-based telco services don't have to share with competitors, unlike copper, and I'm not sure if AT&T U-Verse gets resold or not. But copper DSL is definitely not just the local monopoly.

Re:The machine I let "Microsoft Repair" hack

[billstewart]

It's a virtual machine. Running Linux. Firefox instead of Internet Exploder (Sorry, it's a work machine, the IT department installs Firefox instead of IE.) With NoScript and AdBlockPlus. Amazing how much stuff just "didn't work" when I tried it - I'd go to their web pages, and I'd hit the Download button and nothing would happen, or I'd run the installer and it wouldn't work. (I wanted to see all the different things they were trying - most of them were different Remote Login or Remote Execution programs that would have let him log into my machine and then do his real attacks.)

After about half an hour the guy realized I was faking him out, and we had another entertaining half hour while he tried to convince me that what he was doing really was a legitimate kind of business, and after that his boss came on and spent five or ten minutes yelling at me for wasting his employee's time.

Why Whitelisting Fails

[billstewart]

First of all, Caller ID is trivially easy to fake, and the scammers all do it. For now, most of them pick random or fake numbers to avoid getting blacklisted, but if whitelists were common, they'd start forging real numbers to get through.

But many people (ok, me, at least) get lots of calls from numbers I don't recognize, and robocalls that I want that might not come from the number I recognize for somebody. Most of the robocalls are the pharmacy saying I've got something to pick up, or the dentist's office with a reminder about an appointment, or that kind of thing, and the calls from humans might be from some doctor my wife is going to or some business we were trying to reach that has different numbers for outgoing calls than incoming (like the painter calling from his cellphone instead of his office, or a big business calling from their call center or local office instead of their toll-free number.)

And yes, I could just let the answering machine pick up, and you can too. Some of the robocallers' robots do a better job of dealing with that than others.

Re:She's baaaaaack

[billstewart]

They really did go away for a while, or at least slow down a lot, when one of the big "Rachel from Cardholder Services" gangs got busted and shut down. But it's such an easily replicable scam, and probably multiple sets of it are being run independently. I'm pretty sure the call center end is independent contractors or else shady call-centers (I know some are in Canada, and I suspect some are run by prison-labor call centers and some are in the Caribbean.)

Honeypot Credit Card Numbers

[billstewart]

Tracing the phone calls hasn't worked very well, but the way to go is to follow the money. Flooding them with honeypot credit card numbers would generate a trail that might be followable (e.g. have an FTC web page that'll generate a credit card number and billing name/address, and have Visa track the merchant information for anybody trying to process a charge against those numbers; the risk is that you have to make sure those numbers don't get used for fraud, even if they're set up to always reject charges.)

I don't know how much information the scammers try to get, such as SSNs; generating fake ones of those has its own risks, though it's always fun to give them 078-05-1120 or Richard Nixon's SSN 567-68-0515. It turns out there is a publicly available official list of SSNs of dead people, which is intended to detect people using invalid SSNs, but it's possible that Rachel's gang doesn't bother filtering on it, considering that they don't filter on phone numbers of people who've told them not to call back.

Re:The machine I let "Microsoft Repair" hack

[RockDoctor]

40 minutes wasting their time. 50 minutes if the microphone slave was still idle while the boss was yelling at you. Good result. Got a recording?

Actually, scrub the last bit. While it'd be amusing, we all know in general what they're trying to do.

List of the domains / ISPs they host their malware on and of the exploits they tried? Just for shits'n'giggles.

Re:The machine I let "Microsoft Repair" hack

[billstewart]

It was too long ago, and I didn't save them. I think one was named something like "Login123". Basically all of their "repair" tools were remote login tools, probably run by entirely different companies that they were just customers of, and they'd load the actual attacks after they got in.

Re:The machine I let "Microsoft Repair" hack

[RockDoctor]

SNAFU.