Slashdot Mirror

← Back to Stories (view on slashdot.org)

Ask Slashdot: Dealing With VoIP Fraud/Phishing Scams?

Posted by timothy on from the our-menu-options-have-recently-changed dept.

An anonymous reader writes I run the IT department for a medium-sized online retailer, and we own a set of marketing toll-free numbers that route to our VoIP system for sales. Yesterday we began receiving dozens and now hundreds of calls from non-customers claiming that we're calling out from our system and offering them $1 million in prizes and asking for their checking account details (a classic phishing scheme). After verifying that our own system wasn't compromised, we realized that someone was spoofing the Caller ID of our company on a local phone number, and then they were forwarding call-backs to their number to one of our 1-800 numbers. We contacted the registered provider of the scammer's phone number, Level3, but they haven't been able to resolve the issue yet and have left the number active (apparently one of their sub-carriers owns it). At this point, the malicious party is auto-dialing half of the phone book in the DC metro area and it's causing harm to our business reputation. Disabling our inbound 800 number isn't really possible due to the legitimate marketing traffic. Do you have any suggestions?

2 of 159 comments (clear)

  1. Re:This is a legal matter. by CaptainDork · · Score: 5, Informative

    I work for a law firm and this will not work.

    Threats are a dime-a-dozen and no one takes them seriously.

    What works is to get an actual lawyer to compose an email that actually originates from the law firm and/or send snail mail, on law firm letterhead, explaining why the scammer is suspect and asking for clarification.

    --
    It little behooves the best of us to comment on the rest of us.
  2. High dollar litigation with the FCC is effective by almondo · · Score: 5, Informative

    In the past I have had to deal with L3 on some similar nonsensical "our abusive users are not our problem" crap. As you have already observed, they have a well refined hearing problem. First, decide how much the per call impact is to your business in your opinion. Estimate the number of calls per day and multiply by the per call rate and then by the number of days to come up with a daily and sum "rate of damages". Then have a lawyer letter drafted and sent to their legal department and make sure the letter shows that you also sent a copy of the draft to the FCC Attn: Fraud & Abuse at 445 12th Street SW, Washington, DC 20554.

    In about the time it takes you to go to lunch, the problem will subside. At L3, FCC copied abuse resolution rolls down hill, pretty fast.