Slashdot Mirror

← Back to Stories (view on slashdot.org)

86.2 Million Phone Scam Calls Delivered Each Month In the US

Posted by timothy on from the sounds-like-an-undercount-to-me dept.

An anonymous reader writes with a report from Help Net Security which assigns some numbers to the lucrative fraud-by-phone business in the U.S. -- and it's not just the most naive who are vulnerable. "Phone fraud continues to threaten enterprises across industries and borders, with the leading financial institutions' call centers exposed to more than $9 million to potential fraud each year," says the article. "Pindrop analyzed several million calls for threats, and found a 30 percent rise in enterprise attacks and more than 86.2 million attacks per month on U.S. consumers. Credit card issuers receive the highest rate of fraud attempts, with one in every 900 calls being fraudulent."

What's been your experience with fraudulent robocalls? I've been getting them on a near-daily basis -- fake credit card alerts, "computer support" malware-install attempts, and more -- for a few years now, which makes whitelisting seem attractive. ("Bridget from account services" has been robo-calling a lot lately, and each time she says it is my final notice.) My biggest worry is that the people behind these scams, like spammers, will hire copywriters who can fool many more people.

13 of 193 comments (clear)

  1. asterisk, if you are up for it. by lophophore · · Score: 4, Informative

    If you have the patience to set it up, and keep it running, Asterisk can help you.

    I use it at home to throttle phone spam.

    all toll-free go to an auto-attendant that is a robot-check.
    all "number unavailable" goes to another robot-check.
    obvious fake phone numbers go to the blacklist auto-attendant, an infinite loop, basically.
    known phone spammers go to the blacklist auto-attendant
    it's easy to add a number to the blacklist.

    On a typical day, 3 to 5 calls get gobbled up by asterisk. The phone rings once, the caller id is read, and the caller is sent away. It is *wonderful*.

    She who must be complied with does not want to go to what I consider the ultimate solution, the white list for immediate pass-through, and a robot check for all other calls.

    The spam callers that do get through are verbally abused before their number is added to the blacklist.

    --
    there are 3 kinds of people:
    * those who can count
    * those who can't
    1. Re:asterisk, if you are up for it. by Anonymous Coward · · Score: 4, Informative

      It borders on irresponsibility to recommend Asterisk to anyone who just wants to filter spam calls and be done with it. Asterisk is a dangerous weapon with which you can very easily shoot yourself in the foot. There are some rookie mistakes that allow anyone to use your VoIP account to call any number in the world, at horrendous costs to you. Unfortunately some of these rookie mistakes are perpetuated in Asterisk tutorials on the web, so even people who don't just blindly set it up with the sample configuration and tweak it from there are likely to end up with a many-digit phone bill eventually. At the very least only use accounts with Asterisk for which you can set a hard spending limit.

  2. Know who to blame? by gstoddart · · Score: 5, Insightful

    Want to know who to blame for this crap? The corporations who pushed to be able to spoof their caller ID -- so they could call us from foreign call centers.

    I'm sure the technology exists or could be added to the phone system to basically say "if your caller ID is faked, we're not even accepting this".

    I've started seeing the fake caller ID get to the point that it has the same area code and exchange as my own number ... once I apparently even called myself.

    Essentially incoming calls have to all be treated as fraudulent, because they've been just created by a computer to conceal where it's actually coming from.

    It has gotten to the point where if I don't know the number by sight, and then the persons voice, I pretty much tell all callers to piss off and go away.

    Sometimes the legitimate callers get all butt hurt, but I simply don't care ... because 95% or more of incoming calls on my phone are 100% fraudulent, and involve some clown in an overseas call center trying to scam me.

    And the problem is that it is probably the same exact call center that legitimate companies use, or one which has decided scamming is more lucrative than tech support.

    But between the Microsoft Service Provider, the people who want to clean my ducts, the automated call telling me I've won a free cruise, the automated call telling me I need to respond about lowering my credit card rate ... incoming callers find a hostile person who assumes they're lying to me.

    Sometimes I yell at them, sometimes I mess with them, but most of the time I just hang up immediately or leave it to the answering machine.

    It's literally not possible to trust incoming phone calls. So why bother even answering them?

    --
    Lost at C:>. Found at C.
    1. Re:Know who to blame? by JonahsDad · · Score: 4, Funny

      I've started seeing the fake caller ID get to the point that it has the same area code and exchange as my own number ... once I apparently even called myself.

      Are you sure the call wasn't coming from inside your house?

    2. Re:Know who to blame? by ebh · · Score: 3, Funny

      Fronters may get lunch, but they don't get coffee. Coffee is for closers only.

    3. Re:Know who to blame? by swb · · Score: 3, Insightful

      Dude, you are clueless on multiple levels. First, "spoofing" caller ID is normal - the ability to tell the phone company (this is a *high* level overview) what your number is when making outbound calls when using a non-POTS line. Due to the way the phone network works this can't easily be changed. And companies have done this for decades, it's not something new. Big multi-line companies typically want outbound calls to come from a single switchboard number.

      I think there's two kinds of "spoofing" -- legitimate spoofing, where you own the DID number that you send out outbound trunks (eg, main phone number, etc) and bullshit spoofing, where at best you're obfuscating the source of your calls (eg, some hired call center that sends their client's DID info as caller ID) or worse, deliberately sending false or nonsense caller ID information to hide and obscure your call origin.

      Telecoms providers could filter client outbound trunks and drop calls with bogus calling party information, where bogus is defined as something like "you don't control that DID and have no written permission to use it". The FCC could require telecoms providers to do this very thing.

      I'm sure it would be messy and complicated to get setup, but so many calls are handled by the major carriers (ATT, Verizon, CenturyLink, etc) that you have a natural choke point that limits the ability of rogue providers to hand off calls.

  3. Re:I screen every call. by John_Sauter · · Score: 4, Interesting

    I have a simple but very effective screener for robo calls, built around the ObiHai 110. I connect the device between my incoming telephone line and my telephone. I then re-program it to send incoming calls to the Automatic Attendant, which I program to challenge the caller to press a key on his telephone keypad. If he doesn't he is a robo caller and doesn't get through. My phone doesn't even ring for robo calls.

    Someday the robo callers will become intelligent enough to press a key when challenged, but until then my defense is adequate.

  4. nomorobo.com by zerofoo · · Score: 5, Informative

    I'm going to keep posting this until everyone uses it. It's a free telephone filtering service. Just enable your simultaneous ring feature on your landline and nomorobo looks at every call that rings your phone. If the originating number is on their blocklist, they pickup the call.

    It's a fantastic service.

    Phone companies should embrace these filtering technologies. If it wasn't for nomorobo I would have gotten rid of my landline a long time ago.

  5. Re:Ring ring by BenJeremy · · Score: 4, Insightful

    First psot

    Wow, talk about missing an opportunity...

    You should have used:

    First POTS

  6. Since you know the NSA is listening by tekrat · · Score: 4, Funny

    Use lots and lots of keywords.

    When the scammer calls, no matter what the person says at the other end of the line, you say "What did you say? You want to blow up an airliner and kill the president? You're a member of Al-Qeda and ISIS?"

    I guarantee that call will go dead and they won't ever call you again.

    --
    If telephones are outlawed, then only outlaws will have telephones.
  7. My experience with robocalls by jeffmflanagan · · Score: 3, Insightful

    I never receive them, because if you're not in my address book, I'm not picking up the phone.

  8. nomorobo has worked great for me by Zontar_Thing_From_Ve · · Score: 4, Informative

    I use normorobo (https://www.nomorobo.com/). It's free for non-business use. I have my home phone (yes I still have a home phone - my current home security system requires it) going through it and I think it's great. It only works with VOIP or wireless phone numbers though, not true land lines. It works by having you activate a feature to ring a 2nd number when a call comes in. The 2nd number is No Mo Robo's phone number. Let your phone ring once and their database will pick up the call before the 2nd ring if they feel it's fraudulent. I'd say it stops more than 95% of the robo calls I get, which to me is fantastic. Maybe once or twice a month a robo call will get through, but that's all.

    Just as a point of interest, I work with a guy whose ability to judge scams is broken beyond anything I've ever seen in a non-elderly person. His ability to differentiate between the bogus and the legit is just about non-existent. Remember in the past decade when a lot of us US people were getting cold calls from some company telling us we could buy an extended warranty for our cars that would pay for any and every repair we needed for years to come? He bought one. I realized that it's guys like him who keep the robo callers in business.

  9. Re:POTS security is broken. by RabidReindeer · · Score: 4, Interesting

    The plain old telephone system evolved in an earlier era, security by obscurity was the norm. There were using simple whistling tones added/removed to regular conversation for data communication between exchanges. All analog. Blind phone phreaks were stealing just long distance minutes from the phone companies. But now the phone companies feel they have no liability to detect spoofed caller id. If some courts hold the phone companies liable for transmitting false phone numbers, using some lawyerly language like "aiding and abetting" "knowingly providing false information" "negligent" etc, then there could be some relief.

    Phone companies most definitely know which of their resources are being employed to make calls with. They BILL for those resources and each and every call gets logged. Those logs are also required to be available for (allegedly) authorized law enforcement agencies and they're one reason why the old movie trope of "keep them on the line while we trace this call" is bogus. If the connection was made at all, no matter how briefly, there's a record constructed by automated equipment.

    Naturally, if the true origin of the call is coming in from some other source, the phone company can only trust whatever ID came in from that source, but they definitely know where the call itself came from and that means that law enforcement can then track back until such point where they cannot gain any sort of co-operation. Even spoofing via Internet phone can be tracked if you're determined enough.