Researchers Find 25,000 Domains Used In Tech Support Scams

An anonymous reader writes: Three doctoral students at Stony Brook University spent eight months analyzing internet scammers who pose as remote tech support workers (usually pretending to be from Microsoft of Apple). Their research revealed more than 25,000 scam domains and thousands of different scam phone numbers. "Although victims of these scams can be anywhere, the researchers found that 85.4% of the IP addresses in these scams were located across different regions of India," reports On The Wire, "with 9.7% located in the United States and 4.9% in Costa Rica. Scammers typically asked users for an average of $291, with prices ranging from $70 to $1,000."

The researchers even called 60 of the con artists to study their technique, and concluded most were working in large, organized call centers. They use remote access tools, and in fact two popular tools were used in 81% of the scams, according to the paper. "We found that, on average, a scammer takes 17 minutes, using multiple social engineering techniques mostly based on misrepresenting OS messages, to convince users of their infections..."

Microsoft of Apple

Apple is buying Microsoft;
Illuminati confirmed.

Re:Microsoft of Apple

Too late... NSA already owns both of them.

chief enablers

[v1]

two popular tools were used in 81% of the scams

My bet: TeamViewer and LogMeIn.

most were working in large, organized call centers.

This is part of why I don't understand why this continues to be a big problem. They're not some fly-by-night flighty twitchy boiler room working in a different hotel room every week to try to keep one step ahead of a door kick. These are established, stable, organized, stationary, predictable groups that ought to be easy targets for law enforcement. Seeing as this also coincides with only a few geographical locations (india and costa rica) I can only presume local law enforcement is either very lax, is complacent ("hey it brings money into our local economy, that's good right?"), or is on the take.

Re:chief enablers

One of these is born every minute. If you can figure out what, then you'll have your answer. People are the problem, not laws.

Re:chief enablers

[DoraLives]

> I can only presume local law enforcement is either very lax, is complacent ("hey it brings money into our local economy, that's good right?"), or is on the take..

"So, this is quite the operation you have here, isn't it?"

"Yes. Yes it is. Here, here's a little something for your wife. And your children. You are a good man and your family deserves to be well taken care of."

"Thank you. And by the way, you wouldn't be using your operation to be contacting any of the citizens of our fine country, would you?"

"No. Certainly not. Not at all."

"Very well then, carry on."

Re:chief enablers

You're a simplistic moron, maybe that's the problem.

Re:chief enablers

So's ur mom. Point proven.

Re:chief enablers

These are established, stable, organized, stationary, predictable groups that ought to be easy targets for law enforcement.

That assumes law enforcement sees them as a problem to begin with, which isn't necessarily the case in India. Much like the 419 scams operating out of Lagos and the banking trojans coming out of Russia, the local police probably know who's responsible, but "bilking ignorant Americans out of money" isn't seen as a major crime. In some cases the local government even encourages this behavior, or at least actively looks the other way.

There are occasional raids on these call centers, but you can bet most of the players are back to work within a week.

Re:chief enablers

[arglebargle_xiv]

Since the article that reports this has followed the standard media practice of never, ever linking to the paper whose results you're mangling, here's a link to the original. You're pretty close, the top tool is LogMeIn, followed by Citrix, followed by TeamViewer. Looks like we need to get those banned under the CFAA as hacker tools.

Re:chief enablers

[arglebargle_xiv]

the paper whose results you're mangling

Ooops, that was meant to be saying that the media mangles scientific research results, not the OP.

Re:chief enablers

Point on your head pinhead.

Re:chief enablers

[guruevi]

Whose law enforcement? It's not like the FBI can go down to India and round up a factory-sized building with workers. India just doesn't care whether or not it is unethical, as long as they aren't doing anything illegal within India (or keep paying their taxes and bribes) they're not going to stop them.

To the Indians, people are giving them money for a service they sold on the phone. Even US courts in front of a tech-illiterate judge may not find much fault with their methodology other than that it's not entirely ethical, but to the law it simply doesn't matter whether you bought a car or a computer program that wasn't necessary, you made the decision to buy it because they demonstrated to you that you needed it.

A better analogy would be: a locksmith comes by your house and says, your lock isn't safe, can I demonstrate. You say "sure" and then he goes on and picks the lock on your door. You say "oh no, I need a better lock" and the locksmith says "here it is" and then asks $70-250 to get you a "better" lock. Doesn't mean your house was at immediate risk because of the lock, it doesn't mean the new lock can't be picked, it doesn't even mean you can go to a different locksmith and ask about it. It just means you got a sleazy locksmith and you made a panic decision.

Re:chief enablers

[v1]

To the Indians, people are giving them money for a service they sold on the phone. Even US courts in front of a tech-illiterate judge may not find much fault with their methodology other than that it's not entirely ethical, but to the law it simply doesn't matter whether you bought a car or a computer program that wasn't necessary, you made the decision to buy it because they demonstrated to you that you needed it.

The legal issue here is "fraud". They are calling and lying to the mark and telling them they are official agents of microsoft/apple/dell/etc and are lying about the "service" they are selling. "There's really nothing wrong with your computer, the website is just displaying a scary looking warning and we'd like you to pay us $150 to make it go away, do you mind giving me your credit card information?" Go for that and okay, I'll call you a fool that is honestly being parted from his money by a "service". But we know that's not how it works. It's 100% fraud, deception, and misrepresentation, which is against the law pretty much everywhere, including India.

But you're right, they don't really care that much, it brings money into the country and they can drop a thin veil of plausible deniability over it all. But it's allowed most of the time, until someone makes a big stink and then they jump in and assist with one or two takedowns out of the thousands that are running, to prove they're "not ignoring it".

What a surprise

"85.4% of the IP addresses in these scams were located across different regions of India"

Looks like even the Nigerian Prince knows where to look for cheap labour.

Re:What a surprise

[arth1]

That low?
Whenever one of these scammers cold-call, it's invariably someone with an Indian accent at the other end.

Designated shitting streets

The dirty Indians have them.

Protect yourself. Block third-world IP ranges.

It's getting to the point where the most sensible thing to do is to have your firewall block incoming and outgoing connections involving IP addresses associated with third-world and second-world countries.

So if you're a first-world web user, there's likely little need to interact with IPs that aren't associated with the USA, the UK, Japan, Australia, New Zealand, Canada, or one of the EU countries.

This isn't perfect, of course, since third-worlders may still use systems with a first-world IP address, for example. But at least it puts one more barrier that illegitimate users in the third-world would need to work around.

It's better to not be able to access a web page in, say, India, if it also means that people in India are prevented from accessing your network.

(And before anyone gets their panties knotted about the use of "first-world","second-world" and "third-world", we're talking about the modern definitions, and not the archaic Cold War era definitions.)

Re:Protect yourself. Block third-world IP ranges.

[radarskiy]

The 2nd most popular origin was the US.

Re:Protect yourself. Block third-world IP ranges.

Way to miss the point.

Only 9.7% were in the USA, versus 85.4% in India. That's a huge difference in risk.

And you're also ignoring the fact that IP associated with the USA host a huge number of globally-useful web sites and other online services, while that just isn't true for India.

For most Internet users, blocking Indian IP addresses would be a net gain in security and convenience.

But for most users, blocking USA IP addresses would result in almost no security gain, while losing a lot of convenience.

You're trying to make it sound like IP addresses associated with the USA and those associated with India make equal contributions, both good and bad, to the Internet at large. That is not true at all.

USA IP addresses, as a whole, make a large positive contribution, with very little negative contribution. Indian IP addresses, on the other hand, make a small or nonexistent positive contribution, with a huge negative contribution.

Re:Protect yourself. Block third-world IP ranges.

[PPH]

Only 9.7% were in the USA

Block Florida and Texas. Problem solved.

Re:Protect yourself. Block third-world IP ranges.

"(And before anyone gets their panties knotted about the use of "first-world","second-world" and "third-world", we're talking about the modern definitions, and not the archaic Cold War era definitions.)"

Those who cannot learn from history are doomed to repeat it... in Summer School.- Carlos Santayana

Just which are these "Modern Definitions"? During the Cold War Era, the distinctions were quite Clear:
*First World- The US and their Running Dog lackeys
*Second World-Russia and their Communist Hordes
*Third World- Everybody Else, somewhat bewildered

Nowadays, it seems to be:
*First World- The US and their Oligarchs
*Second World-Russia and their Oligarchs
*Third World- Everybody Else and their Oligarchs. Well, they did learn from history.

The First World has the Tech, the Networks, and the Banking. The Second World has a bunch of envious, and disillusioned, Entrepreneurs. The Third World... they now have the Hordes, working hard for very little, because very little is better than nothing at all. They have no sympathy for somebody who is stupid enough, who hasn't learned from history, to trust their Windows Whatever to somebody over the phone, who barely speaks English, or German, or Spanish. (BTW, just how did Carlos Slim get to be one of the richest men in the World? He exploited the Third World first.)

I don't cut myself off from those two "Lesser" Worlds. The Ukraine has been undergoing an Artistic Revolution over the last two decades that hardly anybody in the West has noticed. Latvia, Lithuania, and Estonia are each developing their own distinct online cultures. There is Iranian Cinema only available online, and with Radio Garden, I can listen in to ZBS Zodiak Malawi. (Man, that's some weirdass Arabic Rap...)
There are several Russian Tech Forums dedicated to _very_ advanced Optics, such as Long-Baseline Optical Interferometry, with input from such "State" companies as BelOMO. (BTW, Dubna was one of the first Russian Internet destinations open to the West, because their Scientists insisted on it. Russia had cloned PDP-11s and Vaxen, but their Decwriters were miserable, and they never did make any paper for them...) China is a problem, but get over the language issues, and if one wishes to discuss Thin-Film Monochromators, they have pushed past the "West" here, and are surprisingly willing.

"It's getting to the point where the most sensible thing to do is to have your firewall block incoming and outgoing connections involving IP addresses associated with third-world and second-world countries."

It's getting to the point where the most sensible thing to do is to grow the fuck up. A very _few_ are doing to gullible Westerners for the last few years what those same Westerners did to them for centuries. There are excellent reasons why Cecil Rhodes is reviled across Africa. And Africa is just now barely getting into Internet. The Lads from Lagos have only just started.
A pretty good first step is to just stop using Windows/Android, or at least learn how to lock them down properly. Yes, Macs, iOS, and Linux are vulnerable, but at orders of magnitudes less than Windows/Android. A second step is to learn basic Internet Security, such as simply not visiting those sites likely to spread infections, or calling those friends of msmash in Mumbai for technical assistance. A third step, after stopping being so gullible, is to help others sort out their problems locally. And there really needs to be a book called something like "How to Keep Your Computer Alive: A Manual of Step by Step Procedures for the Complete Idiot". I'm sure that Muir wouldn't mind.
I would write it myself, but I'm a couple of hundred pages deep into a book about Long-Baseline Optical Interferometry, with a new Beamsplitting technique that I've developed, and I simply don't have the time.

Re:Protect yourself. Block third-world IP ranges.

[vandamme]

They spoof phone numbers, so that doesn't work.

Re:Protect yourself. Block third-world IP ranges.

So if you're a first-world web user, there's likely little need to interact with IPs that aren't associated with the USA, the UK, Japan, Australia, New Zealand, Canada, or one of the EU countries.

Fail on two levels. As a first-world web user, I buy cheap stuff from China. When all I need is simple plastic or printed t-shirts, Chinese quality is ok and cheaper than first-world alternatives. So, can't block their IP.

Second, these scammers operate from call centers. Blocking their ip ranges won't block their phone calls which comes in via landlines. And they can use a proxy for connecting 'teamviewer' or whatever. If they trick someone into buying an unnecessary sw product, they won't even need the teamviewer shit. Some people will believe that 'microsoft' found a virus on their computer and pay for a 'solution' with no need for connecting anything.

Best way to deal with these India call center types: "Yes, I know this computer is bad. I have already arranged to bring it to the local microsoft repair shop across the street. No need for this call, I _prefer_ face-to-face business."

''Difficult to track''

[Alain+Williams]

when they give a 'phone number for the mark to call ??? With all the resources that the NSA, GCHQ, FBI, ... have finding where that number goes to is going to be well within their abilities. That they are not finding and nailing these crooks demonstrates that they are not interested in protecting the public. It is not as if the cost to the public is small, the BBC claims £10.9bn a year (just in the UK). So: one has to ask what are those clowns doing with all they money that they soak up ? Who's interests are they protecting? It does not seem to be you or me!

Re:''Difficult to track''

[gtall]

No, more like they are up to their ears in all the other things governments require of them that they do not have the resources or the time. Also, many of the scams span countries. Try going to India and claim some of their citizens are scamming Americans. (1) why should they give a flying rat's ass, (2) it means assigning resources to an investigation, (3) it involves bringing prosecution. What's in it for India?

It's almost like you have no touch with reality.

Re:''Difficult to track''

I'm getting pretty close to seriously recovering damages from countries like these by intercepting wire transfers so that the transfer goes through electronically but the money never follows.

Re:''Difficult to track''

[Solandri]

I have a couple virtual phone numbers from when I used to work in Canada (a Canadian number and a Washington number). Both are hosted by Anveo for a couple bucks a month. Actually, based on the volume of calls (near zero) I could probably drop it to the $0.50/mo per-minute plan and save a few bucks.

Both forward to my cell phone. But I can also set them up to work with a SIP device (a VoIP phone). In that configuration, I can take the VoIP phone anywhere in the world and use those numbers as long as I have an Internet connection. To remain legal, I have to give an address for the Washington number for 911 purposes. But it's just a field I can fill in with anything, and there is no similar requirement for the Canadian number even though I can use it to easily make calls to the U.S.

All the standard obfuscation methods like VPNs, multiple proxies, and and anonymizing services work (provided you can get enough bandwidth with consistent latency).

Re:''Difficult to track''

#MAGA - Let Forest Trump stay in Washinton for a few weekends and let the Secret Service have the money to work on it.

Re:''Difficult to track''

No, more like they are up to their ears in all the other things governments require of them that they do not have the resources or the time.

So it is a better use of my money bulk collecting the Internet and spying on the average citizen that isn't breaking the law than to spend the time and resources trying to catch actual crooks and scammers.

Why should they give a flying rats ass what the average person is doing? That my friend is a waste of time and money.

Who is it that isn't in touch with reality?

Tech support scams!

[CustomSolvers2]

First thing coming to my mind was how can tech support for big companies be scammed? If my OS gets broken and I chose (not too likely to happen) to call their support, how are they intercepting my call? After skimming through the article, I understood what the terrible problem was: these pop-ups telling you that there is a virus on your computer! There are people actually believing the popup, reading the nonsense on it, calling to the given number and paying what people there tell them to pay!!

This seems a pretty crappy approach which is likely to be performed just by a few "companies", that's why the fact that most of scammers are in the same country makes lot of sense. Also why analysing the software used by the scammer to trick the victim? How can this be relevant here? Logically, if you want to access a computer in a different location you have to rely on certain software, exactly the same than using the phone to talk to someone.

Are people seriously so stupid to believe everything that pops-up in front of them? To even pay up to $1000 because basically a pop-up in a random (and most probably crappy and/or illegal) site told them to do so? How could these people not deserve to lose their money? How could anyone waste their time on analysing such a sad nonsense other than from the there-are-lots-of-stupids perspective?

Re:Tech support scams!

They aren't intercepting calls to tech support. They're dialing up random phone numbers in western countries and using social engineering to scare suckers into giving them remote access, whereupon they try to sell them shitty antivirus software or just lock them out and demand ransom.

As for the popups... yes. There is a significant portion of the public to which computers are Deep Magic. Many, many, many otherwise skeptical and thoughtful people become completely credulous when exposed to computer-based social engineering techniques.

Re:Tech support scams!

[CustomSolvers2]

They're dialing up random phone numbers in western countries and using social engineering to scare suckers into giving them remote access

No. It is even sadder. They are relying on "designed website tricks unsuspecting, vulnerable users into believing they have a virus, and that they need to call the number shown on the site to help them out", what basically means the following:
1. The sucker visits a crappy site with likely illegal, unethical, immoral or similar content.
2. The sucker sees a popup saying that there is an error on the computer, that should call a number to fix it.
3. The sucker believes the whole story, calls that number and pays up to $1000.

In defence of the sucker, I have to say that I have seen some of these popups (while doing a very serious research on the computer of a neighbour of a friend or a friend :)) and are very persistent. Some popup blockers don't avoid them. The only way to get rid of this crap once it appears is by killing the browser, what might not be too straightforward for some users.

Re:Tech support scams!

Are people seriously so stupid to believe everything that pops-up in front of them?

A quick glance at the election results and Nielsen Ratings over the last few decades should answer your question.

Re:Tech support scams!

..As for the popups... yes. There is a significant portion of the public to which computers are Deep Magic. Many, many, many otherwise skeptical and thoughtful people become completely credulous when exposed to computer-based social engineering techniques.

Not just the public, people, in general, are gullible fools (cf. the way they continually vote into political office globally such obvious lying scumbags). I first have to state that I've been out of the full-time IT support game for well over a decade now (recovering sysadmin here..), and I could tell you stories about people like eminent (in the public eye) physicists falling for 419 scams and the suchlike from back then as proof of my 'gullible fools' statement, but, restricting the comments to the current discussion, I'm afraid that I know of at least one local professed 'IT support company' who have fallen for this sort of tech support scam internally in the past six months (cf. The Siphonaptera) .. and yes, they're that fucking clueless, their 'targeted' normal customer base even more so (organisations with no discernible internal IT support..they phone up potential marks, ask to talk to the IT manager, if told there isn't one, they then try hard-sell their services to the CEO..it usually works (cf. statement above regarding gullible fools). )

They aren't intercepting calls to tech support. They're dialing up random phone numbers in western countries and using social engineering to scare suckers into giving them remote access, whereupon they try to sell them shitty antivirus software or just lock them out and demand ransom.

It has gotten to the point in the UK that when a lot of people hear an Indian accent at the other end of the phone on an unexpected incoming call from an unknown number (and the call has nothing to do with food), then they'll just hang up, or spout some abuse at them first and then hang up, maybe in part they're being racist about it, but a lot of it is sheer anger and frustration, though I do have to keep reminding people who start complaining about these type of calls that 'they don't have to answer their feckin phones when they don't recognise the feckin caller's number' , alas, so many people are utter feckin slaves to their feckin phones nowadays...feck!

   

Re:Tech support scams!

[nfotxn]

Lots of the people they're contacting are senior citizens, disabled and, yes, often times not too bright. It's kind of a sad confluence of a few things including a lot of old Windows XP computers and the people who still use them. But it's still pretty criminal and the victims are people who don't know any better until it's too late.

Re:Tech support scams!

[evultrole]

They aren't intercepting calls to tech support, they are tech support.

Call belkin some time, the number in the manual that came with the router. You'll get these people who tell you that you can't connect to the internet because you have a virus, not because you have a bad switch. Then the idiots will try to make you let them in so they can fix your computer for $450, even though you're calling about bad hardware that stops you from getting online.

Call up the support number for Avast and you'll get the same thing.

I don't know how many companies have fallen for this "cheap outsourced tech support" crap, but it's obviously a growing problem. It's not just scams, companies are handing these people their own customers so that they won't have to pay salaries for telephone support.

Look Donald, here's your chance.

This is the one thing that would unite Americans, as declaring war on overseas scammers would be incredibly popular. Everybody hates them AND they're foreign, so it's a win-win for you.

Seriously, it's a better use of bombs than a bunch of so-called terrorists and dictators, it'll guarantee re-election.

Re:Look Donald, here's your chance.

Considering that democrats are calling dropping the MOAB on ISIS a symbol of white patriarchy, I doubt that fighting internet scammers would be anywhere on their radar.

If anything, the democrats would probably judge this endeavor exclusively based on the skin color of those targeted in fighting internet scamming.

Well, I know this behavior is their fringe but they are leading with it.

Re: Look Donald, here's your chance.

Man, you are upset that Trump's wagging the dog was called out? Obama and Clinton got the same treatment from the GOP who were so aghast at the attacks on bomb factories and Bin Laden himself.

Now Trump faces the same criticism for playing Tony Stark? Cry some more.

Re: Look Donald, here's your chance.

It's you who's crying non-stop. I'm happy every day.

The actual fix

[slashmydots]

Why the actual hell haven't the major news outlets paraded around this malady like it's ebola? It scares people, it's relevant to everyone, and it has "send this story to everyone on Facebook" written all over it. It's the perfect storm and they can even take the angle of blaming the telecom companies for not doing enough to block the calls. Then you get outrage culture going. If this story was ran for a few days, EVERYONE in America would hear about it and not fall for it and the scam would fail. Everyone wins. I just don't get it.

Re:The actual fix

[starblazer]

because they have covered it time and time again during slow news cycles.

Where's the list?

I found the research paper but alas the list of domains isn't included in the appendix. I'd love to block all of these at the edge of my corporate net.

Re:Where's the list?

[knorthern+knight]

> but alas the list of domains isn't included in the appendix.

Try blocking "*.in" for starters. https://registry.in/

Re:Where's the list?

Blocking a whole country's TLD is more than just a bit overkill. A couple of years ago it would have been 'Block all *.ru domains'. Not a good idea (although given what's come to light since the mango shitgibbon took office, it's sounding better all the time).

I would be happy to download a hosts file for these 25,000 domains, since obviously they must have them positively identified now. Seems the obvious response to this story.

Re:Where's the list?

Unfortunately that isn't a viable solution for many. We do business with legitimate users of .in, and it's increasingly being used as a vanity TLD (linked.in for example).

Re:Where's the list?

Blocking a whole country's TLD is more than just a bit overkill.

Really?, back in the day, I used to block a whole bunch of TLDs by default on the MTAs and mailservers I looked after, and only then allowed exceptions for trusted domains, that is, domains trusted and 'whitelisted' by the users of my servers, this approach worked.

My current firewall blocks as many known CIDR netblocks assigned to a number of countries, I've no interest in traffic/data originating from these locations getting anywhere near my network, so it's either dropped or rejected outright, again, like the old MTAs, exceptions are whitelisted, usually at individual host IP in netblock level, never a full netblock.

I would point out a couple of things here;
Firstly, the Country:CIDR lists available on most of the sites which provide these are incomplete (e.g. browsing the logs this morning, I manually had to add both a Chinese and Indian netblock to the blacklists, both tried to 'abuse' my MTA, poor thing, I really must automate this process..).
Secondly, the Chinese and Indians appear to be switching their operations to hosting services elsewhere (Australia, most notably, based on current logs) to try bypassing these sort of netblock blacklistings.
So the game continues...

A couple of years ago it would have been 'Block all *.ru domains'. Not a good idea ...

been there, done that (see above re MTAs)

...(although given what's come to light since the mango shitgibbon took office, it's sounding better all the time).

Ah, but how many Russian/Ex-Soviet 'dissidents' do you have in the US?, especially in IT?
Can you really trust 'em all, eh?
Remember, they're a nation a chess players..

424544
----------
FF0000

Lodge formal complaint

[VikingNation]

The State Department should lodge a formal complaint at the Indian embassy to call for action. The governmanet in India should take steps to rid the Internet of these criminals.

Re: Lodge formal complaint

The President should shoot the Indian Ambassador in the middle of Times Square, then buy a hot dog from Nathan's.

Foreign country

[rsilvergun]

so it's already a pain to go over jurisdiction lines. I'm guessing the successful scammers have the good sense to only defraud foreigners and not locals. Different culture too. From what I've heard India has a lot of local corruption (e.g. you can buy the cops off) too. America and most of Europe doesn't really have that. We mercilessly punish low level corruption and just leave the high level stuff (our politicians) alone.

Look To The Telcos...

[ytene]

Up until March or April last year, I was taking 3-5 scam calls per week, to an un-listed UK land line number.

Most of the time I just did my best to keep the caller busy for as long as possible, purely to stop them spending time on the next victim. However, one day, as part of my challenging the caller to "prove their identity", the person I was speaking to actually managed to disclose my personal account number that I have with my UK telco/ISP. This number is printed on invoices but otherwise not used; it has no relation to my phone number, email address, or anything else.

The only way the caller could have known that detail - and correctly identified me from it - was if they were either an employee of my telco, or had stolen data from them.

I did some more digging, let the caller go, then got in touch with the anti-fraud team for my telco. Obviously telephone fraud is a big deal, with lots of un-paid bills and some large sums of money involved. So: this is a serious team with skilled people, people who can take scams seriously. I eventually got put through to an investigator and managed to convince them that they had either a leak from, or crooks operating out of, one of their India call centres.

I have not had a fraudulent call since then.

Let's just repeat the salient bit of that: an average of 4 fraudulent calls per week; one call to my telco anti-fraud team; no more calls for almost exactly one year.

I could not in truth write that my telco had a criminal gang operating out of one of their India call centres; but the evidence from my side suggests that is a likely explanation. The use of fraudulent email domains is only part of the problem, however, because without the calls we would not be prompted to visit them. [ OK, spam notwithstanding].

You would think that ISPs would be a bit more vigilant when it comes to signing up new customers; you would also expect that telcos with India-based call centres were more careful in watching their employees... Sadly, both of these activities would eat into profits. The truth is that the big telcos don't care if we are impacted by fraud, as long as they are not directly losing out in the process.

Until that changes, the calls will continue.

Re:Look To The Telcos...

The answer is obviously to drop a MOAB on the Telco's HQ.

Re:Look To The Telcos...

or the telco antifraud team changes system settings to stop routing these calls to you

Re:Look To The Telcos...

..the person I was speaking to actually managed to disclose my personal account number that I have with my UK telco/ISP. This number is printed on invoices but otherwise not used; it has no relation to my phone number, email address, or anything else.

The only way the caller could have known that detail - and correctly identified me from it - was if they were either an employee of my telco, or had stolen data from them.

Let me guess, an ISP/Telco with an Indian callcentre/Level 1 scriptmonkey technical support perchance?

Well, colour me surprised there...

Re:Look To The Telcos...

Posting anonymously because I have modded: A similar story, with names.

We moved from Virgin Media to BT (about half the cost for the same facilities) about two years ago. Before then, not a single scam caller, although we did get a few telemarketers.

Almost immediately after the move, we started getting these scam calls from what was apparently an Indian call centre. I reckon there has to be somebody in the BT call centre who was passing new numbers to the scam shop. Since I run a total Linux installation I knew that they had to be a scam.

These calls continued maybe once or twice a week for nearly eighteen months, despite the fact that I told them repeatedly that they were not going to get anywhere and I knew they were a scam. Calls to BT to report them had little effect. Recently they seem to have got the message and either put my number on a do-not-bother list or (very unlikely) the call centre has been shut down.

Re:Look To The Telcos...

Her indoors got one of the callers on the telephone line, "Hello Sir, we are calling you today to inform you that you have a virus on your Windows computer. Our systems have detected that it is corrupting your files. We are offering our services for free today to help you get rid of this virus. Are you next to your computer? OK, can you go into network settings and read out your IP address to me? OK, can you check that remote administration is enabled? OK, I am just going to run a scan on your computer...."

No references, no real substance

No references, even in TOA. Google found the paper however (arXiv:1607.06891v1 [cs.CR] 23 Jul 2016 if the post allows).

Re:I block 'em in my hosts file

Unless you can figure out how to make a hosts file work on my landline phone, this post completely misses the point of the whole article.

Hosts not IPs for mor security

Most efficient ad & threat blocker there is

APK Hosts File Engine 9.0++ SR-12 32/64-bit https://www.google.com/search?hl=en&source=hp&biw=&bih=&q=%22APK+Hosts+File+Engine%22+and+%22start64%22&btnG=Google+Search&gbv=1/

Ads & malware rob speed, security & privacy

Hosts add speed (hardcodes/adblocks), security (bad sites/poisoned dns), reliability (dns down), & anonymity (dns requestlogs/trackers) natively

Host&s stops all traffic even better than a fierwall to unknown hosts and ports all while us less powr

Hosts better than AV at detecting malicious software and stop$ in tracks

Less power/cpu/ram + IO use vs. DNS/routers/addons/antivirus + less security bugs/complexity

* Using what U NATIVELY have, built in TCP/IP stack running in FASTOR kernelmode!

Able to keep Grandm4 and you kid sister out of your porn stash

Generate nightly when I sodomize my cat

So simple it won't actually provide any protection that a small child couldn't get around

APK

P.S. - Safe because it will only keep retarded children at bay on the best day

Block them with your gaping asshole instead

Why don't you do the world a favor and block them with your gaping asshole you retarded fucker. You demonstrate just how dumb you are daily by saying your shit software stops everything when it doesn't work against most attacks.

Re:I block 'em in my hosts file

How would your hosts file block IPs out of India?

Go fist fuck yourself

Why don't you go fist fuck yourself instead. Your hosts file is about as meaningful as your time playing college lacrosse, so in other words absolutely fucking worthless just like you. I bet you could shove one of those giant red kid baseball bats or a lacrosse stick up your asshole and not feel it.

Re:Go fist fuck yourself

Take your own advice. Can't you read? The article says DOMAINS are abused in this. Hosts block domains (hostnames) stupid.

Solution

Block on you home routers, and corporate VPNs (at least), access from IP coming from Russia, China, India, Brazil, Mexico and Africa (I would say Nigeria, but to be sure, block out the entire continent). You will be much more safer.

Re:Solution

My dream would be if they blocked out that list from Stack Exchange...must less idiotic posts to look at.

Re:I block 'em in my hosts file

APK is too retarded to realize that his solutions don't do dick for security.

I block 'em in my hosts file

10 reputable security sources provide domains to block in hosts via APK Hosts File Engine 9.0++ SR-7 32/64-bit https://www.google.com/search?hl=en&source=hp&biw=&bih=&q=%22APK+Hosts+File+Engine%22+and+%22start64%22&btnG=Google+Search&gbv=1/

Ads/script & malware rob speed/security/privacy

Hosts add speed (via hardcodes/adblocks), security (vs. bad sites/malware/poisoned dns), reliability (vs. dns down), & anonymity (vs. dns requestlogs/trackers).

Less power/cpu/ram + IO use vs. DNS/routers/addons/antivirus + less security bugs/complexity & faster vs. addons/routers/remote dns!

Avoids DNSChangers in routers/IP settings & dns redirects (99.999% of ISP DNS != patched vs. it) + lightens DNS load & resolves faster from local system RAM!

* Via what u NATIVELY have in the IP stack in FASTER kernelmode!

APK

P.S. - Safe https://www.virustotal.com/en/file/e01211ca36aa02e923f20adee0a3c4f5d5187dc65bdf1c997b3da3c2b0745425/analysis/1433430542/

BobTheSuperWeasel impersonating me again?

Had enough EATING YOUR WORDS for telling lies little midget? https://politics.slashdot.org/comments.pl?sid=10458715&cid=54192877/ after impersonating me here f'ing up using your registered LUSER account by mistake to do so here https://slashdot.org/comments.pl?sid=10458715&cid=54190807/ using "YOUS" in both posts giving it away idiot?

APK

P.S.=> Shouldn't tell lies & impersonate others Apple Valley hick midget... apk

Re:BobTheSuperWeasel impersonating me again?

Your so stupid trying to make APK look bad. Don't you know that APK can see your real username all the time, and is literally stalking you right now. YOU ARE SMALL AND HAVE LITTLE HANDS AND PROBABLY A FUNNY MUSTACHE! IDIOT!

APK is the most well adjusted person on the planet, because hosts blocks all internet of bad things that make people crazy.

APK

P.S.=>Its completely normal to stalk around the internet responding to everything anyone ever says for the rest of my life because they insulted me once. Its a sign of a well adjusted person that I think its an ok thing to do. Obviously you're all crazy, but APK is the one who is making sense always.

Shut up already

Shut up already. We get it, you're dumb as a brick as you demonstrate daily.

Re:Shut up already

Take your own advice. Can't you read? Article says DOMAINS are abused in this. Hosts block domains (hostnames) stupid.

I never said "hosts cure all"

See subject: Show me where I have said that, ok? You can't. Not before now & not minus impersonating me. I can show hosts stopped botnets galore (& certainly ads) by blocking their abused domains (like the case is here in this article too) ala https://news.slashdot.org/comments.pl?sid=10020701&cid=53529963/ hosts blocking 10 botnets in as many days by blocking domains they abuse.

APK

P.S.=> In fact, I've been UPMODDED +5 for ADMITTING hosts can't stop BGP related threats http://tech.slashdot.org/comments.pl?sid=1901826&cid=34490450/ so you have shown us your ASS yet again BobTheSuperWeasel midget... apk

Re:I block 'em in my hosts file

The article's title says it uses DOMAINS dumbass. Hosts block domains (hostnames).

Re:I block 'em in my hosts file

The article's title says it uses DOMAINS dumbass. Hosts block domains (hostnames)!

/.ers disagree: It's GREAT software... apk

I'm going to continue using the Host File Engine. Your software is well written, functional. The Host File Engine performs exactly as promised by mmell

his hosts program is actually pretty good by xenotransplant

his hosts tool is actually useful for those cases in which one does indeed want to locally block stuff outright while consuming minimum system resources by alexgieg

I've never tried to belittle (APK's) work, I've flat out said it's good by BronsCon

take a look at the APK hosts file engine by SuperKendall

APK is kinda right. I've tried his hosts file generating software. It works by bmo

I like your host file system by Karmashock

I find your hosts file admirable by vel-ex-tech

* My code's liked + recommended & hosted by Malwarebytes' hpHosts!

APK

P.S.=> You're VASTLY outnumbered UNIDENTIFIABLE weasel... apk/b

Re:I block 'em in my hosts file

Speak for yourself retard. The article's title says it uses domains (hostnames). Hosts files block bad domains. Apk's program generates threat host domain names to block from reputable security sources. Hosts also speed up domains/hosts you use often. Only security solution that improves speed that I know of that does it for less resources used doing more than any other does for less from a single file you natively have that operates in faster kernelmode.

Re:I block 'em in my hosts file

Unless you can figure out how to read correctly the article states it uses domains/hostnames. Hosts block bad domains. You miss the point in your illiteracy and stupidity.

This threat uses DOMAINS/hostnames

Block 'em in hosts files: 10 reputable security sources give hosts to block via APK Hosts File Engine 9.0++ SR-7 32/64-bit https://www.google.com/search?hl=en&source=hp&biw=&bih=&q=%22APK+Hosts+File+Engine%22+and+%22start64%22&btnG=Google+Search&gbv=1/

Ads/script & malware rob speed/security/privacy

Hosts add speed (via hardcodes/adblocks), security (vs. bad sites/malware/poisoned dns), reliability (vs. dns down), & anonymity (vs. dns requestlogs/trackers).

Less power/cpu/ram + IO use vs. DNS/routers/addons/antivirus + less security bugs/complexity & faster vs. addons/routers/remote dns!

Avoids DNSChangers in routers/IP settings & dns redirects (99.999% of ISP DNS != patched vs. it) + lightens DNS load & resolves faster from local system RAM!

* Via what u NATIVELY have in the IP stack in FASTER kernelmode!

APK

P.S. - Safe https://www.virustotal.com/en/file/e01211ca36aa02e923f20adee0a3c4f5d5187dc65bdf1c997b3da3c2b0745425/analysis/1433430542/

Truth be told UNIDENTIFIABLE impersonator?

See subject: I can get your REAL names if I wish. Ask Coren22 https://slashdot.org/~Coren22/ = Derek Simard - 6415 Jefferson Pl, Glen Burnie, MD 21061 (410) 766-5672 (410) 766-6068 who disappeared a month ago when I did... do you idiots REALLY *think* you can "hide" from ME?

* Guess again... lol!

APK

P.S.=> How do you THINK I also know that "Bob the Super Hamste" is a little 5' 5" midget from Apple Valley & a product of white trash alcoholics? IF you knew who it is I do work for occasionally (like Coren22 does & ran), you'd understand... apk

Re:I block 'em in my hosts file

I never post fake replies pretending to be other people who somehow have the same bizarre speech pattern as I do and rabidly support my bizarre software.

No really, they are all real. Not fake. Not fake at all. They're in the hosts file!

APK

P.S. - Totally the real APK

Re:I block 'em in my hosts file

He's right. You're wrong and illiterate or dumb. Host/domain names are used. Hosts files block them. Impersonating apk isn't helping you unidentifiable troll. It's your tell you failed.