FCC closes telemarketing loophole used by scammers (opens in new tab)

Hm, I almost feel like it's the spam problem all over again where the appropriate fixes involve tradeoffs that many (not me though) find unacceptable, and we need to adapt the famous spam solution forum letter:

https://craphound.com/spamsolutions.txt

(I just came up with a version for robocalls but I don't want to post it here because it's a giant wall of text that I don't think pays for itself in terms of contribution to the discussion.)

It’s about time. Now if the FCC would get off it’s chair and implement a technical solution to mandate Caller verification...

It’s incredible in a world were we’re all being forced to move to RealIDs so our every move can be tracked, that criminals can continue to scam the elderly and disabled anonymously by phone.

We just need a way to hold carriers accountable. Once they start having to pay fines for unsolicited calls on their network, they find ways to fix the caller id issue pretty quickly.

> I would argue that the legality of this doesn't matter; there's a huge technical problem in that there's no authenticity guarantees at all when it comes to caller ID and the entire feature is badly designed and has always been open to abuse.

There is, at least for foreign calls: assuming US provider A gets an incoming call from the country B's operator C, then A has to verify if the phone number supplied by C is in the country phone number range of country B. If there's a mis-match, deny the connection.

It seems that phone companies won't do anything about it. Nor the FCC

There's a bunch of solutions. I received 19 spam calls spoofing cell numbers. That's a felony

I suggest everyone that get an illeagl robo call to call your rep Everytime. Ask them to block India entirely. The problem would be solved very quickly. Or block all calls from Florida and Texas. The nuclear option

The basic one is just waste their time. Ask a lot of questions. And then tell them you were doing that

The solution doesn't have to be at the phone network level either.

It would be easy enough for a regulator to simply fine any company whose products are advertised or sold through telemarketing.

Make it the companies problem that some of their marketing contractors or affiliate schemes lead to illegal calling.

It's not a real answer though. Imagine everybody adopted it (pretend everyone is using sip/VoIP). The only thing that would change is you'd get same amount of calls from the actual numbers - what are you going to do about it then?

If the callers (who LE can get to already with enough questions) are safe now, they'd be safe after the change. Sure, the hn crowd will easily set up appropriate filtering, but we were never a viable target to begin with, so that's actually helping the spam calls reach better targets quicker.

It would maybe reduce the number of scam calls though. Spam, not do much.

Yep. Solution is recursive fines. Spam calls from network provider? Issue a warning. Keep it up? The fines start and don't stop coming in until the calls stop. They ignore the fines and are outside your jurisdiction? Warn every company they transit through. They don't block them? The fines start. Rinse, repeat, until you find someone who you can effectively fine or who cares about the warnings (because you can effectively fine them) and they either bring down the banhammer (which those other entities will care about, even if they don't care about the fines) or they find a technical solution.

These calls are largely preying on the elderly. They're despicable and it's disgusting it's taken us so long to stop them—there's no excuse, it's not like human beings don't control every part of what's happening, this isn't some force of nature. Nuke them from orbit.

Here's a minor technical correction about payments lingo. Visa and Mastercard aren't issuers.

Payments are kind of a world of their own, but basically there are 5 parties involved in a credit card purchase:

1. The party that receives the payment. For example, a retailer like Amazon or Target. In payments lingo: "merchant".

2. The merchant's bank. This is where funds are going to end up. In payments lingo: "acquiring bank" or "acquirer" (because they're acquiring funds I guess).

3. The customer's bank. This is where funds are going to come from. Usually on credit. For example, Citi, Capital One, Chase, HSBC, Bank of America. In payments lingo: "issuing bank" or "issuer" (because the customer has an account with them and they issue the actual card).

4. The customer, the person who makes the purchase. This person's name is printed on the credit card. In payments lingo: "cardholder".

5. A payments network. These arrange payments (including operating computer networks as well as defining rules and policies) and facilitate the purchase. For example, Visa, Mastercard, American Express. In payments lingo: "credit card association".

Back to something vaguely relevant, one way you can instantly detect these scams is that they always seem to claim they're from Visa or Mastercard, then try to talk about lowering your interest rate. Your interest rate is between you (the customer) and your issuing bank (Citi, Capital One, etc.), not between you and the card association. Visa or Mastercard doesn't care about your interest rate. The scammers are not even claiming to be from the right type of organization!

I assume they do this because they get a higher hit rate. If they claimed to be from, say, Chase, then lots of people would think "I don't have an account with them" and hang up. If they say Visa or Mastercard, odds are good that you'll think "yes, I have one of those".

These scammers don't have anything like domain names that can be easily targeted in the same fashion.

A scammer using a domain may be able to conceal their identity, but they can't hide the domain name itself.

Apparently, this will break a lot of (cough) features (cough) that no one uses, like call forwarding. I also wonder if this will break VOIP systems that small businesses use?

The reality is that no one should care. The telephone system is broken when most of the calls we get are fraudulent. I want my phone to be useful; I don't care if fixing it breaks some phone system set up by a sketchy IT wannabe.

This is additional legal cover for phone networks, allowing them to block spoofed calls with fake caller IDs in all cases (rather than most).

Since the act itself is illegal, blocking cannot be contested.

That will definitely make them reassess their choices and do the right thing. Hopefully, they will tell their scammer friends to do the same! Problem solved!

I think, honestly, it’s more a bureaucratic nightmare thing. “This wasn’t technically illegal, so we’re not going to comply with your extradition request.” Now it is.

In that case, why bother making anything at all illegal? Criminals are just going to be criminals anyway.

I have a similar dim view of "making something illegal to patch a problem". Though I wonder if there are contract structures that require customer activity to be classifiable as "illegal" for a relationship to be terminated. Given how regulated phone infrastructure is, I wouldn't be surprised if there were laws that "guaranteed access" in the name of forcing the expansion of network access but could be weaponized by adversaries / spammers.

It does give you grounds to sue them in small claims court.

The numbers are random so why would sharing the numbers help reduce anything??

I never get calls from the same number. I've had the same scammer call me 3 times in one day from 3 different numbers.

This is the scammer that has called me 100s of times in the last 2 years: http://www.caribbeandiscountsinternational.com/about/

I tried to contact Tucows to complain, no way to do that. Then, I filed a report with ICANN that Tucows was violating their contract (because I can't report abuse), and that case was closed after two weeks.

The entire system is supporting the scammers.

You sometimes even get calls from your own phone number. Caller ID reported numbers don’t tell you anything.

It's not just amongst your friends, but Google already offers this in the latest versions of Android. It says "Suspected spam call" below the number during the incoming call.

https://support.google.com/phoneapp/answer/3459196?hl=en

> I wish (and I bet there's something on Android for this) that there was some kind of social app just for sharing scam numbers among trusted friend

The problem is scammers spoof numbers. So, even if you share the number and try to call it, the number will be dead.

Everyone expects you to have a phone number for some things. Certainly many online services expect you to be reachable via SMS for 2-factor auth. VOIP service plus a semi-decent data plan is at least as expensive as just adding on voice, and then you have two bills instead of one. You can simply ignore calls when you're not expecting one—if it actually matters they'll leave a voicemail. Those get transcribed so I don't even need to listen to see whether it was a scam or something important.

It has made phone calls probably the worst way to reach me, though. Not sure why I don't receive more text spam, which is nearly nonexistent—must be some technical reason.

Nothing is fixed. The spoofed calls will continue. This just makes it illegal but they’ve already been breaking the law scamming people.