Has anyone else noticed a steep decline in annoying phone calls since the FCC threatened legal action against three major VOIP gateways if they didn’t make efforts to prevent Caller ID spoofing from scammers?
Writing on behalf of myself and not any organization or employer. Please remove me from your mailing and contact lists.
Oh, never mind. I just saw a similar thread: FCC and FTC Demand Cut-Off Robercallers of Coronavirus Scam
The free Marriott vacation and Social Security Number suspension calls are no more!
Not that it's at all on-topic for NANOG, but no. I still get numerous "last chance to renew my car warranty" and whatever the scam is from the credit card callers per day on both my home and cell numbers.
No different than any other network abuse mechanism and regulatory and legislative measures meant to control it.
Well, while we are already engaged in the thread, some of you may be interested to know (especially if you find yourself with time on your hands these days), that you *can* actually get money from these scum. In fact, it turns out that they cave pretty easily because they *know* they are violating the law, and they *know* what the penalties are.
In fact, we wrote up how to do it (link below) and I *know* that it works because I just got myself $1000 out of a text message spammer!
So, harass those phone spammers for fun *and* profit! 
Here's the write-up I did, feel free to ask me any questions you may have. 
https://www.theinternetpatrol.com/how-to-shake-down-robocallers-and-robotexters-for-fun-and-profit/
Anne
Good grief, selling a kit for $47. Since all robocalls employ Caller ID spoofing, just how does one prove who called? Will the telephone company simply hand over detailed transport records or the hidden Caller ID information? I don't care about making money or imposition of government fines; I just want the calls to cease.
mb
Writing on behalf of myself and not any organization or employer. Please remove me from your mailing and contact lists.
This is awesome!
Not being a lawyer, I have no idea, but how effectively could a non-US-
resident (i.e. somebody who lives in Canada) apply this? Do the laws
being violated still count if they are to a non US-resident? Does not
being a US resident weaken the leverage you have over these scum? I.e.
wouldn't they be more likely to ignore a non-US-resident on the
assumption that such a person is not likely going to bring suit?
Cheers,
b.
What exactly is this "basic internet research"? I thought the big problem is that they are trivially capable of covering their tracks.
Mike
Good grief, selling a kit for $47. Since all robocalls employ Caller ID spoofing, just how does one prove who called? Will the telephone company simply hand over detailed transport records or the hidden Caller ID information? I don't care about making money or imposition of government fines; I just want the calls to cease.
Just to be clear, *we* are not selling the kit to which Matthew refers, and *I* am not selling the kit either, it is referred to in the article. Nor is it an affiliate thing (although I believe they do offer that).
Anne
I think the bigger issue is they are all entirely operated out of india.
-Dan
I think the bigger issue is they are all entirely operated out of india.
Why is that specifically a problem, exactly?
There are many reasons why it is easier to setup a scam call center in India, but it’s not like the Indian authorities completely ignore the problem. One operation in India was just raided and shut down after some of Jim Browning’s work was picked up by the BBC.
The VoIP gateways allowing CID spoofing isn’t an India specific thing. Neither is companies like Paypal who will continue to process payments for an account even after being provided evidence of fraudulent activity, and REFUNDING people who manage to file complaints on that same account.
https://www.theinternetpatrol.com/how-to-shake-down-robocallers-and-robotexters-for-fun-and-profit/
I absolutely endorse this idea. Very early in my career, I worked for a shop that provided network/IT services for a bottom tier debt collector, one of the early innovators of the ‘rent-a-lawyer’ concept in that industry. It disgusted me to overhear the tactics they used when I was in their offices setting one thing or another up, and I reveled in the schadenfreude when they started getting splashed with such ‘stock’ FDCPA complaints and losing constantly.
Well, while we are already engaged in the thread, some of you may be
interested to know (especially if you find yourself with time on your
hands these days), that you *can* actually get money from these
scum. In fact, it turns out that they cave pretty easily because
they *know* they are violating the law, and they *know* what the
penalties are.This is awesome!
Not being a lawyer, I have no idea, but how effectively could a non-US-
resident (i.e. somebody who lives in Canada) apply this? Do the laws
being violated still count if they are to a non US-resident? Does not
being a US resident weaken the leverage you have over these scum? I.e.
wouldn't they be more likely to ignore a non-US-resident on the
assumption that such a person is not likely going to bring suit?
Well, if the org is in or has a connection to the U.S., then they are still in violation of the law. Whether they would even come to know that you are not a U.S. resident would depend on how it unfolded, and even if they did come to find out that you are not a U.S. resident, to fight it on that basis would cost waaaaaay more than just settling with you.
The whole basis for this is basically that you are reminding them of something they already know (they are in violation of the law), and something else that they already know (each single violation of TCPA can carry a fine up to $500, and triple that if they knowingly violated TCPA and your phone is on the Do Not Call list - and of course you let them know that your phone number *is* on the DNC list, and that you have reason to believe that they knowingly violated the TCPA, so each call/text to you is worth $1500). What they count on is that people receiving their calls/text messages won't know the law, or how to proceed against them. YOU are letting them know that *you* know these things also, and that you are prepared to actually take them to court, where they know the odds are very much against them. They *know* how much those penalties are, so if you are offering to settle for substantially less, it is in their best interest to agree to your terms.
Whether your place of residence would ever come up is an open question; their wanting to spend the money to fight an otherwise slam-dunk (in your favour) lawsuit on that basis, which would cost them waaaaay more than what your now very reasonable offer requests, seems unlikely.
Hey, even if some of the orgs tell you to go pound salt if they find out you're not a U.S. resident, if even one comes through...free money (other than the time you have invested). 
Anne
What exactly is this "basic internet research"? I thought the big problem is that they are trivially capable of covering their tracks.
There is always a money trail. Always. Because the whole point of these calls/sms messages is to get money out of you. And the money trail almost always provides a nexus to the U.S. (or whatever country you are in).
In the case of spam calls, you do have to get a bit creative (and actually interact with the spammers on the phone...ewwww), to try to get them to give up on whose behalf they are working. In the case of text message spam, it's often much easier because there will often be a link to a website, which, yeah, is likely a front for another website, but hey, if you are part of NANOG, following those trails should be trivially easy.
In the case of the outfit that just coughed up the $1000 to me, it was a text message spam that was ostensibly about one product, but the url in the text message actually forwarded through two intermediate urls to land on a site hawking a completely unrelated product - no big surprise there (this was nice because I was also able to accuse them of violating laws about misleading advertising 
). Even with whois basically being useless now in terms of figuring out who is behind stuff, it was pretty easy to figure out who exactly stood to profit from my buying what was advertised on the landing site.
As it happened, when I contacted them, they (rather surprisingly) referred me to their lawyer - which turned out to be great because he understood immediately the predicament they were in. :~)
Anne
Mike,
Except in this case the flaw was acknowledged back in the 80’ and it room the FCC almost 40 years to do something about it.
Joe Klein
Where I was meaning to counter was Jon Lewis’s point that it was offtopic.
Good grief, selling a kit for $47. Since all robocalls employ Caller ID spoofing, just how does one prove who called?
You don't. AFAICT, that's the point of Anne's comments. Finding them
is good enough. Paying off anyone who both finds them and appears well
connected with the law is cheaper than allowing the legal system to
become aware of their identities and activity.
Blackmail 101 dude. Find someone with a secret and demand payment for
your silence. The best part is that if you're legitimately entitled to
the money because of the secret then it's not technically blackmail.
Will the telephone company simply hand over detailed transport
records or the hidden Caller ID information? I don't care about
making money or imposition of government fines; I just want the calls to cease.
Presumably the meat of the $47 kit is about how to tease out enough
clues to search public records and identify them.
Regards,
Bill Herrin
From everything i've read, the complexity of finding them is directly related to their cost of doing business. If they can get by with few layers of indirection, they do. If they need more, they will. You can be guaranteed that they will add layers if they need to. Which is to say, I don't see how this scales to actually reduce these scams.
Mike
In my experience, the caller-id is always forged, and the call center reps hang up or give uselessly vague answers if I ask what company they're calling from. I suspect the only sure way to identify them is to do business with them, i.e. buy that extended warranty on your car, or at least start walking through the process until either payment is made or they tell you who you'll have to pay. I wonder, if you agree to buy the extended warranty, solely for the purpose of identifying them, can you immediately cancel it / dispute the charge?
Then there are the 100% criminal ones calling from "Windows Technical Support" who want to trick you into giving them remote admin access to your PC. I assume that's a dry well and the best you can hope to do is waste as much of their time as yours and see how foul a mouth they have.
On the IETF list, I've been making the case that a DKIM-like solution for SIP signalling would in fact give you the way to blame somebody, which was DKIM's entire raison d'etre. Who cares what the actual fake e.164 address is and whether the sending domain is allowed to assert it or not? That is rather beside the point. All I care is that the originating domain is supporting abuse, and I know what the domain is to complain to, ignore, etc.
Mike