funsec mailing list archives
Re: Rachel from Cardholder Services
From: Jeffrey Walton <noloader () gmail com>
Date: Wed, 29 Apr 2015 18:20:20 -0400
I get a lot of calls from "Ann" or "Rachel" from "Account Services" or "Cardholder Services". Aren't these folks breaking US law by spoofing caller ID?
They are annoying as hell. When you ask to be removed, they hang up on you. And then call back 3 or 4 times later in the week.
Does anybody know how these underground businesses are set up? I'm guessing that the actual telephone calls take place from hacked PBXs, and those perps hand off to a second "boiler room" outfit, because I can listen through all the recorded messages, but I often get hung up after that.
Sounds about right... The problem is within the standards for caller id. I seem to recall your trunk is supposed to set the Caller ID to a "correct" value (for some definition of "correct"). The outgoing PBX can override it (the folks who sell service to the call center), and the incoming PBX can override it (the folks providing your local telco service). If any of them set the caller id information, they are setting it to bad/incorrect/misleading information. The incoming PBX override is basically not authenticated, so your Telco is just regurgitating bad information. Also see "OT: Question on Caller ID (Spoofing calls with Asterisk)", http://marc.info/?l=asterisk-users&m=140906431703331.
Fourth, I'd like to call upone every human to NOT hang up, but rather to listen to the recorded scam message, and even try to talk to the human,
FCC and FTC complaints work well, too. I was filing 3 or 4 a week. Jeff On Wed, Apr 29, 2015 at 4:30 PM, Bruce Ediger <bediger () stratigery com> wrote:
I get a lot of calls from "Ann" or "Rachel" from "Account Services" or "Cardholder Services". Aren't these folks breaking US law by spoofing caller ID? Does anybody know how these underground businesses are set up? I'm guessing that the actual telephone calls take place from hacked PBXs, and those perps hand off to a second "boiler room" outfit, because I can listen through all the recorded messages, but I often get hung up after that. Third, is there any way to find out who does this, and have them prosecuted to the fullest extent of the law? It's pretty clear that the FTC do-no-call registery complaints web page just deletes all input data. Someone must care, right? Fourth, I'd like to call upone every human to NOT hang up, but rather to listen to the recorded scam message, and even try to talk to the human, to keep the PBX lines tied up as long as possible. I'm coming to believe that every one who can, should waste cold caller's time, run honey pots and generally intercept any scam communications possible. Who's with me?
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Rachel from Cardholder Services Bruce Ediger (Apr 29)
- Re: Rachel from Cardholder Services Blanchard, Michael (InfoSec) (Apr 29)
- Re: Rachel from Cardholder Services RL Vaughn (Apr 29)
- Re: Rachel from Cardholder Services Kain, Rebecca (.) (Apr 30)
- Re: Rachel from Cardholder Services Bruce Ediger (Apr 30)
- Re: Rachel from Cardholder Services Kain, Rebecca (.) (Apr 30)
- Re: Rachel from Cardholder Services Blanchard, Michael (InfoSec) (Apr 29)
- Re: Rachel from Cardholder Services Jeffrey Walton (Apr 29)
- Re: Rachel from Cardholder Services Bruce Ediger (Apr 29)
- Re: Rachel from Cardholder Services Nick FitzGerald (Apr 29)