Firewall Wizards mailing list archives
Re: Email Scams, Telemarketing, and Identity Theft
From: "Marcus J. Ranum" <mjr () ranum com>
Date: Thu, 30 Apr 2009 23:41:52 -0400
Sam Golden wrote: > I have had my home phone number in the National Do Not Call Registry,
https://www.donotcall.gov/, since it's inception and I have received few if any telemarketing phone calls. Within the last week, however, I have received more than a dozen calls. After brushing the first few off, I became curious and started to ask the callers why they were calling me. The results were startling. Each of the first three callers I asked stated that they had received an email from me requesting that they call me. Knowing that I hadn't done so, I asked for the email address. They stated they received an email from Goldensaaaa () gmail com <mailto:Goldensaaaa () gmail com>. This apparently legitimizes their calling me.
Want to guess who sent it to them? There's cut-outs in most spam/telemarketing laws that say you can request calls or that it's OK if there's a "prior business relationship." It usually takes the telemarketers a few months to figure out a way around each new law. After all, their important message is, um, important. After thinking it over for a few years (seriously) I've concluded that spam and telemarketing are OK and I will accept any amount of them as long as I still have free speech. I don't, of course - in the US there are considerable laws curtailing same (see 18 US 2257a for example) and the FBI spends a lot of time and taxpayers' money going after certain kinds of speech rather than others that fall under the same laws. So, with spam and telemarketing we're dealing with a social failure; the police won't protect us and we are not given the tools to protect ourselves. (And the phone companies will cheerfully sell us caller-ID but then sell telemarketers the ability to block it) Ultimately, this kind of imbalance will continue as long as it's profitable.
Now, while telemarketing is annoying, it started me thinking about the implications. Anyone can search various public archives such as 411.com <http://411.com> and find a phone number for a name. Anyone can create a gmail account as long as they can read the "captcha". Is some "evil" telemarketing company hiring lots of people to generate lots of mail accounts and then offer these to faux-legitimize telemarketing phone calls?
Yes. That's probably what's happening. Although the telemarketers may simply optimize by not bothering to do it, until someone complains - THEN - send the "please call me" fake email.
Should I be paranoid?
Was that a serious question? I checked the date of your post and it wasn't April 1. Did you seriously ask the firewall-wizards if you should be paranoid? The answer is, "of course not!" It's not paranoia if you've ALREADY got a brain-leech installed in you and the orbital mind control lasers are making you dance like a puppet. mjr. -- Marcus J. Ranum CSO, Tenable Network Security, Inc. http://www.tenablesecurity.com _______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: Email Scams, Telemarketing, and Identity Theft Marcus J. Ranum (May 01)
- Re: Email Scams, Telemarketing, and Identity Theft Paul D. Robertson (May 01)
- Re: Email Scams, Telemarketing, and Identity Theft Bruce B. Platt (May 01)