Re: Rachel from Cardholder Services

[Jeffrey Walton <noloader () gmail com>]

> I get a lot of calls from "Ann" or "Rachel" from "Account Services"
> or "Cardholder Services". Aren't these folks breaking US law by spoofing
> caller ID?

They are annoying as hell. When you ask to be removed, they hang up on
you. And then call back 3 or 4 times later in the week.

> Does anybody know how these underground businesses are set up?  I'm guessing
> that the actual telephone calls take place from hacked PBXs, and those
> perps hand off to a second "boiler room" outfit, because I can listen
> through all the recorded messages, but I often get hung up after that.

Sounds about right...

The problem is within the standards for caller id. I seem to recall
your trunk is supposed to set the Caller ID to a "correct" value (for
some definition of "correct"). The outgoing PBX can override it (the
folks who sell service to the call center), and the incoming PBX can
override it (the folks providing your local telco service). If any of
them set the caller id information, they are setting it to
bad/incorrect/misleading information. The incoming PBX override is
basically not authenticated, so your Telco is just regurgitating bad
information.

Also see "OT: Question on Caller ID (Spoofing calls with Asterisk)",
http://marc.info/?l=asterisk-users&m=140906431703331.

> Fourth, I'd like to call upone every human to NOT hang up, but rather to
> listen to the recorded scam message, and even try to talk to the human,

FCC and FTC complaints work well, too. I was filing 3 or 4 a week.

Jeff

On Wed, Apr 29, 2015 at 4:30 PM, Bruce Ediger <bediger () stratigery com> wrote:
> I get a lot of calls from "Ann" or "Rachel" from "Account Services"
> or "Cardholder Services". Aren't these folks breaking US law by spoofing
> caller ID?
>
> Does anybody know how these underground businesses are set up?  I'm guessing
> that the actual telephone calls take place from hacked PBXs, and those
> perps hand off to a second "boiler room" outfit, because I can listen
> through all the recorded messages, but I often get hung up after that.
>
> Third, is there any way to find out who does this, and have them prosecuted
> to the fullest extent of the law?  It's pretty clear that the FTC do-no-call
> registery complaints web page just deletes all input data. Someone must
> care,
> right?
>
> Fourth, I'd like to call upone every human to NOT hang up, but rather to
> listen to the recorded scam message, and even try to talk to the human,
> to keep the PBX lines tied up as long as possible. I'm coming to believe
> that every one who can, should waste cold caller's time, run honey pots
> and generally intercept any scam communications possible. Who's with me?
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.