nanog mailing list archives

Re: Phishing and telemarketing telephone calls

From: Michael Thomas <mike () mtcc com>
Date: Mon, 27 Apr 2020 11:34:06 -0700


On 4/27/20 11:12 AM, Jon Lewis wrote:

On Mon, 27 Apr 2020, William Herrin wrote:
On Sat, Apr 25, 2020 at 7:32 PM Matthew Black<Matthew.Black () csulb edu> wrote:
Good grief, selling a kit for $47. Since all robocalls employ CallerID spoofing, just how does one prove who called?
You don't. AFAICT, that's the point of Anne's comments. Finding them
is good enough. Paying off anyone who both finds them and appears well
connected with the law is cheaper than allowing the legal system to
become aware of their identities and activity.

Blackmail 101 dude. Find someone with a secret and demand payment for
your silence. The best part is that if you're legitimately entitled to
the money because of the secret then it's not technically blackmail.

Presumably the meat of the $47 kit is about how to tease out enough
clues to search public records and identify them.
In my experience, the caller-id is always forged, and the call centerreps hang up or give uselessly vague answers if I ask what companythey're calling from. I suspect the only sure way to identify them isto do business with them, i.e. buy that extended warranty on your car,or at least start walking through the process until either payment ismade or they tell you who you'll have to pay. I wonder, if you agreeto buy the extended warranty, solely for the purpose of identifyingthem, can you immediately cancel it / dispute the charge?
Then there are the 100% criminal ones calling from "Windows TechnicalSupport" who want to trick you into giving them remote admin access toyour PC. I assume that's a dry well and the best you can hope to dois waste as much of their time as yours and see how foul a mouth theyhave.

On the IETF list, I've been making the case that a DKIM-like solutionfor SIP signalling would in fact give you the way to blame somebody,which was DKIM's entire raison d'etre. Who cares what the actual fakee.164 address is and whether the sending domain is allowed to assert itor not? That is rather beside the point. All I care is that theoriginating domain is supporting abuse, and I know what the domain is tocomplain to, ignore, etc.


Mike

Current thread:

RE: Phishing and telemarketing telephone calls, (continued)
- RE: Phishing and telemarketing telephone calls Matthew Black (Apr 24)
- Re: Phishing and telemarketing telephone calls Jon Lewis (Apr 24)
  - Re: Phishing and telemarketing telephone calls Mike Hammett (Apr 25)
    - Re: Phishing and telemarketing telephone calls j k (Apr 27)
    - Re: Phishing and telemarketing telephone calls Mike Hammett (Apr 27)
  - Re: Phishing and telemarketing telephone calls Anne P. Mitchell, Esq. (Apr 25)
    - RE: Phishing and telemarketing telephone calls Matthew Black (Apr 25)
    - Re: Phishing and telemarketing telephone calls Anne P. Mitchell, Esq. (Apr 26)
    - Re: Phishing and telemarketing telephone calls William Herrin (Apr 27)
    - Re: Phishing and telemarketing telephone calls Jon Lewis (Apr 27)
    - Re: Phishing and telemarketing telephone calls Michael Thomas (Apr 27)
    - Re: Phishing and telemarketing telephone calls Dovid Bender (Apr 27)
    - Re: Phishing and telemarketing telephone calls bzs (Apr 27)
    - Re: Phishing and telemarketing telephone calls William Herrin (Apr 27)
    - Re: Phishing and telemarketing telephone calls Brian J. Murrell (Apr 26)
    - Re: Phishing and telemarketing telephone calls Anne P. Mitchell, Esq. (Apr 27)
    - Re: Phishing and telemarketing telephone calls Michael Thomas (Apr 26)
    - Re: Phishing and telemarketing telephone calls Dan Hollis (Apr 26)
    - Re: Phishing and telemarketing telephone calls Tom Beecher (Apr 27)
    - Re: Phishing and telemarketing telephone calls Anne P. Mitchell, Esq. (Apr 27)
    - Re: Phishing and telemarketing telephone calls Michael Thomas (Apr 27)

(Thread continues...)