Archive for January, 2008

Caller ID spoofing becomes much easier

Wednesday, January 16th, 2008

By Peter Svensson, The Associated Press

NEW YORK — Last fall, U.S. Rep. Tim Murphy’s office started getting phone calls from constituents who complained about receiving recorded phone messages that bad-mouthed Murphy. The constituents were especially upset that the messages appeared to come from the congressman’s own office. At least, that’s what Caller ID said.

“People thought we were making the calls,” Murphy said.

The calls, which the Pennsylvania Republican estimated in the thousands, were apparently placed with fake Caller ID. That has been possible for a long time, but it generally required special hardware and technical savvy.

In the last few years, Caller ID spoofing has become much easier. Millions of people have Internet telephone equipment that can be set to make any number appear on a Caller ID system. And several websites have sprung up to provide Caller ID spoofing services, eliminating the need for any special hardware.

For instance, Spoofcard.com sells a virtual “calling card” for $10 that provides 60 minutes of talk time. The user dials a toll-free number, then keys in the destination number and the Caller ID number to display. The service also provides optional voice scrambling, to make the caller sound like someone of the opposite sex.

Caller ID spoofing appears to be legal, though many of its uses are not. The Federal Communications Commission has never investigated the issue, spokeswoman Rosemary Kimball said.

Lance James, chief scientist at security company Secure Science, said Caller ID spoofing websites are used by people who buy stolen credit card numbers. They will call a service such as Western Union, setting Caller ID to appear to originate from the card holder’s home, and use the credit card number to order cash transfers that they then pick up.

Exposing a similar vulnerability, Caller ID is used by credit-card companies to authenticate newly issued cards. The recipients are generally asked to call from their home phones to activate their cards. Some card companies maintain, however, that they use additional means to confirm new cards. And caller ID spoofing may not work for calls to 1-800 numbers, where the hardware can identify calls using a separate technology.

Two spoofing services contacted by The Associated Press, Spoofcard.com and Telespoof.com, did not return messages seeking comment about their business. However, some of the five or so websites in the business don’t appear to be completely unscrupulous: James said he had been hired by a few of them, which he would not name, to help stop the Western Union scam.

Also, both Spoofcard.com and SpoofTel.com say they will surrender call logs to authorities in response to subpoenas. Spoofcard.com’s site says the service is “intended for entertainment purposes only.”

Telephone companies can trace calls to their origin regardless of the Caller ID information they carry, but the process is laborious, especially since a call may be carried by several companies before reaching its destination. The fragmented nature of the telephone network also makes it technically difficult for the carriers to prevent spoofing.

At Verizon Communications, security manager John Lewandowski said the company often gets complaints about fake Caller ID after a telemarketer has spoofed his number to cover his tracks.

In a typical case, someone will be jarred in the middle of the night by repeated telemarketing calls. He checks Caller ID, calls the number — which is false — and starts “cussing out” the person at the other end of the line, Lewandowski said.

“And that poor guy was asleep. It wasn’t him at all,” Lewandowski said. The company investigates and tracks down the callers, he added.

Apart from fraud and telemarketing, Caller ID spoofing can be used for pranks and spying.

In one case, SWAT teams surrounded a building in New Brunswick, N.J., last year after police received a call from a woman who said she was being held hostage in an apartment. Caller ID was spoofed to appear to come from the apartment.

It’s also easy to break into a cellphone voice mailbox using spoofing, because many systems are set to automatically grant entry to calls from the owner of the account. Stopping that requires setting a PIN code or password for the mailbox.

In a slightly more complicated fashion, spoofing was part of the technique used by a hacker who broke into Paris Hilton’s cell-phone voicemail in 2004, according to security consultant Kevin Mitnick, who said he was citing hacking sources. The hacker apparently called the celebrity socialite posing as a technical-support person from the carrier, and lured the password from her.

That is known as a “pretext” call — someone poses on the phone as a customer, employee or even a regulator to obtain personal information from companies and individuals. And indeed, while Spoofcard.com contends that its service is for “entertainment purposes,” it also notes that “Private Investigators will find Caller ID spoofing valuable for pretext calls.”

Robert Douglas, a privacy consultant in Colorado, testified before Congress last month that pretexters trade tips on finding the best spoofing services.

Pretexters generally claim their practices are legal, as long as they don’t involve financial information. A bill introduced in the Senate would make it illegal to pose as someone else to obtain phone records, or to buy records from phone company insiders.

Douglas would like legislation against Caller ID spoofing as well, but there appears to be little interest in Washington.

“If I’m paying extra for Caller ID, which I do … there should be some ability on my part to believe what I’m getting,” Douglas said.

In Alaska, State Representative Bob Lynn has introduced a bill to make spoofing a misdemeanor. “False caller identification is more serious than pranks, or the annoyance of intrusive telemarketing,” Lynn writes. “It facilitates fraud, and can be potentially deadly.”

However, it is unclear what effect the bill would have. As Lynn notes, Caller ID is a federal issue.

Posted in Telemarketing | No Comments »

YourCallerID.com Tracks Down and Reports Clandestine Callers. (Press Release)

Friday, January 11th, 2008

YourCallerID.com Tracks Down and Reports Clandestine Callers.

TAMPA, FLORIDA-January 8, 2008. YourCallerID.com is harnessing the power of the internet community by listing and outing companies who attempt to circumvent caller id by not disclosing their identities. With the creation of caller id, many individuals have been able to take back the power that many intrusive telemarketing companies, bill collectors, scam artists and other unwanted callers had seized. YourCallerId.com is seeking to ensure that individuals are able to keep that power.

With the technology of caller identification, individuals can easily and discreetly screen all of their phone calls. However, the telephone companies left a loop hole. Savvy or unscrupulous individuals can place calls without their identification being known, by simply keying in a special code. Instead of their phone number being displayed on the caller id box, the word “unavailable” is displayed instead. Many individuals, curious about who is on the other line, pick up the phone and are often times greeted by a pushy telemarketer, a scam artist, or some suspect charity.

Well, one new internet company is actively attempting to put a stop to this. YourCallerID.com is requesting that individuals publicly list companies who place calls in this manner. Individuals can visit YourCallerID.com; report any number that comes across as “unavailable” and share notes on the call, including the name of the company and what they wanted. Individuals can also check and see if a number that they are receiving calls from has already been reported. Individuals can then report companies who violate the law by calling individuals listed on the national or state no call lists or who are attempting to run a scam.

YourCallerID.com has a database of reported phone numbers and company profiles that have been submitted from users all over the world complete with the names of the companies that made them. Reports and comments from users who have received such calls is encouraged and appreciated. One user wrote “For several weeks now, they have been calling typically once every other day. They call both my cell and work numbers, which makes me think this case is not one of mistaken identity (trying to reach someone with bad credit that didn’t change their number). I don’t give them out (my numbers) so I have no idea how they got them. Additionally, I have perfect credit and have never paid a late bill in my life. I have not called them back because I thought it was a scam…”– regarding a company that kept repeatedly calling while hiding their identity. The company name, linked to a P.O. Box, was later discovered.

YourCallerID.com is seeking to build the world’s largest, growing database of companies who attempt to circumvent caller id. Sharing such calls and experiences will enable individuals to report non-law abiding companies, avoid being scammed, research sneaky callers, and permanently block these telephone numbers. We want you to be able to find out WHO CALLED.

YourCallerID.com is based in Tampa, Florida. Any contact inquires can be forwarded to admin@yourcallerid.com.

Posted in Uncategorized | No Comments »

Hanging up on Telemarketing Fraud

Monday, January 7th, 2008

Many Canadians have found it tough to hang up on fast-talking scam artists pitching exclusive investment opportunities, pleading on behalf of questionable charities, and promising free trips and prizes.

While many consumers think they couldn’t be fooled by a telemarketing scam, police caution that fraud artists employ highly sophisticated techniques to manipulate, trick and bully. Consumers across the country were robbed of more than $1 million in 2006 in a variety of telemarketing fraud schemes, according to PhoneBusters, the national anti-fraud call centre. Cpl. Louis Robertson, of the RCMP’s Criminal Intelligence Analytical Unit, said fraud artists tend to cast a wide net. “You could be 16 years old or you could be 92 years old. You are a potential victim,” he said.

In December 2006, police in Montreal made a string of arrests, breaking up an alleged telemarketing ring that preyed on seniors and businesses in Canada and the U.S. Police say the alleged boiler-room plot, which targeted mainly Americans, defrauded its victims of up to $13 million over three years. One of the phone pitches allegedly had fraud artists persuading seniors to play phoney lotteries, in which the targets made fake tax payments on non-existent winnings. Authorities allege the scam artists targeted the vulnerable, aiming to rob people of their life’s savings.

Telemarketing fraud can have devastating results, leaving people emotionally shaken and in financial ruin. But experts suggest people can separate legitimate business calls from scams if they ask critical questions and hang up on suspicious callers. How to protect yourself “If it’s too nice, it’s not true,” Robertson said of telemarketing pitches that try to tap into people’s needs or desires. Fraud artists aim to exploit people’s vulnerabilities to their advantage by making lavish promises and offers. Who wouldn’t want a free Caribbean cruise to break a long and cold winter?

Why wouldn’t you want to enter a lottery if you were guaranteed to win? Consumers should slow down and ask questions before agreeing to anything. If you are unsure whether a service or offer is legitimate, take down callback numbers, ask the caller to mail additional information, and ask for references. The following tips will also help protect your savings: If you don’t remember entering a contest you have supposedly won, be skeptical and demand more information. Canadians cannot win out-of-country lotteries. If you are told you’ve won one, hang up immediately.

If a caller tells you that you need to pay for the delivery, taxes or processing of a prize, be cautious. Sometimes, telemarketers will ask their victims to send cash or money orders, as they cannot be traced. Ask for more literature to be mailed to you along with references before you agree to purchase a service or a product. If a person is calling on behalf of a charity, ask them to call back after you’ve done some research. Check Revenue Canada’s database to ensure it is a registered charity. Robertson said people who do surrender personal financial information over the phone are at risk of losing money and their identities. “Not only will you be a telemarketing victim, you are a potential ID-theft victim, next week, next month, next year, in five years, don’t know, but you will be put on the list and that list will be posted on the internet eventually,” he said.

Avoiding manipulation

To avoid getting entangled in a long and involved pitch, people should just end suspicious calls, Robertson said. “Hang up because they’re not scared of us,” he said. “With the new technology, it’s so easy to set up a boiler room.” People can now choose their own telephone numbers and area codes, making it difficult to trace calls, Robertson said. Consumers should also be alert to common manipulation techniques. Scammers will try to sell limited-time offers, encouraging people to sign up for a special deal before they’ve had a chance to do any research. Keep in mind that reasonable businesses will give their consumers a callback number and some time to consider special sales or deals.

Fraud artists also prey on people who are lonely by striking up a false friendship. A caller may use your first name and ask personal questions to create a profile and build some common ground. Be firm, and hang up on any suspicious callers. “They are professional phone callers,” Robertson said, noting they will try to cajole and convince with pleasantries and sweet voices. Alternately, some scam experts may try to use positions of authority to manipulate their victims. The caller may purport to be a government official, a bank manager or a lawyer as an intimidation technique. If you are concerned about a potential problem, ask for a callback number and contact a lawyer or a trusted third party to respond. A scam in January 2007 saw people pose as Canada Revenue Agency workers. Callers were asked to provide personal bank account information. The federal agency warned it never asks people to deposit money into bank accounts registered to an individual, noting all tax debts are payable only to the Receiver General for Canada. What to do if you’ve been scammed Many people who have been scammed are embarrassed or figure it’s too much bother to do anything about it. A poll conducted in 2006 by the Strategic Counsel for the Competition Bureau of Canada found that four in ten respondents said they “did nothing” to resolve incidents of marketing fraud. The top two reasons respondents gave for their inaction was that they assumed it would be too arduous a process and the amount of money stolen was not worth reporting.

But police warn that if you have surrendered information or money, you may be added to a “sucker list” — a database of potential victims that is traded among fraud artists. PhoneBusters notes that telephone fraudsters who have succeeded once will continue to pursue their victims.

Authorities say consumers should also call their local police, banks, PhoneBusters, or the Competition Bureau. Online complaints can also be logged on the RECOL (Reporting Economic Crime On-Line) website (www.recol.ca). Complaints are filed, prioritized, and directed, where appropriate, to partners, including PhoneBusters, the RCMP and the U.S. Internet Fraud Complaint Center. For computer automated calls coming from mysterious numbers, consumers should go online and check databases for telephone numbers and company information. Robertson urged people to take the time, no matter how small the amount.

“If you lose $40, are you going to take the time to call your local police and be on the phone here for 15 minutes?” he asked. “But if the bad guy hits 400 people at $50, at the end of the line, it is a fairly large amount of money.”

Posted in Telemarketing | No Comments »