World-wide, credit card fraud and other scams cost the public billions of dollars. While credit card fraud is the clear leader in sheer volume of money lost, "regular scams" still result in a significant amount of money being lost each year. Globally, credit card fraud resulted in losses of US$21.84 billion in 2015. The so-called "Nigerian scam", usually perpetrated via email, totalled US$12.7 billion in 2013. Overall losses are likely to be much larger however, as many scams go unreported.
While scams that come in over email are increasingly being picked up by spam filters, around 45% of scams in Australia (and likely other countries) are by phone and text message.
Email spam filters are using machine learning techniques to get better at identifying the wide range of scams that can arrive in inboxes. This is by far the most effective way of dealing with scams, as the average member of the public has been shown to be remarkably susceptible. However, very little has been done about phone and text scams. This is surprising given scammers have quite brazenly stuck to using the same number or area codes over significant periods of time.
[...] Google and Apple should, however, be able to do more independently of these agencies. With the advent of machine learning techniques being used to analyse emails, it will be also possible to apply the same technology to phone calls.
[...] The list of other scam types is fairly consistent, and so is identifiable by software interpreting the conversation in real time. Governments should apply pressure on companies like Apple and Google to tackle this problem. Until then however, it is worth using one of the third party apps (like: TrueCaller, Hiya ) to ward off scams.
Do you have suggestions on how these scams could be stopped ?
(Score: 1, Insightful) by Anonymous Coward on Tuesday June 27 2017, @12:53AM (7 children)
Make it illegal to spoof your Caller-ID to a number you don't own. The phone companies already know who's actually making the damn call, they aren't going to miss charging for it. Throw some liability on them if their records aren't complete so they can't weasel out of it. Then actually enforce the damn do-not-call list.
Lately I've been getting between 1 and 5 calls per day that are robo-calls with numbers spoofed to local area codes. It's getting quite tempting to cancel cell service entirely and just rely on Google Voice on the PC when I need to make calls.
(That, or trap Hastur in your voicemail answering message. Relative difficulty levels are up to you.)
(Score: 2) by Thexalon on Tuesday June 27 2017, @01:43AM (1 child)
It already is. Email spam is illegal too, but that hasn't stopped it from happening.
The only thing that stops a bad guy with a compiler is a good guy with a compiler.
(Score: 3, Informative) by edIII on Tuesday June 27 2017, @05:48PM
No, it isn't. In the U.S, only Mississippi makes Caller ID spoofing illegal in that way. Right now I could call someone spoofing the numbers to my heart's delight.
If it was illegal in every state, I could be starting investigations on each and every telemarketer call that comes into my network. I can't. There is nobody to call, no departments in the upstream carriers, no desk in the local police to complain to, etc. Technically, for some people, I AM the telephone company. They are paying me for telephone service, and call me for support. Heck, I'm even the operator :) As the telephone company, I doubt even the Attorney General for the State of California would give a shit about a faked Caller ID on on a call that came through on my network.
I've been through this once before. I acted as a telephone company and for three days dealt with upstream carriers, and even the local police, and nothing got done. I was basically told that tracing the line (like the movies) was practically impossible. Unless the FBI got interested or something, the chances of me tracking it down were NIL. I got no's in every single direction I turned. This was with a formal complaint of harassment that I was trying to handle.
That's what needs to change. I can do everything correct on my end, and I already limit the Caller ID to only the numbers that have proof of ownership. Really easy when I know all of my customers. On the other end though, there are VoIP companies that are NOT as stringent with what can be passed. There are no agencies, no websites, no support of any kind to track down the carrier that was involved, much less the paying customer. That's with/without a legal subpoena.
To my knowledge, the only people truly capable of tracing a line are the FBI/NSA. That's only because of the mediation switches that are picking up all telephone traffic for DCSNet. At the carrier level, we have ANI which is sparsely and unreliably populated.
Step One: Make Caller ID spoofing illegal
Step Two: Actually enforce it, and allow VoIP companies to file complaints.
Technically, lunchtime is at any moment. It's just a wave function.
(Score: 0) by Anonymous Coward on Tuesday June 27 2017, @09:17AM (4 children)
Ain't the whole thing centralized? Why is it possible to spoof anything easily?
(Score: 0) by Anonymous Coward on Tuesday June 27 2017, @12:14PM
Typically, legitimate businesses with multiple internal offices want to keep their internal numbers private while both allowing outgoing calls from said internal numbers and presenting a single point of contact to the outside world. This would be one such reason to "spoof" CallerID, so that no matter where the call originated from inside the businiess' phone network, the CallerID would always see the primary business name and number displayed.
(Score: 0) by Anonymous Coward on Tuesday June 27 2017, @12:17PM
And no, "the whole thing ain't centralized" when it comes to CallerID. You can build your own PBX phone system using software and hardware (Asterisk comes to mind), tho I do believe you will require one small bit of cooperation from whatever phone company you'd use. Such help is regularly given out to businesses that maintain their own PBX systems - including spammers with call centers.
(Score: 2) by nobu_the_bard on Tuesday June 27 2017, @12:43PM (1 child)
Pretty much, the system wasn't designed with the idea that computers would exist someday to make everything easier.
The spoofed Caller ID is just a field you fill in on most PBXes. I could claim 1-111-111-1111 was my number if I wanted to.
There's no actual centralized database of all phone numbers. Everything's stored in separate relative databases. It's not super easy to figure out the precise owner of a number sometimes, and sometimes things get confused (like more than one company thinking they own a number).
Thing is, there's a lot of people, for good reasons and bad, that like the system as-is and/or don't want the government to touch it. The government has a habit of not doing much helpful in this field beyond what a layperson can understand.
(Score: 0) by Anonymous Coward on Tuesday June 27 2017, @02:41PM
The government has a habit of not doing much helpful in this field beyond what a layperson can understand.
The average layperson can easily understand "nuke from high orbit", and offering to apply it
to telemarketers, or indeed any kind of cold caller, is likely to be the single most effective way of
getting elected to high office ever proposed.
Indeed, if ISIS were to propose mass murder of telemarketers, they would probably
get elected to office in the USA.