Ha, a couple of years ago I got one of those calls every day - finally I told them it was illegal, I was on the don't-call list at both the state and federal levels, and they should stop immediately.
The manager I talked to actually told me to get fucked, they'd keep calling if they wanted - and they did, too, sometimes three times a day. This went on for weeks; I'd dial 1 to connect to a person and lay the phone down, and finally they stopped (probably that particular guy got fired or something - I guarantee they have massive turnover).
This goes beyond just milking strangers for lots of money. This kind of racket attracts sociopaths who literally enjoy breaking the rules and knowing there's nothing you can do about it. I often have a hard time believing in the existence of actual scum, but then I just recall this episode. There are people in the world who do not buy into the narrative of working together for the common good.
It is music to my ears that the FTC has nailed some of them down enough to make them hurt. It has made me very happy.
I had a summer job in a telemarketing sweatshop and I learned that you should be polite to telemarketers.
At the time, at least, the company I worked for had two "call back later" lists. If the telemarketer didn't reach a human (because the phone was unanswered or went to voicemail), the phone number would go on a "call back next week" list. If the telemarketer reached a human who said "no thanks", the phone number went on a "call back in six months" list. However, if the telemarketer reached a rude human, their phone number would go on the "call back next week" list, just to spite the person. :\
Also, you should ask to be added to their "do not call" list. If you ask to be removed from their list, they may oblige, but they are likely to remove you from "that" list and conveniently not bother removing you from the master list.
Sure, you should be polite to the Mafia, too - that's an awful nice shop you have here. But in this case, I was polite.
I don't need to be added to their do not call list. Indiana and the United States have do not call lists that it is illegal to violate, and I was on both. They were breaking the law with utter impunity.
But the point I really wanted to make was they were breaking the law stupidly. It was obvious they'd never make a dime off me - so making me suffer at their own expense was stupid. I detest stupidity, which, arguably, makes me a very unhappy man most of the time.
> I had a summer job in a telemarketing sweatshop and I learned that you should be polite to telemarketers.
Well, polite and merciless. Anybody doing telemarketing today is a criminal, so they get zero mercy from me. My favorite approach is to let them stew for a bit and then ask, "Hey, does your family know you lie to people for money?" It almost never fails to get people upset. The truth: it stings.
Them putting me on the "call back again" list isn't a problem for me; it's an opportunity to make another parasite's day more difficult.
For the record, pretty much everybody who mentioned the topic at the FTC robocall summit believed that there is no such thing as an internal "do not call" list anymore.
After having a "sales" (read: 95% telemarketing, 5% Misc tasks) job this past summer I can agree with much of what your saying. I gave it a couple months, then I quit (for various reasons, not really worth listing).
The thing is, as much I as absolutely hate saying this completely over-used phrase: the economy is shit. I am personally familiar with 100% commission based telemarketing, which amounts to complete shit, for those of you keeping score at home. Though, supposedly some telemarketers get paid hourly. Either way, its a crappy job but one that people are going to line up to fill so long as its the only job in town.
The problems you describe are the ones that have been solved over and over again where a frontier has been exploited by scammers: regulation and central control of the infrastructure. Something tells me that telemarketers weren't so much of a problem before AT&T was broken up in the early 80s.
That may also have had something to do with long distance charges that, in today's dollars, were roughly five thousand dollars a minute (to hear my parents talk about calling my friends in the next town, anyway).
Yes, deregulation had many market effects. Positive exceptions prove the rule no more often than negative ones, and (re)regulation of the telco industry on the telemarketing front does not return us to the price-setting ways of long-distance in the past.
What baffles me is that legitimate banks actually do hire incredibly shady-sounding third party outfits with names like "Cardmember Services" or "Card Services" to handle credit card customer support. I once inadvertently dodged a genuine fraud-investigation call from my bank for weeks because it sounded like such an obvious scam. I don't understand why they don't draw the connection: scammers like this only work because the banks prepare the ground and make the call seem plausible.
This practice screws up attempts to instill good online security habits in people, too. For example, Citibank's normal domains are citi.com and citibank.com, but then it sends email links to the super-fake-sounding accountonline.com, which is apparently where its actual ebanking services run (you get redirected there even if you login at citi.com).
Even worse is when banks send out "cloaked" links, where the anchor text in the email shows their actual domain name, but the HREF target is n23uiahsf8das9fda.somethingelse.com.
The n23uiahsf8das9fda.somethingelse.com is probably a third-party marketing tracking service. Since Citi would never allow marketing company run their tracking service on citi.com and since users won't be eager to click on n23uiahsf8das9fda.somethingelse.com link, they don't have much choice. On the question of how then legit marketing emails differ from phishing - I have no idea. I just never click on any of those links. If I need to do something on my bank's site, I just log in there directly and do it.
Since Citi would never allow marketing company run their tracking service on citi.com and since users won't be eager to click on n23uiahsf8das9fda.somethingelse.com link, they don't have much choice.
They do have a choice. They could choose not to "track" their customers in this way.
Well, there's a legitimate marketing need to know how many people read your communication and how many were interested in what it says (as expressed by clicking on the link). After all, what's the point of communicating if nobody's listening or nobody cares?
Bank of America's Cardmember Services sounds very remarkably like "Rachel" or "Ann" in their approach on the phone. They won't (they say they can't) give out even the last 4 digits of the credit card number you're in trouble about.
I too have dodged cards that I'm 49% certain were legitimate.
I got a survey from a company that Wells Fargo had hired, to see if my recent visit was satisfactory.
It smelled legit, but my policy is to never respond to any email from my bank, I only communicate via my online account where I'm logged in, or by a call that I make.
After that email I logged in (separately), and sent them a message saying the above. They responded quickly and automatically that yes, the 3rd party email was legit.
Really, banks should just pretend that email was never invented.
I got an email from Chase welcoming me to a new account. It was legit, but I hadn't opened an account. When I called in, the rep assured me it must be spam.
Their abuse department emailed back to me verifying that they had sent it, but that no account was using my address anymore (it had the right DKIM, so I was a bit paranoid; looking back, I'm not sure what trouble it would case me).
I used to work for the FTC, and I was surprised how many calls I received at work from scammers. It always renewed my motivated.
In an effort to continue this tradition, I would suggest you ask scammers to call back on your other line. Then give them an FTC number. Any number 202-326-xxxx should work.
One of the things that fascinates me about this is that "Rachel from Cardholder Services" is a name used by a bunch of different scammers.
I originally thought: How hard is it for them to close that one company down? But they actually shut down a major caller in 2010, one that made 2.6 billion calls:
There was some discussion about the $50K challenge last week, and I still don't think anything can happen without industry buy-in. It's mostly a policy and people problem, and the only technical barrier I've been able to identify is that Caller ID can still be forged.
The whole situation bears an interesting contrast to the battles over anonymity on the Internet, where the telephone industry is trying to preserve the ability of their customers (telemarketers) to avoid detection.
I watched the webcast of the Robocall summit, and it was fascinating.
It was clear that most of the telephone industry really hates phone spammers. An AT&T guy was saying that evil robocall outfits often forge the numbers of their existing customers, causing AT&T no end of headaches. Plus they get a ton of complaints from call receivers. I am sure that the major carriers would shut down phone spammers in a heartbeat if it were easy.
Looks like the FTC now has the videos from the summit up on the web:
Anybody seriously interested in the problem should check out the videos. There's a lot of good stuff in there about the technical issues. And there are some interesting technical solutions as well.
I work at the lone automated calling company that represented the "industry " at FTC Robocall Summit(http://www.call-em-all.com) and we are interested to see what solutions to this problem might come from this.
We definitely would love to have a solution to where we could guarantee that no illegal calls are being made (Recent Blog Post: http://blog.call-em-all.com/3-reasons-we-are-excited-about-f...). We have our own internal checks but something which can be implemented on a higher level would be great for us.
The reality is that with the mix of old tech and new tech (read VOIP), tracking who is really making the call is very hard right now (timely and costly). Scammers knowingly break the law and unfortunately, a list of people saying don't call isn't going to stop them from scamming.
I can't imagine how to solve the problem in an acceptable manner. Without something like certificates and encryption, some concept of identity, you're just not going to get anywhere, and I'm about fifteen miles into the "unacceptable" territory with that suggestion ("hey, guys, let's just rewrite the entire infrastructure from the very bottom!"). Your primitives are broken, any system built with them will be broken, and it's going to be more years before people are ready to even think about that.
So what amount above zero has the industry spent time and/or money in order to combat this problem, possibly to prevent their industry being killed by the bad companies? Does the legit part of the industry support unspoofable CID or any other technical restriction? Has your company publicly suggested any solutions?
We haven't proposed any solutions at this time, but we feel that a method in which we can utilize certificates or authentication is potentially the way in which is the least disruptive to the current infrastructure.
But the infrastructure is the real problem. So many switches around the country are so old that hops through the network are very difficult to track and make any innovative technology solution hard to implement fully.
Can anyone explain, or point to a resource that explains, why this is still the case in 2012? Is there some technical reason why this is the case, or do the phone companies make enough money off of scammers and robocallers that there's no incentive for them to fix it?
The reason why Caller ID can be forged is that the calling device announces its CallerID number.
The easiest way to get into spoofing CallerID is by using a SIP-driven POTS gateway (very common 6 years ago, telecom moves very slowly, so I suspect they are still easy to find today). Some providers will validate the number you want to announce, and prevent you from announcing a number that they don't think you should be using. Others don't care at all. There are a lot of different telecom service providers, so finding one with lax policies isn't hard.
Almost anyone who is actually operating a phone card business has all the equipment needed to do this, for example. Phone cards are incredibly competitive, so if you head over to your local telecom hotel you won't have much trouble finding people willing to take your money in exchange for steady business.
The next time you are in a data center, take some time to talk to the people messing with the funky gear that doesn't look like any firewall or router you've ever seen.
There's no real system that would allow verifying if telco X can use number Y for a given call. Verifying that is actually not as simple as it would be 20 years ago. These days you can move numbers between providers pretty quickly. You can request services which fake the callerid for legitimate reasons (when you setup call forwarding, it's your telco making the new call but you probably want the original number to be preserved). There are also cases when you want to authorise some numbers to be faked (for example you want your company phone to have caller id set to the office switchboard).
There would have to be a global opt-in system allowing to verify those cases. And it would be as effective as the DNS records for verifying sender domains - you probably want to assign it a score, rather than reject right away.
Actually you cannot spoof a number on your own pots line. At least not a standard end-user line, because that one's connected directly to your telco and is bound to one specific id. But if you have a trunk with your own control channels (so basically you and telco assume trust between each other and that you provide correct information) you can publish any numbers you want.
It's quite popular with the internet telephony providers to relax the rules a bit. Basically some allow you to check the "I promise not to break the law, believe the data I send" and will accept any caller id you want. Since there's no way for one telco to verify other telco's source numbers, everyone else has to believe your caller id too.
$50k is what you get for writing up the idea. Not bad payback for a little thinking and writing. And if you come up with a solution that is potentially profitable, you've now got seed capital and publicity for your new business.
I don't understand why the FTC wants to pursue technological solutions to this problem. Instead, why not let the jail times of the officers of the companies associated with these scams scale with the number of complaints received?
If they're taking payments, there's even a handy money trail.
If they're operating outside of US jurisdiction, freeze their bank accounts just like we do to Iran.
Bottom line: it should not be possible for these companies to collect payments, and their officers should receive mandatory jail time.
Catching and prosecuting a criminal is an awful lot of work, so there will always be a lag between crime and punishment. Most criminals aren't making good cost/benefit tradeoff decisions, so as long as they can get a quick taste of money doing something dubious, some of them will scale up.
I'm also in favor of mandatory jail time for serious offenders, but mere punishment hasn't stamped out most other kinds of crime, and probably won't stamp out this one, either.
These calls are being generated by relatively few robocallers who are collecting money and have service provided by phone companies which track and meter every minute.
This is a significantly different environment from online email spammers who can hide behind bot nets, open relays, and don't take payments directly.
Instead, robocallers appear to operate in a near perfect knowledge environment for prosecutors (with the will to act).
That's definitely not correct. You should watch the Robocall Summit videos. All parties agree that it's a giant pain in the ass tracing both calls and people right now.
I got many, many calls (4 or 5 a week) from "Ann from Cardholder Services" during the spring and summer of 2012. I started hitting '1' and then dragging out the conversation with the customer service rep. After that stopped being fun, I would just tell the service rep to quit before they get arrested.
In the fall of 2012, I still hit '1' to be connected, but I never get to talk to a human. I'm not even on hold. The call doesn't terminate, but nothing happens to it, as if they route me to a grounding strap on a cold water pipe.
Isn't this what Google is trying to attempt with Google Voice and using SPAM filtration on those calls? It would seem that a company could greatly benefit by somehow acting as an intermediary and allowing users to rate a call as spam.
The issue is that like SPAM in the e-mail days, the technology isn't the problem, but rather the adoption of a filtration method. Adoption will happen when this problem becomes a big enough issue for consumers to switch to another provider (which is already difficult already).
Nice to see that the FTC recognizes what an incredible nuisance telemarketers are, but hard to cheer for them as politicians are not only allowed to use robodialers, they are exempt from abiding by the Do Not Call list.
Why? Because they are not "included in the definition of telemarketing".
There's calling anonymously, and there's intentional misrepresentation. I wouldn't mind retaining the ability to set your outgoing caller-id to Anonymous, or Name Withheld, or something like that. But I don't think Joe's Sweatshop should be able to set its id to Legitimate-Sounding Business, Inc.
You know what? Absolutely. I'm 100% with you. You should be able to turn off caller id. And I will black hole all anonymous calls, and we'll both be happy.
Now and then I used to amuse myself by letting them connect and then asking a) what company they represented, and b) in what state it was incorporated. This was usually--maybe always--good for an immediate disconnection.
I really hated getting these calls. They're insidious! It's even more disturbing to note that there is something called "Cardholder Services" on your credit card bill as a number to call.
A few months ago I got sick of them calling, pressed 1 to talk to someone. And informed them that this was the third time they had called after being asked to stop, I had records, and I would be filing an FCC complaint. The woman got very apologetic and gave me a number I could call to get "permanently taken off their list". I called said number. It was a gay sex hotline. True story.
Just last month [the FTC] announced the Robocall Challenge offering $50,000 to anyone who can create what the agency calls "an innovative way to block that will block illegal commercial robocalls on landlines and mobile phones."
So the US government is using the phone system to track and to eavesdrop on everyone it cares to[1], but it can't figure out a way to use that power to, you know, actually enforce the laws concerning that same phone system.
But somehow, they're going to catch terrorists that way. Sure.
Why have I never received something like this, nor know anyone who has, in Europe? Whats different over here that this doesn't (that I know of) happen?
So here's the thing. Someone can easily set up a robocall campaign with Twillio, Tropo or any number of other services. I would like to see anti-robocall measures strictly enforced. With that being said I wonder what percentage of these providers business is coming from these robo-calls and/or what they are doing to prevent them.
The manager I talked to actually told me to get fucked, they'd keep calling if they wanted - and they did, too, sometimes three times a day. This went on for weeks; I'd dial 1 to connect to a person and lay the phone down, and finally they stopped (probably that particular guy got fired or something - I guarantee they have massive turnover).
This goes beyond just milking strangers for lots of money. This kind of racket attracts sociopaths who literally enjoy breaking the rules and knowing there's nothing you can do about it. I often have a hard time believing in the existence of actual scum, but then I just recall this episode. There are people in the world who do not buy into the narrative of working together for the common good.
It is music to my ears that the FTC has nailed some of them down enough to make them hurt. It has made me very happy.