I built telecommunications systems / software for some time. The unfortunate truth here is that telecom carriers absolutely already have everything they need to largely put a stop to it but they knowingly ignore it. It's the biggest problem in the US because because of pricing. It's expensive to run outbound campaigns in almost any other country, and very cheap in the US (fractions of a penny per minute compared to 5-10c per minute in some EU locations). Scammers need volume to make money.
The reason carriers -- from the local exchange carriers and up -- ignore it is because just a single scam operation can mean 10s of thousands of dollars in volume a month, and sometimes more. Since they have to self-report for the most part they're not very incentivized to stop it. There are a few easy to implement regulatory / technical mechanisms that could nearly axe all of it, but carriers push back hard on those regulations and they never stick.
I know from experience dealing with this that it's absolutely not ignorance that's at play on the regulatory and commercial side. It's disgusting, and as fueled with greed and red tape as you'd fear.
You've missed the legal / regulatory side of things.
Apparently this has just recently changed, but telcos are highly regulated in the US and they are legally required to execute calls placed by their customers. This means that they have to be very very sure the call should be blocked before doing so, otherwise they face legal liability. This regulatory structure means that call spamming in the US is all but legally protected.
Compare this to less-regulated email, where Gmail and other providers are free to block spam based on any reason: source ip, domain, content of the email, etc.
Are you referring to STIR/SHAKEN that is a requirement and has been/is being rolled out?
I'm not sure how much was commercial benefit vs lazyness/no incentive to solve the issue directly - the telcos aren't making a lot of money on inbound calling. It's just a problem that didn't impact them directly - only their customers.
Have to touch on this as it's a common theme to my response. There absolutely are regulations. However, regulations being in place, and the enforcement of these regulations are different. STIR/SHAKEN is a requirement, however it's an easy requirement for scammers to meet. (Numbers are super cheap to buy in bulk, pennies per month typically). Sooner or later they'll run out.
The second side of the regulation miss is that carriers have to self-report much of the time. These centers pay into the 6 figures monthly to their carriers. The carriers know exactly what kind of traffic is being sent through and many times aide these scammers in shaping the traffic to look more legit. Auto-warranty scams in the past? Huge amounts of that traffic were routed through the likes of Y-Tel and a couple others. Regulators knew this but enforcement took years to happen. It's the same right now.
Lastly is the issue of what happens once enforcement occurs? The answer is not great: The scammers change numbers and keep going. They aren't local and it's not cut and dry when it comes to continuous enforcement against foreign entities. Their carriers still support them and the fines are typically less than a month's revenue from the larger outfits (think Uber).
Better meta-data helps aide robo / scam / spam blockers. IMO, we should just shut down these carriers who knowingly aide these scammers. We know who they are, they aren't hard to find.
Isn't that basically what they did? I think the FCC authorized the disconnection of a handful of service providers, and has been aggressively sending notices to others.
The telco's complacency have trained their customers to not answer the phone thereby destroying one of their primary businesses. Gen Z and Y consider it rude to call people.
I think that was true long before robo calling was a big thing.
Since texting and even back from the AIM/IRC generation - when I was in college 20 years ago, with T9, people were already primarily were texting not calling.
This is a classic example of an unintended consequence of deregulation.
Normally we could petition our elected officials and get something done about it. But lobbyists have come to so completely dominate our legislative process that whole industries have effectively coopted the government through regulatory capture.
On top of that, they've hoodwinked half the population into thinking that regulation bad.
At this point, we can all remain hypervigilant and snoop on our grandparents and get sucked into various private industry scams like identity insurance. We can play games with switching carriers within the duopolies in our areas when they let scammers steal from us. We can project loudly on social media when someone across the world steals right from out of our bank accounts, and haggle with our credit card companies to charge it back and rip off some merchant so that we don't have to pay. This is how scams metastasize into protection rackets and authoritarianism.
Or we could like, make this all illegal and charge carriers directly when it happens. But that would cost rich people money. So rich people run propaganda campaigns to convince us that fines just get passed on to consumers. Which doesn't make any sense in a free market, where we could switch to a cheaper carrier that didn't get fined.
Once we see this from that meta level (that political controversy is rooted in misdirection and lies) it just gets so tiring to watch the same debates over and over. Maybe we need some rich people to step up and call out this nonsense (dragons give up their loot so easily). Maybe we need to organize and start some consumer unions that dictate to vendors how much we'll pay for their services until they shape up. Maybe we should get back to our geek roots and start a free peer to peer wireless network.
Huh, writing out this rant, I just had a thought. Where's the keystone in this? Political progress can't be hacked, so none of our instincts around quick fixes work. In other words, the half of the population that has the working solution has to somehow convince the other half to go along with it. That can be a long and painful process spanning decades.
So what does the other half want? What concession to them would result in getting legislation passed to solve this?
Telcos are one of the most regulated industries in existence.
And as I point out in my sibling comment, bad regulation is the reason this problem exists: because telcos are not legally able to block most spam calls. If not for this regulation, telcos would have solved spam callers long ago by blocking suspected sources of spam. (Instead, they do work-arounds like labeling them "scam likely.")
I gave you an upvote even though I'm going to disagree with you. In general, I'm very open-market and low-regulation - however in this particular case you're touching on the idea of a "common carrier," which is an important idea.
When you have one (or a small number of) providers, in a high-barrier-to-entry industry, that provides a critical service - this gives these providers enormous power over us if they were to refuse to do business with us or charge us higher rates. Think water, electric, shipping/postal, internet access, telco, etc.
What if the postal service decided to stop doing business with you, perhaps because of the offensive content of the letters you want to send? Or nobody will ship your merchandise because they don't approve of it? Or your internet provider cancels you? And what if there are a small number of them that collude on these bans, so now you can't even switch providers?
By designating certain industries as "common carriers" it prohibits them from denying service to anyone for any reason, except for particularly obvious, egregious and illegal reasons.
If you want to send out Nazi propaganda newsletters to people who have requested them - the US Postal Service will (and should, I believe) deliver them for you.
We should not allow telcos to decide who's calls to put through. This is a job for legislators and law enforcement, however imperfect those solutions are.
That sounds plausible, I can understand that carriers shouldn't filter traffic, because that goes against net neutrality. So it sounds like carriers can't block traffic at their level, but can attach metadata that the end user can block. I did a quick search on how that would work and found this info from Robokiller (no affiliation):
We’re fighting behind the scenes to get government support for better fighting robocalls. The FCC’s TRACED Act is just one piece of legislation we’re behind that will increase penalties for robocallers–but there’s far more work that needs to be done.
I realized a TL;DR of my rant after writing it:
Organized crime is stealing from members of the community and the police rarely succeed in returning stolen property. The mayor claims to be trying to help, but mostly works at reelection. Half the community wants to pass a law to fine a middleman who sees crime occurring but does little to stop it. The other half claims that the law itself facilitates the crime and wants to cancel more laws. Some people hire a watchdog to prevent the crime, and that seems to work. Others feel that if the crime affects the whole community, then a solution should be part of the commons, because vulnerable and/or impoverished members of the community would be left defenseless otherwise.
I'm in that second camp. I feel that a conservative argument here is: if I have to be bothered by every little thing because the government can't do its job to defend the community and the security of its property, then that's not a republic, it's anarchy.
Anyone claiming “deregulation” for the names sake is speaking rhetoric without knowledge. Both conservative and liberal economists agree with regulation. The most conservative of economists understand the concept of externalities. Call centers bear a clear externality. The business transaction between the telecom
Company and the caller bears a negative externality on the callee who is not a member of that transaction. Conservative economists would also agree with regulation to at least impose a cost on the transaction to reflect that externality. The problem is with policy and lobbying as you stated - write your member of congress.
To comment on a now deleted post to this comment: I’m not arguing that bad regulation doesn’t exist which can perpetuate and help continue market failures. I’m arguing that good regulation is the fix to known market failures and economists on both sides recognize that.
> The most conservative of economists understand the concept of externalities.
Even conservative economists (and for that matter, also other experts) usually aren't dumb, but I've never seen one of them act on their knowledge appropriately. They all prioritize their ideology and their donors, some of them even refuse to listen to science and facts when people die by the masses.
You are confusing economists with politicians. I can point you to many conservative economists who recommend good policy - whether or not that is implemented is a different story. Economists are advisors, not decision makers, in this context.
It may also be that they see this as a slippery slope of being responsible for moderating the content of phone calls, which is not a road I imagine carriers want to go down.
Absolutely everything: car dependency, affordable housing and healthcare, hard drugs, the environment, corporate tax evasion, energy, money laundering, immigration, good pay for nursing and teaching staff, etc.
"We can't fix X because then sector Y would suffer trillions in losses and jobs so it's best to keep the status quo and kick the can down the road."
Congress already passed the TRACED Act. The FCC is moving relatively quickly in issuing government orders (as fast as a federal agency can move). It will take years for phone companies to upgrade to signing calls with level A attestation. Right now 20% of calls are signed and that includes level B attestation (we know the number is not spoofed but not who is using it) and level C (we only know the upstream phone company). If signing is implemented it will take more time to finally cut off non-signed calls. Tracing abuse takes time. Then robocallers can not pay fines and open another LLC. Hopefully this will reach an equilibrium like email where 99% of raw email traffic is spam but spam filters make it reasonable for individuals.
So, I realize this is a big ask - but can you please write this up as a story and sent it to a major news outlet? My cynicism is already high, but I would not have suspected this of all things, that telcos would allow the elderly to be victimized to the tune of $10B to make a few pennies.
Most of the losses (in $ terms) from these scams do not involve gift cards. They involve the scammers convincing you to install some remote desktop software and emptying your bank account.
It's already illegal to send people to open bank accounts with fake IDs, but the scammers have no problem cashing out the bulk of their profits like that.
Sometimes they transfer to a cryptocurrency exchange, sometimes they go to a branch to withdraw everything. Banks don't really like either of those, so issuing checks and cashing them somewhere else is a common scheme.
Some may bounce the money through a few accounts and eventually into a business account that'll send it overseas, it depends.
The people on the ground are random replaceable idiots.
My grandmother got talked into mailing cash between the pages of a magazine. I don't really know what to say other than the format of the money doesn't matter too much, someone is going to try to scam people out of it, and the scams are going to work.
And when scammers go back to using Western Union are you going to ban that as well? When they ask a person to send them cash are you going to ban cash as well? Hell let's just ban all money to prevent this.
I want gift cards banned not because of scammers. Like pay-day loan services, gift cards are based on the fraud of profound information asymmetry. Gift cards make liquid cash worse in almost every dimension. It's tied to one supplier. It can be lost. I forgot the stats, but I'm positive billions spent on gift cards are never redeemed.
Gift cards are just slightly less evil than payday loan services. They take advantage of a (positive) human need to give, and a (negative) human need to not work hard, picking out a gift, and a (negative) need to appear to have purchased a gift when one, in fact, has not. What makes it even more evil is that because it's a gift the loss is not seen as important for the giver (they gave it away after all) or the receiver (they weren't expecting to have this thing). The burden on the receiver, to carry around this extra piece of plastic, having to remember to use it, possibly even altering your behavior to use it, makes it even more nefarious.
I don't think my position is particularly common. Certainly gift card industry fraud is low on the list of societies pressing problems. But it is a problem and one that I wish was better understood .
Yeah, how about this: when I get a gift card, I a) discount the gift about 50% based on EV and b) consider the giver kind of stupid for wasting money like this. It's like the opposite of being impressed with someone for getting a good deal. "You spent $5 and this is worth $100 to me, awesome!" versus, "You spent $25 on this and it's worth $10 to me. Yay." Everyone just fucking loses. (Like you, I am surprised at my vehemence - perhaps pg is right that writing and thinking are one and the same, and I'm just late to the epiphany that I absolutely loath gift cards. So much so I wouldn't even mind being known as "that guy who hates gift cards so much".)
Can't edit comments that old, but I feel like my first sentence was perfectly appropriate given the parents appeal to authority ("I built telecommunications systems / software for some time").
I wouldn't call that an appeal to authority? but even if it were, your comments need to follow the site guidelines regardless of what other commenters are doing. You broke them badly above.
You don't see how that's an appeal to authority, I don't see how my comment violated the site guidelines. I wasn't name-calling or swiping at anyone, I was merely refuting the parents appeal to authority.
If you tell me you don't see how "You've completely missed the mark" breaks the site guidelines, I guess I can see how that's borderline. But "you have no clue whatsoever"? That's a straightforward attack/swipe of exactly the sort you're asked not to post here!
I think you missed the point the previous poster was making: These non-US-based scams generate a ton of revenue for telcos, which is why they are not incented to stop them.
I don't know anything about it, just trying to clarify what (I think) previous poster meant.
PaybackTony literally said "It's the biggest problem in the US because because of pricing." and went on to explain how calling in EU is much more expensive. I think it's safe to assume that he just didn't think this through.
By absolute numbers, I do believe OP is correct. In Germany, we do have a problem with phone based scams as well, but since we have modern ways of transferring money (SEPA wire transfers / direct debit) and actually useful identity cards that make opening fake bank accounts for mules very difficult, almost all scams rely on personal contact instead - the most common scheme is fake policemen, where the callcenter will call elderly people and pressure them to go to their bank to draw cash, then a "policeman" shows up at the door and takes the cash.
It costs like 100 euros to buy a fake ID that'll work at any bank in Germany. This is a bizarre trope oft-repeated on HN by techies who think that banks actually verify chipped ID cards, they do not. And even if they did, they have to accept a plenty of EU IDs which do not have chips.
Google and look at how a Greek ID card looks like, it's literally a piece of paper.
> opening fake bank accounts for mules very difficult
Are you being sarcastic? https://crimemarket.is/ ctrl-f for BD, there are literally hundreds of people offering german bank accounts.
On the same forum you will find people selling Kleinanzeigen accounts, and DHL insiders creating fake tracking IDs for Kleinanzeigen scams.
> almost all scams rely on personal contact instead - the most common scheme is fake policemen, where the callcenter will call elderly people and pressure them to go to their bank to draw cash, then a "policeman" shows up at the door and takes the cash.
This isn't true at all. Those scams happen, but they're the minority. You can search for "OB Cashing" on crimemarket, that's the term of art they use for calling up grandmothers and convincing them to empty their bank accounts.
> It costs like 100 euros to buy a fake ID that'll work at any bank in Germany. This is a bizarre trope oft-repeated on HN by techies who think that banks actually verify chipped ID cards, they do not. And even if they did, they have to accept a plenty of EU IDs which do not have chips.
I'm not talking about the eID chip, that isn't verified indeed - but at least in my experience, when opening a bank account in person, they do diligent checks, for non-German cards they even have a database how different nations' ID cards should look like and what the security markings are.
Video-Ident aka holding your ID card into your webcam is indeed vulnerable, and banks like N26 got in really hot water, which forced them to ramp up their anti-fraud measures to a degree even legitimate customers got massively impacted [1].
> On the same forum you will find people selling Kleinanzeigen accounts, and DHL insiders creating fake tracking IDs for Kleinanzeigen scams.
Yes, dark markets exist. But their scale, still, is vastly lower than the US, where you have shit like virtually all Americans' information being sold online that is necessary to open lines of credit and do other kinds of fraud. Stuff like tax refund scams or SSN's being abused by illegal immigrants simply does not exist here (again: at least not at a relevant scale), because we have modern systems in place.
> This isn't true at all. Those scams happen, but they're the minority. You can search for "OB Cashing" on crimemarket, that's the term of art they use for calling up grandmothers and convincing them to empty their bank accounts.
The classic scams are the majority, and yet even these they yield the scammers only something like 13 million euros a year [2], that's laughable compared to the amount Americans lose, even if one assumes that only a tenth of the cases gets reported at all.
And again: entire classes of scams like "I got arrested and need bail money" or "I was involved in a traffic accident and need to pay the hospital cash advance for treatment" don't work here because we don't have cash bail or bills from hospitals and people know that. If you would try this scam on any European, they'd laugh you off because they know that this doesn't exist.
>but at least in my experience, when opening a bank account in person, they do diligent checks
Most banks don't even have UV lights, not that fake IDs don't usually have decent UV markings anyway. Hardly very diligent.
>for non-German cards they even have a database how different nations' ID cards should look like and what the security markings are.
As do essentially all banks in the world, doesn't save you though. Many European IDs (Romanian, Greek for example) do not have any meaningful security features, Romanian IDs can look completely different depending on which day and which city they're printed in and there's no reference guide for this.
>Video-Ident aka holding your ID card into your webcam is indeed vulnerable, and banks like N26 got in really hot water, which forced them to ramp up their anti-fraud measures to a degree even legitimate customers got massively impacted [1].
Pretty much any fake ID that'll pass Video-Ident will generally work at the bank too.
>The classic scams are the majority, and yet even these they yield the scammers only something like 13 million euros a year [2], that's laughable compared to the amount Americans lose, even if one assumes that only a tenth of the cases gets reported at all.
This is totally wrong, there are individual people running car-selling scams on mobile.de netting more than that.
>And again: entire classes of scams like "I got arrested and need bail money" or "I was involved in a traffic accident and need to pay the hospital cash advance for treatment" don't work here because we don't have cash bail or bills from hospitals and people know that. If you would try this scam on any European, they'd laugh you off because they know that this doesn't exist.
Those scams are common in the US and UK, but they only make up a small part of the $ losses. The bulk of the losses comes in the form of people losing all of their savings as their bank account is emptied.
At one point I worked on the very systems they used (dialers, PBX, internal CRMs), with the carriers that enabled it. This wasn't an opinion of mine, I was merely passing along real-world information from someone who worked in the industry (me). Many in this thread completely underestimate the volume these centers call at. We aren't talking hundreds of thousands of minutes per month per center. We're talking millions of minutes. Cost per minute is a massive cost
even at 1/6 increments. The call center we ran, that was direct marketing / support typically had telecom bills well into the 6 figures every month at the height.
Their scams are purposefully asinine. It's not profitable to spend time and effort into tricking the wise into an unwise act. It's far more profitable searching for the unwise to act in kind. So when you throw your hands up asking "Who would fall for that!?" The answer is typically: Someone who'd be willing to buy a gift card or share bank account info. This contradicts your last point that a given locale is more or less likely to be scammed given the native language.
Language barriers are a part of the issue, yes, but these centers are capable of calling and speaking a number of languages. Cost and regulation are the big factors here. Just like any other business model. I got out of the business (telecom / direct marketing saas) right when EU started raising fees and coming down on some of the bad actors. Unfortunately for the US, that meant those bad actors focused even more in the US.
Also, the scams really aren't as profitable as you'd think most of the time. They generally can't afford more than a $50 CPA at best. Again, they have to turn heavy volume to get to their target market. They also rotate "offers". You hear about the big "wins" a lot (Grandma scammed for 50k+) but those are outliers. Typically it's $20 here, $100 there. Again, volume.
>Their scams are purposefully asinine. It's not profitable to spend time and effort into tricking the wise into an unwise act. It's far more profitable searching for the unwise to act in kind. So when you throw your hands up asking "Who would fall for that!?" The answer is typically: Someone who'd be willing to buy a gift card or share bank account info. This contradicts your last point that a given locale is more or less likely to be scammed given the native language.
You're severely underestimating the success rate of these calls.
> Typically it's $20 here, $100 there. Again, volume
This is perplexing, even the gift card scams don't target such low amounts. The only logical conclusion is that we're talking about completely different kinds of scams.
The kinds of scams targeting amounts you speak of tend to be slightly less obvious ones, selling bullshit services and actually running credit cards. These operations often aren't even necessarily criminal, beyond perhaps the spammy part.
> You hear about the big "wins" a lot (Grandma scammed for 50k+) but those are outliers.
Nah, those are the bulk of this $10B figure. Tricking a grandma to install teamviewer and emptying her account isn't much of a challenge.
> You might have telco experience, but you have no clue whatsoever about the economics of these scams.
Please watch your tone and choice of words. That sentence is more focused on defaming the OP than addressing the merit of what they said.
Furthermore, saying "it makes no difference to the scammers if they're paying 10c per minute or calling for free" shows an equally clear failure to understand the economics of these scams. The vast majority of calls made by a scammer will yield nothing. They have to make numerous calls to find the one sucker who can be convinced to turn over their financial information or mail cash or do whatever needs to be done. I don't know the exact per-minute cost at which most scams become cost prohibitive, but I'm pretty sure you'd be shocked at how little it is. If it takes 2,000 calls to find one victim, and you're paying 10 cents per call, you'll spend $200 per victim. Will you make that much back, and will it be enough to offset all of the other costs involved in trolling? It depends. But it definitely makes it less appetizing than when the calls are free.
You're correct that some of the scams yield hundreds of thousands of dollars. Like I said, I knew someone to whom that happened. However, most scammers look for smaller payouts in quantity. Think of ransomware that make it look like your computer is full of viruses just so they can "sell" the uninstaller for a few hundred bucks. There are hundreds (if not thousands) of these incidents for every one incident involving a large $100K+ payout.
It makes sense, given that people are willing to act a lot more independently (without consulting others) when only a small amount is on the line, they often won't admit to these missteps out of embarrassment, AND, perhaps most importantly, it won't raise the ire of federal law enforcement enough to be concerned about things like extradition and prosecution.
> You're correct that some of the scams yield hundreds of thousands of dollars. Like I said, I knew someone to whom that happened. However, most scammers look for smaller payouts in quantity. Think of ransomware that make it look like your computer is full of viruses just so they can "sell" the uninstaller for a few hundred bucks.
Those are the exact scammers who will get you to install teamviewer/anydesk and use it to empty your bank account, with the $100 charge just working as a distraction. You can find videos showing how these scams work on youtube.
Of course lots of people won't have $100k or even $10k in their bank account, the scammers will just send those people out to buy gift cards or similar instead of wasting their drop accounts.
Even if only one in 1000 calls returns $100k, they're still averaging $100 per call.
yes, that's the one. i remember the first time reading about it and thought Klingon or Elvish would have been a better choice, but alas, i'm not a linguist
That’s kind of sad that they won’t just fix it if they can. I over hear my elderly parents give each other tips like “don’t open that email, it’s fake” and things like that.
My uncle almost drove two states away to give a stranger $10,000 because he was duped into believing his grandson had gotten into an accident and killed a pregnant woman. The only thing that stopped it was that he first needed to borrow the money, which led to my involvement. We made some calls and were quickly able to confirm that the grandson in question was at home and nowhere near the "accident" in question.
My parents have had to cancel their main debit card twice in the past year because they've given out the number to someone they thought was with their bank.
My neighbor (in her 80s) almost gave her SSN to somebody who claimed to be with Social Security.
I knew a guy who lost his entire retirement to scammers and had to give up his dream of retiring to Florida.
I'm sad to say it, but it's more dangerous than ever to be old or naive. In the old days, the scammers had to come to you. The internet has made it trivial to carry out scam operations from the other side of the world, and everyone who COULD do something (especially the FCC and telcos) seems to be indifferent and apathetic.
> I'm sad to say it, but it's more dangerous than ever to be old or naive
It will get orders of magnitude worse once all this can be fully automated by AI (including a completely realistic video or voice call by the grandson where he talks about killing the pregnant woman).
It seems much easier to build an AI that helps less bright people to scam others than one that helps them to not get scammed.
One needs to provide clear instructions for a single good scam when explicitly asked to do so, the other would need to provide good defenses to any number of scams and be more or less self-activated.
There's also the matter of risks entailed by having large swathes of the population increasingly under the direct supervision of artificial minds (controlled by who?).
I suspect something like this will happen though, and that one of the key uses of artificial intelligence will be as both an offensive and a defensive weapon for deceit and manipulation. Indeed the offensive part would seem to be a natural continuation of the enormous resources poured into ml-driven engagement maximization and the quest for sufficiently politically correct AIs. As an example ChatGTP is evidently explicitly designed to lie about some things, including its own capabilities. I'm not sure what, if anything, currently exists on the defensive front.
At the moment online if I try going to a scam site / get scam email, Google tends to put up a warning which I imagine makes use of machine learning plus some other stuff.
Yeah for voice calls nothing yet though the likes of Google/Apple could probably do something. Against your point that bad AI is easier, you have that Google/Apple have more resources than the scammers.
It's nightmarish in India too right now. The spam is relentless, but they now target Whatsapp messages. Older people in India treat Whatsapp as the gospel and believe that anything that pops up on Whatsapp is "official".
I've got my parents to essentially keep just the bare minimum in their bank accounts, to cancel all debit cards, and keep all extra funds in fixed deposits that you can't withdraw from online (have to visit the branch).
similar story for me a year ago. grandpa got a call that i was in jail for hitting a car and the driver was pregnant. lost her baby. they even had “me” talk to them briefly which really got em believing. he went to bank and mailed $9500 in cash, to what ultimately appeared to be an airbnb
was v sad because he felt supreme humiliation over the matter.
Happened to my uncle, he records all calls so he was able to show us. When they let him speak to "his son" he sounded just like him and even used the same greeting his son normally does with him. Was very creepy. And his real son had his phone turned off during that time.
The really weird bit is they didn't ask him to send any money out. They knew his address and some "police" showed up an hour later demanding he write them a check.
This is in Canada. They've apparently found the guy, but there's some difficulties because he's in a different province.
I'm sorry to hear that. It was almost the exact same thing with my uncle. When I first started asking questions, he tried to assure me it was legit because he had heard his grandson talking in the background. My guess is that they had somebody sobbing hysterically while talking so as to make it hard to recognize that the voice is "off". When you're stressed, it's easy to miss that kind of thing, and they exploit it.
Airbnb must be a hotbed for these sort of things. I had a friend in the 90s who would squat at unfinished or unoccupied homes while he ran fraud scams, renting an Airbnb seems much easier, since these scammers almost certainly rented it with a stolen identity.
Lots of people do bad things, most bad people have friends, many of whom are either too naive or too lonely to be picky. He treated me well and taught me a lot about tech in the 90s. It was not easy to find mentors/like minded people (tech, not fraud) where I lived at the time, so the criminal aspect was regrettable. As an adult I look back and am so disappointed that he didn't do something legitimate, he was a top notch sysadmin, and was great with customers (I mean, that's how scams work) - he could have been much more enriched by going legit. He rightfully ended up in prison for about 14 years, maybe more? But yes, a friend.
It scares me very much that these people vote and the terrible state of American politics largely reflects that. If you can’t have the forethought to call your grandson to see before giving someone $10,000, do you have the brain capacity to make an intelligent voting choice?
I know this is a tangent to your comment but after seeing my parents and others their age do similar things to what you describe it makes me wonder about voting and driving with no age limits or proof of non-dementia.
Yeah there's something off about the person's competence. This is not a corrupt country with bag men and personal connections trumping law. Anything important is in writing. Even if this were a real personal injury tragedy $10K in blood money won't make legal problems go away. That's barely enough for an ambulance ride, ER examination, and some imaging.
Just like email phishing educating the public is very laborious but it is the ultimate solution. There will still be a few people who fall for scams no matter how extensive the PSA campaigns.
The problem is, education alone won't help. Dementia, alzheimer's etc. are horrible, and ffs even experts on scams can get scammed like one of the scambaiter Youtubers (iirc Jim Browning?).
You need to fix scams at the source: sanction India and other countries until they kick up efforts to neutralize scammers, and replace insecure systems like SSN.
It’s dangerous to draw lines. Where should we draw the age line? 80? 70? 60? I know people in their 70s with better cognitive abilities than the average middle age person.
In that case, let’s ask for cognitive tests to gain the right to vote! Unfortunately there will be people who will never be capable of passing the test even during their 20s or 30s.
Those who cannot pass the test could be less capable thanks to the environment (poor neighborhoods, poor education, bad childhood, missing one or two parents, exposed to toxic chemicals during pregnancy) or simply less lucky in the genetic side.
Are we ready to take away the right to vote from old people even if they are more capable than you and me? If not, are we ready to take away the right to vote from less privileged people?
I'm much much less concerned about senior citizens casting their vote than I am about the number of people that get their "news" from opinion shows under the banner of news programming. Doesn't matter the network, but if you're providing opinions, a giant opaque 288pt Impact font overlay of the word OPINION should be mandated to be on the screen. As long as people are duped into thinking opinions are news, we're never going to get a better electorate.
It is not just Americans who affected by these scams. It is also Indian elderly population too who are affected by these scams. I think Indian authorities are very slow to react to these issues because police dont really understand the impact these calls make. Also they are paid off and are often of part of the mafia that runs them. My parent's friends have also been scammed. The Netflix series "Jamtara" really shows how intertwined these scams are with political system. The intent of these mafia and political groups is purely money and there is anti American sentiment that drives them.
Exactly. At one level, the Indian political system is a politician-criminal nexus. The politicians are supported by money flowing in from shady systems, the politicians allow shady systems to run and use the money to win elections. Rinse and repeat.
Then there are some variations of these - e.g. the politician and criminal is the same person or in the same family, the criminal also does some legit work, the criminal does mostly legit work and lot of it is goverment projects or projects running on tax money (which are done badly or subcontracted and money flows back partly as kick-backs).
This cycle is hard to break unless some serious reforms are brought it, but then why would the politicians break the very system which brings them so much power and money.
They wouldn’t break the system because it’s one of the few systems that works in that country (I’m taking a amoral stance here).
Even the “good” systems don’t work, like water, electricity, or traffic/transportation. So whatever, I can see why they are okay with a “bad” but working system.
It's mind-boggling that the United States allows this kind of thing to happen.
In the EU I get maybe one spam call every couple of months. From the stories you hear from Americans on HN, Americans get multiple spam/scam calls a day, and the vast majority of their inbound calls are spam/scams.
What is going wrong in the US that isn't going wrong in the EU? Language barrier? Regulatory capture?
The US just has large number of people in one country code who mostly speak English, have high incomes, a uniform retail landscape ("go to CVS and get a Google Play card" works everywhere), and an abundance of options for telephony.
It's not like Indian scammers are beholden to EU law but not US law.
We also have policy problems. As previous commenters with experience in the industry point out, this problem is easy to solve. It’s not a technical problem, it’s a policy problem.
It’s not an ideals problem. Even very conservative economists would agree that there exists a negative externality in the transaction between the call center and the telecom company on the person being called where there should be some cost on the transaction to account for that externality.
So, it’s not even a conservative liberal thing (intentionally not using party names as those names may not reflect conservative or liberal ideals). It’s a policy problem. Write your member of congress.
I'm replying to someone who says the EU is too diverse for it to be worth spammers' effort. If it's worth their time to spam people with northern California area codes in Chinese that makes no sense. Calling people in Germany in German, for example, would be much more reliable.
Here in NL, however, it does seem like scammers are occasionally taking advantage of the comparatively high English proficiency and are trying to scam people in English - this one was doing the rounds for a while: https://www.fraudehelpdesk.nl/alert/engels-telefoontje-namen...
I'm confused by this. Huge parts of Germany (and maybe Greece) are English speaking. In Berlin you hear more English than German being spoken on the street. Denmark and Holland seem to have high numbers of English speakers as well.
I think several other countries conduct a lot of business in English, but I haven't spent enough time in Europe to know this for sure.
> This thread makes me wonder if Americans have such info (whether a call is a likely spam) automatically pop up when receiving text or calls.
We do have that, but it probably depends on the carrier and the type of phone you have. On my iPhone with Verizon, there's a setting to "Silence Junk Callers", in which "calls identified by Verizon as potential spam or fraud will be silenced, automatically sent to voicemail, and displayed on the Recents list."
It's not perfect, though, and I still get a ton of spam calls. As a rule I almost never answer the phone if I don't recognize the number.
we do have that info (perhaps presentation of such depends on phone software of course).
almost all my inbound calls are spam, in the united states. when i've listened to voicemails left, they even have native north american accented people reading the prerecorded scripts, so there's deep roots to the depravity that cross country borders.
> This thread makes me wonder if Americans have such info (whether a call is a likely spam) automatically pop up when receiving text or calls.
Yes, of course we do. Verizon and T-Mobile, at the very least, mark calls as "likely spam" reliably. Can't speak for any carriers as I've not been a customer of theirs for some time.
1. It was introduced only within the last couple of years, even though spam calls have been happening for much longer than that
2. A bunch of calls escape the “spam likely” designation even though I’m on one of the major carriers
So I’d say although we have it, it’s not nearly as reliable as I’d expect it to be.
In Germany scam calls often come from callcenters in Turkey. There is a huge quantity of people who speak both Turkish and German quite well and a small portion of them who for some reason or other reside in Turkey now participate in scam operations.
Turkey doesn't have much interest in stopping this. One could argue they have quite a few bigger problems, crime related or not, to try and shut down a source of foreign currency. Same as India.
Certainly most of my inbound calls in Ireland are scam calls. Not sure this is solved EU-wide, maybe just in your specific EU country?
As far as I know the solution is to require more anti-spoofing techniques (e.g. SHAKEN/STIR) for caller ID and then cut off the carriers who don't provide that, plus the carrier providing the numbers enforcing stronger terms on their users.
The only anti spoofing technique that works for me is restricting calls to people in my contacts. It’s a bit of a pain with transactional things, but (at least in the US) it seems we’re long past the days where you could just call someone with no warning. I usually get a text or IM first now.
Would you ever expect a legitimate call from your bank / government / business to be in English? Particularly English with a strong Indian accent?
I think the US gets targeted mostly because of language. Indians learn English in school and it's not uncommon for a legitimate call in the US to come from someone with a strong accent.
A couple of items to our advantage: there are quite a few carriers here but only very few of those have physical infrastructure and those tend to have strong political connections. They are tied in with LE and AIVD at the operations level and have excellent security departments and a reputation to uphold. Then there is the willingness of the local authorities to put time into this, and publicize when they nab some of these scammers. And finally, NL is a small market with a weird little language that isn't spoken much outside of our borders. (South African doesn't count ;) ).
Well. The UK is not immune to spam calls. Here is a YouTube video of hacker going after a call centre that was targeting the UK. They were making millions of dollars per year.
Same reason the U.S. allows all other sorts of privacy invasion like the White-Pages-like search sites that will gladly share ( for free ) your past 11 something U.S. mailing addresses you've resided at, the names, ages & addresses of your family members & a whole host of other information ( you may have to pay for this bit ). All you need is someone's First & Last name. Even the U.S. state is not really needed.
The reason being someone is reaping massive benefits from whatever loophole allows for this kind of data collection & is shoring up initiatives so that loophole isn't plugged.
Now try the same search with a U.K. resident or E.U. resident you know of. I'd say you will have a markedly tougher time gaining access to similar information, with just a few clicks & without ever pulling out your credit card. I have no clue if U.K. is similarly compromised off late but a few years ago ( prior to Brexit ) it was not the case.
i get plenty of sms though. very annoying to get it to stop. you can reply STOP or whatever they suggest to reply to stop the messages but it doesn't seem to do anything.
As with replying "unsubscribe" to spam messages, replying with "stop" to spam texts may just notify the senders that your email account is still active and being read by a human. If it's not from a legit organization which will actually respect your "stop/unsubscribe," just delete the message and don't reply at all.
When I worked in telefony abuse, like this, was pretty hard to track because of all the middlemen involved. They'd have phone banks with multiple phone numbers that they'd lease from providers in India who worked with them to rotate through outbound numbers. India doesn't allow Americans telefony companies, much less voip (in order to provide these telefony companies business), so looking at India from a telefony perspective is much like looking at several black boxes.
Tldr; because of India's policies the country of India has to do something about it. Much like Chinese knockoffs and IP theft.
What would happen if the American companies just started playing hardball? For example, what if they required that contracts with foreign telephone companies had a fee based on scams detected as coming through and just refused to work with any company that wouldn't agree to those terms? I have no idea if that exact idea would make sense or even be possible to implement, but my thinking is that in many cases the American companies might be able to afford to lose the business more than their international partners, so playing a game of chicken might be worthwhile. In other words, just because American telecoms might not be able to do anything from a technical perspective doesn't mean that they don't have social or business pressure they could apply if they actually wanted to solve the problem. Ultimately, it seems like the American companies haven't done anything because they don't really have any business incentive to; as long as they aren't held culpable legally and don't lose sales due to the PR hit, trying to use their influence to solve this is purely a risk from a financial perspective.
I don't at all subscribe to the Friedman perspective that businesses are ethically obligated to maximize profits at the expense of literally everything else, but I do think that it's a reasonable description of the way businesses trend toward acting; an entity structurally designed for making profits will inevitably end up acting in a way that only considers that measure unless the incentives are changed, which is precisely why we _do_ need to regulate things to curtail business behavior that's a net bad for society as a whole by making it unprofitable, whether that's through direct fines or making business liable either civilly or criminally for their actions.
The form of hardball (that I'm aware of) would be blacklisting providers, which means good faith people get blocked along with bad faith people. That'd limit a lot of people from the US communicating back to India. It would be possible to block inbound but not outbound calls though, I believe.
I may be too cynical, but I can't help but assume that none of them will actually follow through with this unless/until someone gets actually sanctioned for not doing this in a significant way (i.e. something that costs them more than they make from not doing so).
I suppose it's not that easy. They can use international VOIP providers to route their calls, maybe even run their own, rotating the numbers they use and disguising the actual origin. If that wouldn't work you could probably hire people in other countries to put some agent software on something like a smart phone and use these.
It is that easy. Regardless of what convoluted setup they're using, at some point those calls need to get to the US-based carrier. That is where they can be blocked. The carrier can simply say "we'll stop peering with you if more than 10% of your calls are spam" and the upstream carriers will have to clean up their act (better screen their customers or implement similar terms) or be cut off from being able to reach the US.
The problem is that the US carrier gets paid for terminating the call, regardless of whether it's spam or not. Why would they kill the golden goose?
That works until you land in a situation where the calls are coming from a carrier who can't (or won't) do enough about it, but the carrier has enough legitimate traffic that it will annoy many of your customers to just shut them out. Remember: All the actual companies or carriers you can identify have nothing to do with the actual scammers. They are intermediaries and the scammers will hide between legitimate calls in one way or other.
The problem is bad enough that a us customer might pay extra to not receive those calls. So maybe the phone company can profit off of a service to solve the problem.
You can call Indian industrial-scale criminal scam operations strategic centers deployed against US , if that helps victims get back their money and justice.
These days whenever I hear Indian voice, I just reject call. They way they target grandparents is surreal. One day they told my my friends parents that their children is in accident and they have to pay in gift cards. It is so distressing to elderly people.
US must take strict actions and call out India publicly. Elderly people are weak, education isn't going to solve the scam problem. Scammers must be punished harsly. They erode the trust in system.
Also, Indian government is not doing anything. In many places like Kolkata, scammers can get away easily by bribing police. Our phone are being redirected to India, and they can abuse our phone number. I wish, the US government passes strict rules and regulations to keep these scammers in check.
Telco's could put a stop to this if they really wanted to. Start with disabling number spoofing for international calls, if the number presented isn't in the country of origin then reject the connection request. Another choke point is the gift card system.
There’s a common scam on FaceBook Marketplace for sellers. They contact you and are interested in buying what you have. Once they have your phone number they send a google verification code and ask you to send it back to verify each other.
The goal is to setup a US google voice number to abuse later.
I experienced this, but am tech literate, so did not reveal pin.
But I had wrongly assumed that Facebook marketplace would experience less scam than craigslist because verified users would be their competitive advantage
It’s bonkers to me that gift cards are so readily available to enable these scams. There’s no way the gift card providers (Target, etc.) don’t know about this, but they go out of their way to make it as easy as possible and make sure there is zero support available for scams.
It’s so infuriating. I know people who have lost hundreds of dollars to people impersonating US Social Security and immigration officers. The gift card providers do not care. The impersonated government agencies do not care. The local police do not care. The phone companies do not care. There is total and utter impunity for everyone perpetrating and enabling these scams.
Every store I've been in within the past couple of years has had warnings posted everywhere not to buy gift cards and read the codes to unknown people over the phone.
I'm not sure if there's an alternative, since I'd seriously rather not ID be required to buy or use a gift card.
Consider that many victims might be new to the language, new to the country, and know very little about the culture except that they absolutely must immediately and carefully comply with all instructions from US immigration regardless of how arcane and bizarre.
And as far as making gift cards safer, shouldn’t that be the responsibility of the gift card providers, not to mention regulators tasked with consumer safety? Why is it that the scammers seem to ask for gift cards rather than, say, banking details? (I’m sure there’s also some banking scams, but I have a feeling there’s non-zero recourse for victims in those cases.)
If it truly is somehow impossible to make gift cards safe to use, then I’m convinced society could survive without them. But I doubt it’s impossible. I suspect gift providers deliberately go out of their way to make sure victims have no recourse.
It can be very easy, depending on your comfort with breaking existing systems. Disable all inbound international calling and you no longer have a problem. That would remove 99% of spam and would have zero negative impact to 99% of individuals who receive calls.
Of course, businesses with a lot of money care about use cases in that last 1%.
A carrier could probably do that, individuals could not. The challenge is that caller ID is generally kinda like your email display name: It doesn't mean anything. The important part, which STIR/SHAKEN is adding verification requirements to, is what telcos are actually involved in the exchange.
I'd love a setting I could flip to disable inbound voice calls from any carrier that isn't like... Verizon, AT&T, T-Mobile, and Comcast.
Can't they implement DKIM, SPF etc. like system? Not aware of technical reality of Telcos but international number spoofing should be easily solvable as billing is done through the origin location
It's still in the early days of even deploying signing. Telcos are dragging their feet asking for exemptions and delays. Once virtually all calls are signed, then there has to be agreement on when to block unsigned traffic, and finally whack a mole with banning spammers and KYC to keep them banned.
Yes, that's exactly what STIR/SHAKEN does - in theory. In practice, like most complex systems, mandating a change like this requires software and hardware upgrades and compatibility testing, all of which takes time. The FCC tracks >10k telcos and providers. Last time I checked, only a quarter of the companies had fully implemented STIR/SHAKEN since the deadline and the FCC has recently started enforcement action on telcos that have ignored it. There is some evidence it has reduced spoofed calls, but just like email, the scammers have also moved to adapt their techniques.
You tackle these things one-obstacle-at-the-time. Telco's are borderline complicit in this today, they don't have to be. Note that in some countries these scams are far more prevalent than in others, they'll go for the low hanging fruit first just like any other business. Make it harder and definitely there will be a response and then you aim to tackle that one. Shipping a SIM box would already be much more work than just changing a number in a database. Require that a phone number is used in the country of origin before you allow it to roam is another step in that process and so on. Rome wasn't built in a day and I'm sure that getting rid of this problem is going to be a series of steps.
But as long as telcos willingly cooperate and allow remote call centers to basically pick any number in the locality of the recipient even though that number is not currently roaming in India they are making things much worse.
> Note that in some countries these scams are far more prevalent than in others, they'll go for the low hanging fruit first just like any other business
The reason for this is language barriers, it's not some countries doing things better than others.
> Shipping a SIM box would already be much more work than just changing a number in a database
They don't even actually need to ship one, there are thousands of them operational already. This is a massive industry.
Even if you cracked down hard on SIM boxes, the scammers will just purchase routing from botnets. This won't really impact their costs, and will be essentially impossible to take any meaningful action against.
Yes, but that would at least put them at the same level as burner phones with a physical presence required in the target country (or close to it).
Anyway, since you are willing to shoot down each and every suggestion in this thread short of rolling over and accepting the damage how would you tackle it?
Can you give a single example of similar fraud being successfully tackled? Not just the scammers being caught, but the entire scam being rendered unprofitable.
European authorities haven't managed to do anything about the car selling scams Romanians have been running for decades now. Nobody has managed to do anything about the Nigerian prince scams. BEC with truly shitty phishing pages keeps on growing and growing.
The best bet would be for US authorities to force India to crack down on these activities and prevent these scams from operating at an industrial scale.
The actions you propose would work well to address lower return activities, such as marketing robocalls. They can not work to address high-return scams.
If we can make it harder to run a scam call business by changing things on our end, and these changes do not impede non-fraudulent use, why not go for it?
I don’t see why you’re pushing so hard against this line of reasoning, I guess. You’re making it sound like a hopeless endeavor to even try, in a “don’t lock your doors because thieves will just use lock picks” kind of way.
> If we can make it harder to run a scam call business by changing things on our end
How much harder? If your changes increase the telephony costs of a scam call centre from 0.001% of revenue to 0.002%, you have not actually made their operations harder.
> and these changes do not impede non-fraudulent use, why not go for it?
> Can you give a single example of similar fraud being successfully tackled?
Plenty of such cases here locally. Your point about the language barrier is on the money though, I never really gave that much thought but the number of Dutch speakers in India is most likely so low and the market so small that it isn't worth a massive campaign to them. Especially not if there are millions of gullible people in markets that are more accessible to them.
As for forcing Indian authorities: I've seen up close how corrupt things are there and I have very little hope that that would be a viable avenue to resolution of this problem.
I'd be super curious to hear about any local success stories.
>As for forcing Indian authorities: I've seen up close how corrupt things are there and I have very little hope that that would be a viable avenue to resolution of this problem.
Then you're left with education. These scams are very profitable and can easily afford resistance from telcos and banks.
Most of these scammers already have physical presence in the US. I feel the solution is probably to be found in more policing and prosecution than in creating tiny obstacles.
There's no reason consumer SIMs should be able to call more than N distinct numbers in any 24h period. You can implement reasonable rate limits to prevent abuse.
However, even if we assume that SIM boxes are a magic solution to carrier interventions, that still raises the cost from the current status-quo. Implement enough of these barriers and the entire scam operation becomes unprofitable and no longer worthwhile.
The difference between this and cooking/toasting bread is that your bread-making activities have no way to negatively affect someone else - we don't have an epidemic of spammers paying people to bake "underground bread" in their homes.
Of course, an override should be provided - the restriction should be relaxed over time once the account is established for a long time without any complaints.
What you are describing is already done by carriers in countries with high sim box usage. (Basically, it costs ~$0.01/min to make a local call in Nigeria but $0.25/min to make an international call to Nigeria so people there set up SIM boxes and Asterisk to terminate calls locally and profit the difference between these rates. The reason it costs $0.25/min to call the official way is due to many governments taxing incoming international calls because they see it as an easy way to raise revenue at other people's expense). But anyways, because governments don't like this kind of arbitrage, they force carriers to add detection mechanisms. So they check for high ratio of outbound to incoming calls, high amount of distinct phone numbers called, 24/7 usage patterns, etc. Except Africa is still losing a few billion dollars a year to this kind of toll bypass because it is still massively profitable (see https://en.antrax.mobi/request-pricing/ for example) and these changes just require them to rotate sim cards slightly more often. Essentially what I am saying is that unless you can reduce the fraudsters' margin by a substantial amount you are wasting your time.
> Ther is no reason a consumer oven should cook more than 5 meals a day. There is no reason a consumer toasteer should toast mpre than 10 times a day.
Consumer ≠ business/commercial. A home oven (or toaster, fryer etc) isn't made for such use, a commercial one is. You should really spend the monies in commercial gear if you're gonna feed such hordes of people.
Similar thing with SIM cards. Why would a normal person be making 100+ calls a day on a simple, personal line? That's clearly commercial use and as such, it oughta be regulated somehow.
And what do you propose would be such a reasonable rate limit?
>However, even if we assume that SIM boxes are a magic solution to carrier interventions, that still raises the cost from the current status-quo. Implement enough of these barriers and the entire scam operation becomes unprofitable and no longer worthwhile.
Why do you assume that the call routing is a meaningful cost to these operations? For all we know they spend less than 0.01% of their revenue on call routing.
Using SIM boxes is already standard practice, sketchy VOIP providers and SMS spammers have been doing for years because it is cheaper to do this than to pay for legitimate routing.
Just put something along the lines of "sim box grey route" into Google and you'll find loads of relevant industry materials.
Besides, you're drastically moving the goalposts here. We went from "could put a stop to this" to minor obstacles.
I think the subtext is that given valid caller IDs, then block lists can be made. The US FTC might manage them like it does the do-not-call lists, or the perhaps the US Attorney's office, after some criminal complaints.
Ideally, the telco would implement these block lists, but also ideally, they could be traded around like web ad block lists for individuals to load on their phones.
I think we all know scam calls are a serious source of revenue for carriers, so they will need to be led to this conclusion by force.
None of that happy future would come without true caller id, thus the resistence from carriers to fixing spoofing.
Logically, there must be enough benefit for them carrying spoofed robocalls to risk regulatory attention AND driving away all their voice revenue. Many people have stopped answering their phones altogether since voice calls became unusable.
Enough minor inconveniences and the barrier to entry will go up, this will favor the larger players but those you can then go after with other means. It's never going to be a one-stop solution.
Ideally there would be a warning that a call does not originate locally, routing the call through a local representative would generate yet another signal that you might be able to close off, including the possibility to declare the possession or hosting of certain gear illegal. You'd have to maybe do some pattern matching to spot problematic numbers and/or have a place to report them easily.
If the will was really there I'm pretty sure this problem could be tackled.
> If the will was really there I'm pretty sure this problem could be tackled.
Probably, but not with any of your proposed methods. I have talked with some SMS spammers and none of what you proposed would affect them. And for SMS spammers these inconveniences are a much bigger part of the cost of doing operations than for a company which needs to have employees in a call center. They have to spend a lot of money on buying new SIM cards as old ones get blocked.
SMS spammers could be tackled with a couple of regexps if the will was there. The fact that these scams still work is a sign to me that there simply is no will to tackle any of this at the telco level. They know exactly what is going on.
There is already keyword filtering. Try using the word "election" in SMS at a certain time of year. A certain US political party complained about this. E2EE is not compatible with content based filtering.
Lots of telcos are doing exactly this, doesn't really work very well. The spammers just switch to more generic messages you can't realistically filter out.
Yeah, and this is almost the bottom of the food chain, the only people below crimemarket are those too dumb to use internet forums.
Anyone can easily buy European bank accounts opened with fake IDs, or money laundering services where you're provided an IBAN and receive a % of the money sent there to your cryptocurrency wallet.
Want a fake passport good enough to travel with? No problem, will just run you a 1000 euros.
Edit: I was thinking of a totally different gift card scam. Whoops
Gift cards should require some amount of destruction in order to get to the actual barcode… something to make tampering obvious.
The same way clothes have a little ink exploder the clerk removes… just a quick easy step that is destructive to the packaging… but still presentable when you give it to someone
Nothing can stop that. The goal is lowering the victims / profit. How to do that, that's the question. It comes to no surprise to me poor countries (with bribed police force) try to scam rich ones.
Gift cards don’t have a value until you purchase them, the package is meaningless. The barcode is scanned and the value is added when the transaction is completed.
They already do? Usually I see gift cards packaged in a sealed paper envelope that and the redemption code itself is covered up with tamper evident paint.
I had to instruct my elderly father to do the same -- any kind of accent and he hangs up. He got scammed by one of these people in 2018 or so -- he gave the person his debit card number over the phone to remove malware on his computer while I was out on a super-long run. Luckily he couldn't remember his PIN, and his bank was great at blocking the charge. There's a special place in hell for these animals who prey on old people.
These days I’d recommend just not answering any unrecognized number. If they’re waiting for a call for some specific reason, they can look at voicemail transcripts to see if it’s the call they were expecting and call back. Otherwise it’s best to ignore any incoming calls. Anything truly important won’t use a phone call as the only contact method.
You'd think India would be on top of this and come down hard. If folks just start associating Indian accents as 'scammers', businesses abroad that currently rely on outsourcing support and other services are going to eventually have to pull out. You can't run effective customer support if the customer assumes you're a bad actor just because of your voice and hangs up.
I’m not sure businesses care. Everyone I know associates Indian accent with either scam or useless call center rep who can’t actually see the account or help in any way. India is often given the informational customer service, and only Americans can make account changes. Or someone not in India at any rate.
And it's not just the accent. The popular guidance on /r/scams is that if an email uses the word "kindly" where a native English speaker would say "please", it is vastly more likely than not that it is a scam.
Unfortunately, that use of that word is popular among Indians, but any half-measure guidance leaves room for an already susceptible mark to convince themselves that maybe this email is not a scam.
These are people who don’t have accents but good job prejudicing your father against a whole group of people while not actually protecting him from scams.
I’m worried what will happen when deepfaked voices improve to the point that you can get a realistic impression with only a very small training set. Imagine receiving a phone call in the voice of a family member telling you that they’re in serious trouble.
I once got a spear phishing call from a scammer claiming to be the CEO of the company I work for. Even though I barely know the CEO, the phrases he was using was obviously wrong.
I'd imagine that's even more obvious for any family member. If a family member calls from any number that's not their number, my first question will be an honest "How the heck did you remember my phone number?"
The answer? A scam call answering AI bot which engages with the scammer (or the scammer AI bot) and wastes as much of their time and international call fees as possible without giving them a valid bank account or gift card number, Kitboga[1]-style. As soon as you detect the call is coming from a scammer, you push a button and your phone takes it over from there.
Eventually we'll just have a network of AI scambots calling up AI scambaiters and having completely useless conversations in synthesized English with each other for hours upon hours and nobody will remember why.
On a personal level I keep a referee's whistle handy in case I'm talking to a scammer live. They are usually wearing headsets and any damage I can do to their hearing with that may save an old persons savings in the following few minutes. Best technique is to speak softly so they turn their volume up then let rip on the whistle
Thankfully that’s still easy enough to spot - it sounds like a better version of those early speech synthesizers we played around with as kids in the nineties - but I can see the elderly having trouble distinguishing it from a real voice.
Make sure your voicemail provides a verbal escalation path for a loved one who needs to reach you from an unknown number (first responder, jail, hospital, etc).
They can leave a message or text. I have been doing this for years as this is the only way to be able to use a phone line without getting crazy. If your number is not in my phonebook you go to my voicemail.
That is a cost I will accept. I used to get about 3 robocalls per day, or 1000 robocalls for every legitimate unknown caller. There is a fundamental tradeoff between optimizing for minimizing false positives or false negatives.
Maybe they should have sent an FBI liaison earlier. Or maybe they should consider appointing an ambassador to India, 2 years into the new administration.
My grandmother got hit with one of these, she has a weak heart and was in severe mental distress all day because she couldn't get ahold of me to confirm what the scammers were telling her.
I try not to judge others, but what monster can do this for a living?
If someone is being told that yadda yadda (story doesn't matter) and they have to pay in gift cards, and they seriously believe that, then surely education seems to be the right fix.
Your intention might very well be good but this is very bad advice, please do not install Truecaller! This app is a privacy nightmare. From accessing your phonebook/contact info to location, it has been known to be responsible for leaking information of journalists and for storing user data without consent.
> While TrueCaller may have laudable intentions, the privacy implications for people who end up in their database raise concerns. When a number is tagged, the person who is tagged ends up having their name and phone number stored on the TrueCaller database, despite not having consented – or even being aware – that their data was collected.
My experience with Trucaller is that it does just about nothing. I suspect that by the time a number has been marked as spam, the offender has already switched to a new number. I wouldn’t be surprised to learn that scammers were monitoring Trucaller and it’s ilk to determine when to change numbers.
The basic problem is that in highly un-regulated & legalistic economy & polity like the United States, failures such as these are not easily corrected especially where everyone except the weak make money. Everyone who could stop this is making money, the telco operators, amazon, the banks and everyone is weighing the cost of taking any legal or other action and is maximizing their own gain... nobody is really looking to is this socially good.
Contrast this with how the Singapore government in a similarly highly capitalist economy dealt with this - basically telling banks - "you'd better make good the consumers & deal with your holes or else"
https://www.channelnewsasia.com/singapore/mas-will-consider-...
In many ways in domain after domain, US nowadays seems to act as the "economic proving ground of the world" where lax regulation allows a million ideas to flourish. Then folks in other parts of the world seem to take the best winning ideas, figure out how to make it work in a socially & governmentally acceptable way in other parts of the world and out-compete the US originators (eg. how Uber, Lyft, Amazon, US based social media firms have effectively been pushed out of dominance in Asia)
Consideration needs to be made when thinking that a policy which works in Singapore, one of the smallest countries in the world by area and one with a strong tradition of rather strict governance in the modern era, can be applied to vastly larger ones with some pretense of respect of constitutional civil rights and a history of distrust of strong government.
I once had an issue with Microsoft at work and had to get MS support to help me. They literally called me on the landline and asked for remote control of my computer. It was totally legit.
Still I felt uncomfortable and asked for a Teams session with screensharing instead (and not remote access), but this 'was not possible'.
So, how are people to distinguish between 'fake' calls and real ones if companies still use such shitty techniques?
OK, looks like "microsoftsupport.com" is taken, but GoDaddy is happy to offer me alternatives like microsoftsupport.app, microsoftsupport.site, microsoftsupport.tv, or microsoftsupport.uk that should work equally well for scam purposes. Or microsoftpcsupport.com is available, if a ".com" is particularly desirable.
Doesn't Microsoft use a thousand different domains, most of which look sketchy?
What if you receive an email from microsofts-support@live.com? Could you immediately tell that it is not legitimate compared to, e.g. contact@microsoftsupport.com?
Until last year, I was completely unaware of this problem. I made a stupid, stupid mistake - registered a .us TLD using “Google Domains” - within minutes of registration, the calls started. Some Indian voice offering website construction, ios app, android app, tech support, on & on…over 100 calls in a single week! Used call block but they kept coming. They switch numbers and send 1000s of text messages - neverending spam. I wrote to Google support and they pointed to the fineprint - cannot enable privacy on .us tld ! So the phone number will remain public. Calls kept coming. Over 1000 calls! Finally bit the bullet and changed my phone number. Will never ever buy anything from google domains. I sure hope the FTC goes after these spammers and the telcos who enable this sort of behavior.
I learned this the hard way too. Not with Google domains, but another registrar. I was getting dozens of calls a day from Indian voices proposing to create a website for me. Switched the WHOIS data to private and that slowed it down but didn't stop it. This was two years ago and I'm still getting about one call a day. I've since learned there are caching services for WHOIS data that will sell you historical contact data. Obviously the Indian fraudsters are using these services.
The days of friendly WHOIS are over. Never register a domain without setting the privacy flag.
That sounds like a nightmare, but I wouldn't let that experience sour your opinion of Google Domains.
I actively avoid Google products, but Google Domains is an exception. They make limited upsell appeals, their pricing is straight forward, and if it's available, they include privacy protection with the annual cost.
And they are clear about the lack of privacy protection for .us domains. This text appears when checking out: "Privacy protection is not supported for .US domains."
I've also had a run-in with "the Indian tech support". Weird thing is that when the guy on the other end realized I was running Linux and just messing with him, he became incredibly rude and cursed at me. Told me to "put fingers up my butt" and that I was a horrible person for wasting his time... Surreal almost.
The calls is one aspect, how they get money out is another. The gift card business needs some revamping. It should not be so easy to transfer billions every year with no accountability.
It just marks all of their posts dead. If you have showdead:on set then you can see them, and choose to vouch for individual posts if they add value to the conversation.
Another giveaway is an extra pause before they start talking. This is call software that lets them dial a bunch of numbers at once until someone answers and it switches the person that answered over to an available headset.
If you answer and say hello and there's an extra second just hang up. They'll call back if it is important.
There’s also a very distinct “bloop” sound from their phone system, I assume it’s the sound of “connecting” you to their conference. Honestly, that is a 100% signal of a scam call that would be trivial to detect en masse in an automated system.
I honestly just literally never answer the phone unless its already in my contacts. If it's so important, they'll leave a message.
If the message mentions anything about stupid stuff like tax fraud/social security number its just immediately deleted, you'd 99% of the time receive official mail for anything about these items.
This is my advice to my parents now, who sometimes get anxious over the disgracefully manipulative bait these scammers deploy.
"If it's an Indian, hang up."
If there's a legitimate need to get in touch, they will find another way. My (naive) hope is that this might also discourage offshoring and/or reward companies employing Americans, if enough people do likewise.
To temper the potential for anti-indian rhetoric, US authorities work side by side with local Indian authorities to shut these down.
Mark Rober has a few videos dedicated to going after several of these scam call centers, and most recently 3 major ones were shut down and their owners arrested.
They could also stop civil asset forfeiture - in 2014 that surpassed burglary in the US as the top form of theft by value. Without being charged or convicted of any crime police can take cash and property, which can then be sold for funding. The case is brought against the property instead of the individual, and then to get it back they have to prove the innocence that it wasn't used in a crime, rather than the state having to prove that it was.
Somehow they still manage to write people a lot of tickets, something that generates revenue for the police, and steal the money of legal marijuana businesses, something else that generates revenue for the police.
There are no consequences to the police for ignoring the parts of the job that do not directly generate revenue for the police.
This is not an overarching problem with "the criminal justice system" other than the fact that the police almost everywhere in the US have a culture of graft and rentseeking, and won't do anything if there isn't money or press involved.
I'm sorry but suggesting Mark Rober is helping to stop the scamming industry in India is like helping Ukraine by adding sprinkles to a cupcake at an elementary school bake sale.
"Anti-Indian rhetoric"? The scams literally originate in India, and are masterminded by Indians. Further, the police are often paid off and rarely do anything about it. When enough fuss is caused about one or two they stop them and then another two crop up somewhere else. If you study the history of organized crime, especially in America, this mirrors the Italian mob once they got control of the police. This is organized crime perpetrated specifically against one nation (at scale) and should be treated as such.
Different replier - no but they're incompetently handling the problem because these call centers haven't seemed to pop up elsewhere
Now before you say "well India has high English proficiency" countries like Nigeria, Kenya and the Philippines best India here with higher English proficiency and don't have the issue (Nigeria has a similar email one of course) They're quite a bit poorer as well.
There's some major policy failure here India needs to figure out. Of course they don't want rampant crime but everything points to how they're domestically handling that crime as the problem here.
Just live abroad for a bit and you'll notice a trend.
Here in Australia, I get maybe 4-5 Indian scam calls a week, compared to maybe one per year originating from anywhere else (Philippines, Eastern Europe).
These operations have to be sponsored by the state at this scale. At the bare minimum they're at least looking the other way.
My grandparents are the targets for this kind of scam, and when they call their bank they get an Indian customer service rep to discuss the situation with. Absolutely disgusting that the situation has been tolerated for so long.
> These operations have to be sponsored by the state at this scale. At the bare minimum they're at least looking the other way.
Its more like
1. They don't care
2. Those who care, don't have time to work on problems of Non-Citizens when the citizens are suffering too
India is a country of almost 1.4 Billion people. That is 1 Europe + 1 North America + around 200 Million people more (figures from google search, may not be accurate)
Indian law enforcement is archaic, understaffed, and riddled with corruption. They prefer to sit on their asses all day and collect paychecks rather than working. For the select few that actually work, they have all the local issues to deal with that comes with a population of that size. They simply do not have the time to work on things that are affecting someone on the other side of the planet.
And tbh I don't blame them for putting citizen's problems over non-citizens. Thats literally what every country would do.
> Indian law enforcement is archaic, understaffed, and riddled with corruption...And tbh I don't blame them for putting citizen's problems over non-citizens. Thats literally what every country would do.
Not to mention consistently and effectively prosecuting people for this sort of crime takes two sides of law enforcement to tango (the perpetrator of the crime may be in India, but the victim is in the United States, as is the local police report they file, the spoofed number and the first part of the telco chain that eventually ends up in a normal looking office in an Indian city). Sometimes a relevant Indian police department may get that information in a form which is useful to both shut down operations and punish the operators, but even if the Indian police were incorruptible, a model of efficiency and particularly hot on white collar crimes committed overseas, I'm not sure their US counterparts are providing so much information that scammers wouldn't feel they could get away with it often enough to try.
They’re state sponsored at the local level. Local law enforcement is underpaid and gets huge bribes from these call centers. At the national level India doesn’t have the law enforcement resources to stop it with local law enforcement working against them. It’s a mess.
To everyone suggesting to silence unknown callers, most of these scams come through email or text messages, and the victim is tricked into calling the scammer.
Best defense: don’t ever call a phone number you receive in a text or email message. Delete the message and look up your bank’s, Amazon’s, or PayPal’s phone number yourself through the company’s official web site.
Also, don’t get scared by messages about your finances…stay calm. The scammers count on you getting freaked out and doing something stupid.
Also caused me to completely miss an appliance delivery because the driver called me from his personal cell, I forgot I had "unknown callers" filtered, and he gave up when he couldn't reach me. Even though I get way more spam calls than legitimate calls, I realized that fully half of the legitimate calls I get are from numbers not in my contacts: delivery drivers, doctors offices, restaurants confirming reservations, etc. The collateral damage of this setting was worse than the scam calls for me.
Compromise solution --- send unknown callers directly to voice mail.
Or better yet, ask them to press a random number to connect the call --- before the phone will even ring or go to voice mail. This effectively weeds out most auto-dialers.
I have a Panasonic phone (connected to VOIP) that has this feature built in. It also has text to speech that reads the caller ID out loud. It's amazing how creative these hardware vendors have gotten now that their market is shrinking.
I have two kids, am self-employed (tutoring) in my community, and have many friends and acquaintances are over 40 (from church, for instance). Sending unknown numbers to voicemail has been completely fine in every case. I've never missed an urgent call that I couldn't call right back after I read the voicemail transcription.
By contrast, in December, I had these time-sensitive calls from unknown numbers: airline lost luggage delivery, Amazon delivery who couldn't get in, my kids' doctors, my pharmacy, someone from my accountant's firm, a bank rep, and a few organizations returning my call. December was a typical month, if a bit slow.
In theory, I could get a voicemail and then follow-up, but that would result in significant time wasted for both sides (e.g., calling doctors again or setting up re-delivery), and the total time I spent on dealing with spam calls is ~1 minute (5-10 seconds x 5-10 occurrences).
Exactly, that's why I love this feature. I don't even have to ignore the call, it just silently goes to VM.
Worth the occasional missed call IMO; I say on my VM msg if you are calling me and I don't know you leave a message otherwise your call will go to VM without ringing.
Snail mail is so overloaded with spam it might as well be the same.
The fact two fundamental and official mass communication channels are functionally useless is a sign of the rot in our country.
Email is teetering on the void. Chat is balkanized and siloed, same with social media, unlike telephony there is no source monopoly or tradition of cross standards.
Txt is the last bastion. It'll die in the next decade I'd guess.
1. Reading a message is low-obligation compared to answering a phone or taking physical mail out of a box.
2. A shorter message has less room to both contain a scam and a cover story. Necessarily, either the payload or the cover story or both are thinner in an SMS message than a scam email.
3. But most importantly, social customs around text messages conversations are different from phone etiquette: besides being unauthenticated, caller-id came after decades of being expected to answer the phone without knowing who was calling or why.
A stranger sending a legitimate but unexpected text message feels obligated to explain WTF they're contacting you. "You don't know me, but..." Scammers, on the other hand, are trying to bypass this. "Oh, you know me."
Tying into point #2, a low-data channel like an SMS conversation is a high-context interaction. Have you ever gone back and read old SMS conversations and noticed a difference between the richness of your memory of the interaction and the sparseness of what the text actually said?
(Google search results pull the quote, "Generally, high-context cultures prefer oral communications, while low-context cultures favor written communications." My thesis is the telephone is a technology that turns oral communication into a low-context activity, and SMS is a technology that turned textual communication into a high-context activity. It's not impossible but more difficult for untargeted scams to go unnoticed in a high context channel.)
> The fact two fundamental and official mass communication channels are functionally useless is a sign of the rot in our country.
It's a problem everywhere. This is what you get when you let the advertising industry operate unchecked. Scam calls and snail mail spam are just piggybacking on the fact that phone companies and postal services encourage and make money on telemarketing and mass marketing e-mails.
It's going to be hard to solve one without solving the other, as the difference between those scams and typical marketing communication is a matter of degree, not kind.
It is not a problem everywhere. I do not get snail mail spam or call spam in Germany. For post it was enough to put up a sticker that forbids advertisements. No idea really why call/sms spam isn't a problem.
I envy you. You're either incredibly lucky, or Germans are really law-abiding.
Here in Poland, the sticker that forbids advertisements does jack all. The post office might stop delivering spam, but most of the garbage in my mailbox comes from private individuals, hired by local companies, delivering the spam personally.
Call/SMS spam dropped somewhat thanks to GDPR, though I've experienced a uptick in the past few years, primarily driven by cryptocurrency scammers and fly-by-night companies selling photovoltaics. I do get an extra amount of phone spam, because I had a business and my phone number is listed in the business database.
Note that I do consider first-party (as in, from companies I have relationship with) cold calls as spam and scam too. Telcos in particular are notorious for scamming people - at this point, there is not much of a difference between scams discussed in this thread, and technically legal upsells and bullshitting done by my phone operator.
(They're not that better off-line, either. Only few weeks ago, a sales rep from a high-profile salon tried to scam my grandmother, by deceiving, manipulating, outright lying and using psychological pressure tactics, to get her to sign for a TV and Internet service she doesn't want or need. That happened physically, in the salon, when she went there to take over my late grandfader's phone contract.)
If it can be used to reach you and the cost of sending messages is low or zero, it will be destroyed by spam. I'm not sure anything can stop it, even serious dedicated police action and regulation.
Same problem with physical mail in the U.S. 99% of physical mail I get is commercial garbage, but I still have to sift through them since I don’t want to miss the remaining 1% from IRS.
They often call at dispatch time to ensure you’re there to accept delivery. They don’t want to drive out, only to have to return the appliance because nobody was home.
I’ve had several occurrences where a delivery person would get all the way to my house, park on my street, call my phone, and if I didn’t answer, just drive away. I don’t think it’s always about the mileage, sometimes the driver is just lazy and wants any excuse to not have to do their job.
(It’s happened with a package delivery, as well as a washing machine installation. In the latter case it was Home Depot, when I finally got ahold of them they said it was my fault for not answering the phone and that I had to reschedule for 2 weeks out, meanwhile I didn’t have a working washing machine. I cancelled the order instead, went to Lowe’s and had a washer in a few hours.)
Drivers I have had in the past just don't want to waste the mileage and gas if they can't guarantee that someone will be there, which to some extent I can understand even if it has caused me to miss delivery windows..
And emergency calls of various kinds etc. Fortunately it's not so bad for me that I'm willing to make myself harder to reach for legitimate, and possibly important, purposes.
Mobile phones just don't offer it by default --- the best most have is a "Do not disturb" setting.
There is a marketing opportunity here for some software developer --- lots of people would actually *pay* for a mobile app that could effectively weed out auto-dialers and/or selectively send only unknown callers directly to voice mail without ringing the phone.
Yes, he should have totally gone to the dispatch warehouse the day before and looked up the delivery driver schedule and called the delivery driver at home to let him know that when he delivers his appliance the next day, he should text instead of call if communication was required the next day.
Or even simpler, put on his Beam-a-Thought helmet and sent a message back in time directly into the noggins of every delivery driver at the warehouse.
I'm not convinced the solution to the problem "I'm not able to deliver this item because you're not answering the door or phone" is to expect delivery drivers to use asynchronous communication methods and plan their day around making deliveries when people that can't or won't respond immediately get around to replying.
I receive more spam SMS than scam calls too. Some of them are even asking me to provide information for the benefit of fake deliveries...
I use voicemail for that, I still get alerts for a new voicemail, and often the scam calls will just move on when there isn't an answer, or you can listen and it's pretty easy to tell if it's legitimate
I assume in the parent they still accept voicemails. I'm sure your partner would be aware of your policy of not picking up unknown numbers and think to leave a voicemail in this situation.
Is there any way to coerce the Indian government to take action on this?
Looking at YouTube videos where these scammers literally run corporate offices to steal from old and financially vulnerable people is heartbreaking.
My grandfather stopped answering his landline telephone because of these scumbags. Kitboga is a youtuber who winds scammers up and wastes their time, and is pretty righteous https://www.youtube.com/watch?v=HNziOoXDBeg
There's a whole cottage industry of scam baiters. Harvey Dentt, Rinona Poison, Scambait Central, Lenny the robot (much less active of late), and quite a few others.
Many of them use voice filters to sound elderly, or to change genders. It seems like a lot of the scammers are getting frustrated, constantly trying to figure out if you're Kitboga, etc.
A vital service that is educating the public while providing rich entertainment.
The rise in the random texts (which end up pushing investment scams) also originates in off shore call centers in Southeast Asia.
Often times they get migrant workers with promises of jobs, but then take their passport and force them into years of repaying for their relocation fees.
The title is incorrect. If you read the original article it is clear that $10B is all US online fraud together, not Indian call centers as Deccandherald.com writes
> The trend is persisting, with total money lost by Americans in all internet/call centre-related frauds in the last 11 months having been estimated at $10.2 billion, an increase of 47% against last year’s $6.9 billion.
All telcos in don't allow number spoofing. No matter what is your requirement. Indian telcos don't allow for number spoofing. The same rules must be implemented in every country, it's just ridiculous that in this day and age open robbery using telephone is still being allowed. Nobody should have that facility period. You must one number per customer no matter how many lines you take. The ability to change number should be next to impossible. Everything stops with this one change. Number spoofing must be stopped from all countries.
In BC we regularly get scams like missed delivery, order confirmation for something expensive, or your social insurance number will get cancelled. These are such an annoyance that I started making it into a game instead.
They mostly target the Chinese population, which in bc is quite large, and I'm assuming are ran from China. Each of the calls end with a "press 1 for English and 2 for Chinese". If you choose 1 the line hangs. If you choose 2 you get a Chinese person on the line. Sometimes the message is directly in Chinese and you need to guess the right key. I programmed some diatribe in Chinese in Google translate from my bookmarks toolbar.
Once in a while I get an Indian call center, mostly pretending to be Amazon with an order for an iPhone, which then veers into "someone stole your identity". If you reply with a younger voice, they hang. If I make an old person's voice, they stay with me. The more lost I sound, the harder the catch. I'm playing at keeping them on the line the longest time possible. It's fun cause they employ a few traps like asking for your birthdate then your age, or asking for some piece of information like your SIN a few times to validate you don't BS them. My backstory is getting better and better. It's kind of like beating a boss everytime you pass one.
Nowadays I'm excited when I receive one, because I get to play. But it's only a matter of time before my parents get trapped
I have a convenient heuristic which I imagine is quite common. I have a cell phone with an area code from where I purchased it, but I have since moved, so all my local calls come from a different area code.
Calls from my area code of residence are almost never spam, while calls from any other area code, and especially my phone's area code, are almost always spam.
Google does have a bunch of features for screening spam calls.
It can identify scammers' numbers (based on user reports). And the phone app will label the call as suspected spam.
There is also a setting to outright block incoming calls from numbers labeled as spammers.
Then there is call screening. The google bot will answer the call and ask questions that you select (like "who are you and why are you calling?"). You get a real time voice transcription of the answer so that you can decide to pick up if needed. But it's handy for spammers because they usually just hang up (or you get some half-transcripted text of a robocall message that was talking over the Google bot).
It doesn't solve the problem completely but it does help.
I believe both Android and iOS support SHAKEN/STIR, as long as your carrier supports it. On my phone, at least, I see Caller IDs tagged with "likely spam" if a check fails.
Samsung has their own proprietary thing i think [0].
But it is great, when someone calls and i don't have them in my address book they show me the name of them, for example the name of the doctor offices, companies etc. As you can see in the demo carousel on their page, it shows "SMART" next to it, which emphazises that this isn't a number in your contacts but fetched from the internet.
Or if they are likely spam, my whole display is red and i can immediately hang up.
Both Google Fi and T Mobile used to show up likely spam calls regularly and accurately, but sadly the only network with decent coverage where I live is AT&T, which does exactly as good a job of this as you’d expect AT&T to do.
I wonder if this is a rollout thing -- I had AT&T for years, and towards the end (about a year ago) I began receiving spam notices. But I was in one of their "primary" markets, so it's possible they rolled it out first here.
iOS will show a small checkmark near the phone number on incoming calls in the recent call list. Which is great AFTER the fact. I have not seen a way to identify signed callers in the actual “ringing” screen.
Our phone provider has a free service, Call Control, that’s completely eliminated scam calls. Callers get an automated message asking them to enter a random number. If they enter it correctly, my phone rings as usual. This system foils automated calling services, at least for now.
Most "legitimate" robocalls from a school or doctor's office are better off as SMS. Does an appointment reminder really need my immediate undivided attention? If it's not worth having an employee manually make the call it's probably not worth my time to answer.
Google had a perfect solution for this, Google Voice (formerly Grand Central). This amazing product was languishing for years due to the lack of attention on Google side. They don't let it die, but it doesn't look like they let it live, either. Shame, could be a total game changer.
Problem is that it seems every online site now wants your cell phone number as a sort of captcha these days. And they’ll either explicitly prohibit you or shadow ban you if you use a voip number, making google voice unusable for this use case. So… I guess a burner phone for everyone? So frustrating.
This is the last time you'll find me praise Google but the "Screen Call" button has been a godsend for me, I haven't had to talk to a scammer in years at this point. Nobody makes it past the first couple of words.
These scammers have become bolder. Recently the targets have been elderly Indians. My friends dad was scammed a few lakhs. Obviously no police complaint gonna work, they just gonna keep it on record. Hopefully the international outrage would push the authorities to do something about it.
Crazy idea: a red team for hire that tries to scam your relatives (but doesn’t actually go through with it). Seems like the most effective way to teach people what to look out for.
Best advice: don't have an area code that matches where you are. when you start getting calls from Houston (for example) you know it's spam/scam. But when you get calls from the area code you are actually in, it's legit.
Wasn't there a guy who was running an IRS scam who was caught, tried and convicted and will spend the rest of his life in a US supermax prison? And his children, who lived in the US, were stripped of their citizenship and deported. The universities where his children attended were threatened with receiving stolen property and forced to pay all tuition and fees back to the IRS. And of course their degrees were revoked.
“It may not be a national security concern yet, but the reputation (of a country) is involved, and we don’t want India to suffer on that count,” Daud told the publication.
To be fair, the person who made that statement is the FBI's legal attaché in New Delhi. One would expect a person in such a position to say something like that, to smooth relations with the host country.
But yes, I hope the perpetrators are brought to justice and the victims receive some kind of recompense.
> To be fair, the person who made that statement is the FBI's legal attaché in New Delhi. One would expect a person in such a position to say something like that, to smooth relations with the host country.
“It may not be a national security concern yet,” is actually a fairly ominous statement from an FBI official of any kind.
I have to preface this with saying that most Indians are decent people, and do not work at call centers scamming Americans. Within India, they deal with this type of phone crap on a level beyond what we do. There are some shady loan companies there that require you to upload your contacts list and harass every one of your contacts if you miss a payment.
Anyways, I'm all for insulting a call center scammer, and a rude comment about their mom, especially comparing them to a dog or something, will probably piss them off. Then if they overreact back, threaten to email their boss the call recording.
my wife almost fell for one because she needed to do an amazon return.
She Googled "Amazon support phone number" on her phone and the 2nd link had a 800 number but it was a site either legit or setup by scammers to review the phone number. She called it and figured someone was funny when they asked her to install an app on her phone.
I don't shop at Amazon if I can at all help it, so as someone unfamiliar with the return flow: this actually sounds expected. Telling the person you're trying to scam "It's a new feature not built into the main app yet" sounds totally believable, and almost expected for a digital-first company like Amazon. And if a legacy retailer said the same thing, I would consider them mildly slow and fragmented, not necessarily scamming me. "Scammer" wouldn't be the first thing to pop into my head.
Combined with how easy it is to get "support" from scammers instead of actual companies and high-pressure act-now tactics scammers use, and your wife was probably one of the few that caught on.
> Romance-related frauds and ‘tech support’ pop ups, originating largely from illegal call centres and phishing gangs in India, have caused losses of more than USD 3 billion... in the last two years alone. [1]
> Daud said the FBI’s website for reporting internet crimes (ic3.gov) have registered about 8.5 lakh complaints in 2021 with estimated losses of $6.9 billion, and over 7.8 lakh complaints in the 11 months of 2022, accounting for $10.2 billion in losses. The biggest losses are on account of investment ($3 billion), business email compromise ($2.4 billion), personal data breach ($1.2 billion), romance ($1 billion) and tech support ($781 million). [1]
A lot of comments here suggest the Indian government is complacent in these types of operations, but I don't really believe that's the case.
The Indian central government is a pretty small and unpowerful entity. Beyond securing the countries borders, and keeping the currency spinning, the government doesn't have the ability or power to do much more. They are not especially well funded (taxes are seen as especially unwelcome culturally) and staffed by tenured officials who cannot be fired and have no incentive to perform beyond the bare minimum. The relative unity and peace holding the country together is not the lousy government, but really more Indian culture sticking together.
Police are also seen as having some level of authority in the country, but realistically there's only 1 police for every 1,000 citizens (source: https://www.nytimes.com/2009/03/03/business/worldbusiness/03...) and the country is heavily heavily reliant on private security who are generally just villagers who are given a badge and rules to enforce.
Outside the big cities, government control is very limited. How else could the crop burning choking Delhi every winter continue?
So do these call centers operate with the blessing of the government? Probably not. Do they have to bribe police to operate? probably not. The government is probably unaware of scale of the problem, the police have their hands full taking care of their own people, and the American government wouldn't dare try a diplomatic solve as India's agreement with many foreign policy situations is mission critical.
Maybe it'd be better if in America we could try to get support off of the POTS and try to better connect to official brand sites or apps? Or we have phone plans/email plans for the elderly that don't allow stranger contact?
The Indian government is complacent because they allow such extreme poverty to exist where people need to seek out scams like this in order to survive.
Extreme inequities rationalized by an abusive caste system, mixed with a culture that praises creative work avoidance.
I don’t respond to phone calls anymore. I receive spam calls and texts every day. At this point I’m thinking about just blocking everything, the problem is that I still need to use this for:
- 2FA
- restaurants waitlist
That’s it. I just scrolled through a bunch of texts and calls and anything meaningful nowadays seem to come from whatsapp
Stopping the use of gift cards sold by Target or restricting their use would go a long way towards stopping this. Cracking down on the money mules who forward the cash would help as well. Reporting the bank accounts the scammers use and shutting them down is also key.
I'm just gonna be that guy - just install Truecaller. It has been the singular line of defense against all scammers and spammers for most (almost all) people in India and it works wonderfully. Scammers/spammers get routinely identified and blacklisted using crowdsourced information, and with terrific speed and prejudice. I do believe the reason most scammers have started focusing on foreign victims instead is because Truecaller has made it nigh impossible for them to dupe Indians at scale.
Yes, they have the bad habit of scooping off your contact lists to index people without consent, and, on hindsight, is indeed an affront to telephone privacy, but its benefits outweigh those compromises enough.
In America, the number you see on the call is not guaranteed to be the actual number that's calling you. In fact sometimes it doesn't show any number at all, just "Private number". It is a situation easily fixed by attestation but for whatever reason American carriers don't do that
> If somehow India stops this the void will be filled by scammers from some other country.
As if those would-be scammers in other countries presently don't scam.. because Indians do? How do Indians presently scamming stop would-be scammers in other countries from doing the same? That's nonsensical.
Face the facts, this is an India problem. Harsh economic sanctions against India are necessary to solve this problem, and if that fails, null routing India and the whole of South Asia if necessary. And if diplomacy fails, escalation to military strikes against Indian telecom infrastructure would be in order.
Thing is, there's other nationalities who quite frankly would probably be a lot more effective at coming off as convincing to potential victims, especially given the unfortunate effect this has had on the Indian people's reputation.
The fact that we haven't really seen anything near the level of Indian call centres tells me that this is unlikely.
I'm not saying that scammers don't exist in other countries, but that it's very rare to see anything with the level of sophistication and organisation that we see in India.
I was thinking we could run what is being said in a call from an unknown number through a scam detector. The detector, upon noticing an established fingerprint of scam activity, would alert the caller.
There is Call Screen in the native Android Phone app that does this, but even better: it can take the call on your behalf, and warn you based on what the other party says. It is available in the US, but it seems only for Pixel devices?
My wife worked in one such company several years ago. The interesting thing is that while hiring her, she couldn't even anticipate that the company was a scam. The company described itself as a certified technical support service. They showed her such a rosy picture of the work they did. It was only after a couple of weeks, when they had explained the processes, that she realized it was a scam.
She left soon thereafter. By the way, they were ready to pay whatever she asked for (up to a reasonable limit of course). The tragedy is that people in countries like India need to survive, and values take the back seat.
Two more such companies offered her the same kind of job but she declined.
The telcos have all my info, name, ssn, address everything. They can easily prevent all of this. These spammers generate revenue for the telcos and so for them spoofing calls is a service they are providing and don’t want to remove that “feature”
It will get worse with the advancement of AI and could scam the less vulnerable people too for example by voice cloning from few minutes of a voice sample of your friends or relatives.
There was a CEO of a company who already got scammed in a similar way:
Problem is the ring leaders of the scam call centres that actually finance the operations and move the stolen funds are usually not Indian residents. Once one call center is busted, they move to recruit another. The employees themselves aren't blameless either and need to be caught but the problem will simply rotate between countries if the brains are not caught. The reason there are so many scam call centres are there in India is the same reason there are so many customer support call centres: cheap English speaking labour.
It is too easy to fake the originating number. The actual line number where the phone call comes from is probably in the protocol already. A lot could be solved if the phones started to display that as well. Even better, allow the users to block on both official and actual numbers. Could probably be done without involving the telcos, only a change in the handset software.
I like that the same page shows a video of an "illegal school" being torn down by the government. Is this a joke?
Like, what kind of dastardly evil people are constructing schools without permits in a country desperate trying to feed and education the large population?
Is the municipality head just upset they didn't get an under-the-table payment like usual?
Your concepts of building codes and property ownership are western. There's no such thing in India. Rather, there's a patchwork of policies that contradict each other and no consistent sense of which one has precedence. And land ownership is complicated by qualifications over who can sell it and claims from family members who maybe had a descendent there hundreds of years ago. And of course, various policies benefitting squatters. And whoever could forge the ownership papers nicely enough to claim it's theirs.
These things are all features and not bugs. It gives pathways for the government to dispose of any buildings that are annoying it for whatever reason. They find the law on the books that allows them to bulldoze the school the quickest, have the tractors out there within hours, and complete the process before any lawyer can get through the patchwork of laws to stop it.
> Like, what kind of dastardly evil people are constructing schools without permits in a country desperate trying to feed and education the large population?
Don't blame whomever built the school, they were trying to help! Blame the ones who tore it down.
Check out kitboga on YouTube for some hilarious scamming the scammer videos. The guy tries to waste as much of the scammer’s time as possible and he’s quite good at it. Of course there’s only so much one person can do, but he does seem to be doing more than the entire US law enforcement apparatus combined.
Canadian public broadcaster, CBC, reported this as "financial terrorism" back in 2019. Now it seems the references have been scrubbed out. $10B drained from old and financial vulnerable is absolutely ridiculous and should be called financial terrorism.
Just to put things in perspective: for ~350 years (1600-1949), the West dominated and exploited India. The British taught the Indians that it was OK to steal from another nation. And they taught them English too.
Did the economy benefit over $10B from allowing voip calls to spoof numbers? I feel like dropping that ability would be a net win - would be much harder to spoof the elderly with a scam coming from a clearly foreign number
This has nothing to do with Indians, and is entirely a failure of the FCC to regulate the legacy phone system. The tech industry solved e-mail spam, why can't they be allowed to do the same for phones?
I apologize for the controversial and maybe inflammatory opinion, but it’s my reaction and thought on the issue. How much more were the American people just fleeced by Congress for this money that was sent to Ukraine? 10x more money. No one can scam the American people like our own government.
The problem is these scams are cheap to run and the risk is very low for the people running them. The police rarely do anything except a token show to arrest a few call centers full of low-level scammers. Rarely are the kingpins ever arrested and as such they just pop new centers up as often as they go down.
A multi-factoral approach may be the best:
1. Sanction India to encourage the government to clean up it's police force and go after these scammers with prejudice. Not the call centers, the kingpins that run them.
2. Education. Run commercials on every TV stations, news stations, etc to educate people on this. Perhaps even including example calls. Run TV shows talking about the scammers and examples of them successfully bullying people into paying to build deep distrust of these people and allow people's pattern-matching brains to do the rest of the work.
3. Punishing call forwarding services for every scam call. Force them to implement deep KYC under threat of severe company-ending fines.
4. Find a way to "encourage" carriers to improve their services to terminate these calls before they even make it to the customer.
I get so many telemarketing and scam calls to my phone anymore I have to pay $100/year for a service to stop about 80% of them. This is unacceptable. I'm not alone, I would guess in a survey of the average American their cell phone is basically useless as a calling device these days.
I was looking for the perfect analogy and this is it - would India and other countries be justified for sanctioning the US government for something private companies did? Sanctions are something governments do to each other and this is an issue between private citizens. It just gets messy because it's international, but AFAIK we can't do anything from the US aside from investigating to get suspects then requesting extradition.
The Indian government is pretty clearly complicit. At a large enough scale, there is no difference between permitting something and encouraging that thing. And other countries are free to impose economic sanctions on the USA for the shitty things it allows/encourages US companies to do.
If there is a market incentive for companies to do something bad, and the government can, but does not act to correct/neutralize that incentive, then the government should be blamed. India is a democracy, so that blame also falls on the electorate.
As a US voter I grudgingly accept my ~4e-9 proportion of the blame for the shitty things the US allows.
Just because people come from the country that gave the world Enron, Bernie Madoff and FTX and celebrates the exploits of Frank Abagnale and Jordan Belfort doesn't necessarily mean they can't feel that foreigners are somehow much more complicit in crimes committed by their fellow countrymen...
How many people in India have lost money to crypto scams based in the US or US-aligned places? The US has sports arenas named after crypto Ponzi schemes.
This is a global problem. It boils down to the Internet and modern telco networks opening up cheap ways to address many millions of people, allowing scammers to troll for marks at scale. Gift cards, easy wire transfers, in-app purchases, easy card charges, and crypto have made it easy to get money from people with low friction too.
That sounds an attack on the people of India for something a private company is doing. I also don't think the US has jurisdiction there, so I'd much rather see an investment in education or public infrastructure to help with it.
If this was similar to the Russia stuff where the goal was to affect the election and was sponsored by the govt then sanctions kinda make sense, but this is a problem of international communication between private citizens. If we wanted to make some law for this that seems cool but it'd need to be done at the UN, not in the US
> That sounds an attack on the people of India for something a private company is doing.
It's the responsibility of the Indian government to police what happens within its borders. The Indian government has turned blind eye to scammers in their country targeting the US, they're effectively endorsing it.
Why should the US continue to do business with a country that leeches off of the US citizenry?
Historically, the US has done the same thing to Japan, and more recently, China, when their businesses undermine US businesses. Either by not respecting US IP or by running US businesses under through collusion.
I don't agree with the Russian sanctions, you're doing collective punishment on a population of people, many of whom presumably don't even support the war. It may be an effective strategy but that alone doesn't justify it
How do you punish and manipulate a government without punishing its people, either as a side effect or direct goal?
Even if you come up with some way to somehow target specifically how the government functions but entirely spare the citizens from externalities, the government will just hold its citizenry "hostage".
I don't think we should be coercing their government to do anything, we should educate our own citizenry, build infrastructure to protect against it, lobby the international community to make a legal process for it, or all three
Why should the US invest in Indian education and infrastructure when India, by its inaction, is responsible for such parasitism against US citizens? It sucks that sanctions would cause collateral damage, but India is a democracy. No voting citizen is absolved of guilt.
I'm saying we should invest in educating people in the US to stop falling for the scams, or for infrastructure to stop in here in the US.
As another comment notes, the US is responsible for plenty of parasitism (MLMs, ponzi, crypto) that is likely a higher total value, but I suspect most citizens would feel it's unfair to sanction them because of some bad actors in the economy
I think this is an "ought VS is" thing - I know realistically the US could just hit people until they agree, but this is something that would need to be handled by an international governing body. If someone in NY scams someone in CA, CA can't just unilaterally prosecute them, it becomes a federal crime because it's across state lines. Similarly this is between countries and I don't know if we even have international laws for stuff like this, so it may not even be truly illegal. The US could request extradition but I think that's the extent of the legal actions the government could take.
My understanding is that most of these scams use spoofed numbers (or legitimate forwarding numbers), so there's no "just ignore it" remediation. SHAKEN/STIR[1] is meant to address this kind of spoofing, but it's not a stretch to imagine that these kinds of scams mostly target older people who are less likely to have (or understand) Caller ID anyways.
Yeah, they spoof local numbers. I haven't lived in the city my area code is from in a long time. Occasionally I'll answer calls from there when I'm bored and it's always a scammer.
What's even more disturbing is that I'm now getting calls from people talking in Hindi. I answer in English but they ask me to switch to Hindi. (I'm from Pakistan and speak Urdu which is mutually intelligible with Hindi). I'm guessing it's to build familiarity/trust.
They want to pay off my phone, electric and other bills and in return I pay them 50% of the amount. I give them fake info and try to keep them on as long as possible... asking them to repeat multiple times. Sometimes I'll tell how thankful I am that they came to me with this 50% off offer because I'm facing financial troubles. Not once did any of them fell bad about trying to scam a poor person. Their response is usually something like "This is exactly why we are offering this service, to help people like you".
Eventually they get frustrated and hangup. This way I can hurt their ROI just a bit.
Due to that whole lack of authentication I. The phone system, we get lots of spoofed numbers here in the US. I ignore most unknown calls but manage to answer maybe one a month that is an obvious foreign (usually Indian sounding) call center.
There's no meaningful blocking here: the victimizing party is spoofing, or using a "legitimate" forwarding service. Carriers could just cut India off entirely, but (1) money finds a way, and (2) we're going to cut off service for a democratic country of over a billion people because of a few scammers?
The remediation here needs to be statutory: (1) anti-spoofing needs to happen at the carrier level and not just the terminating connection, and (2) forwarding services need to be subjected to additional oversight and transparency requirements.
I can certainly fathom $10 billion. But I take your point; my point was that, even if there are a million criminals involved in telephone fraud in India, it's a tiny fraction of overall (and primarily legitimate!) telephone traffic. Interfering with over a billion peoples' ability to talk with their loved ones requires existential damage to our country, not frustrating crime that's best resolved with international cooperation.
Edit: I think a generally useful framing for these kinds of criminal enterprises is comparison to US wage theft: nearly the same amount is stolen from US workers each year in just the top 10 states[1]. This doesn't somehow excuse phone fraud, but you don't see the same kind of grousing for cutting Fortune 500s off of the Internet.
> I think a generally useful framing for these kinds of criminal enterprises is comparison to US wage theft: nearly the same amount is stolen from US workers each year in just the top 10 states[1]. This doesn’t somehow excuse phone fraud, but you don’t see the same kind of grousing for cutting Fortune 500s off of the Internet.
Cutting F500s off the internet would do nothing about wage theft. There is considerable advocacy for strong action to bring wage theft under control, too. So, I’d say this analogy fails its purpose on multiple levels.
I think Americans feel differently about a domestic issue of Americans stealing from Americans than they do about a developing country scamming elderly Americans out of their social security income.
It's never an "Indian number," it always appears to originate locally or in the US. Either way, I just use good hygiene and ignore all outside calls unless on contact list. The only people who ever need to call me are family and PagerDuty.
I think most people are downvoting you because this advice is useless, given that those calls never come from Indian phone numbers. I'd like to note that I'm downvoting you because that's not what a tautology is.
Is it bad that I don't feel sorry for the Americans getting scammed given the obscene wealth inequality that exists between the two countries? Some wealth shifting to a poor country with millions of malnourished people might actually be a net positive to the world? Morality is complicated for sure.
Have you been to India and seen the absolute squalour and poverty that exists? I guess the net happiness in the world increases everytime some poor indian scams an american. The american is momentarily pissed off and wiser about scams, while the Indian has got a lot of money that will improve his living standards considerably.
Not every American is wealthy, and none of the Indian scammers are the Indians living in absolute poverty. Have a look at this scammer and his resume [0] and tell me how this college educated criminal defrauding Americans who aren't very tech savvy "increases the net happiness of the world"?
I don't think this is a complicated moral issue, and it takes some really sloppy thinking to see any ambiguity here.
Defrauding individual people out of their savings is bad, even if the victims live in an expensive country that's home to some very wealthy citizens (like the US), and the criminals live in a country that's home to some very poor citizens (like India). How could the existence of poverty in India make it moral for college educated Indian scammers who live lavishly on the stolen savings of Americans [0] (youtube has plenty of scammer channels that show scammers are mostly college educated Indians who never, ever give the money to the poor and malnourished)?
It's not bad, it's reprehensible. Notwithstanding the fact that there are about a dozen moral qualms about this line of thinking, the economic conditions of the countries have little bearing on the economic situations of individuals in this interaction.
I'd wager that the scammers here are more wealthy than most of the people they are scamming. And given their criminal backgrounds, they are likely to do more harm than unintended good to the people around them. Remember Gandhi who once said, "an eye for an eye makes the whole world blind".
> I'd wager that the scammers here are more wealthy than most of the people they are scamming
Ohohoho noo they're not. They are definitely not. Probably the one sitting at the top, but not the telecallers themselves who do the actual fieldwork. These are just poor youngsters who can't find jobs because of how ridiculously brutal India's labour market is.
If only Gandhi's idealism was even somewhat practical. This is what he thought about the Jews: “Hitler killed five million [sic] Jews. It is the greatest crime of our time. But the Jews should have offered themselves to the butcher’s knife. They should have thrown themselves into the sea from cliffs.....It would have aroused the world and the people of Germany.... As it is they succumbed anyway in their millions.”
The world is not a fair place. Morality doesn't get you fed, doesn't get you proper education or healthcare. And when you don't have proper opportunities to earn money the right way, it's tough not rationalizing scamming other people to get your basic needs fullfilled. Overall it's a good thought experiment to imagine what all we would have done if we were not born with our current privilege. I personally feel people are only as good as the world allows them to be.
Gandhi might've said a lot of things, but the point of that quote is that retaliation leads to an overall worse outcome. Unless you're an egomaniac, you will want to swallow your pride, break the chain of retaliation and live your life in peace. Retaliation is an inherently unstable state.
You are right that people are only as good as the world allows them to be. Which brings us to morality. It is not about any greater good or anything like that. Morality is simply what the world has defined that allows people to be. Over time humanity has understood a set of ideas that allow a stable society to exist. Without these you will have a very dysfunctional society that is in a perpetual state of retaliation. The wise founders of nations have realized this and codified morals into law. There is no society today that exists without law because any such society would not have stood the test of time.
I understand the impulse to feel this way, but redistributing wealth through criminal syndicates who likely contribute very little real value to the Indian economy is not the way to go.
In these types of call centers, nobody is malnourished. The people making the calls are probably making a pretty meager salary (let's say $300 a month) and the singular company owner takes in all profits, and spends it on BMWs, his 10 pieces of land, and his 20 other unrelated business ventures.
These scam call centers aren't owned by glorious socialist warriors, they're owned by comparatively wealthy individuals that pay their workers far less than the profit of their labor and often hold them under terrible working conditions. Also, yes feeling bad for old people losing their life savings is the correct position (america doesn't exactly accommodate for people without money).
The reason carriers -- from the local exchange carriers and up -- ignore it is because just a single scam operation can mean 10s of thousands of dollars in volume a month, and sometimes more. Since they have to self-report for the most part they're not very incentivized to stop it. There are a few easy to implement regulatory / technical mechanisms that could nearly axe all of it, but carriers push back hard on those regulations and they never stick.
I know from experience dealing with this that it's absolutely not ignorance that's at play on the regulatory and commercial side. It's disgusting, and as fueled with greed and red tape as you'd fear.