You tackle these things one-obstacle-at-the-time. Telco's are borderline complicit in this today, they don't have to be. Note that in some countries these scams are far more prevalent than in others, they'll go for the low hanging fruit first just like any other business. Make it harder and definitely there will be a response and then you aim to tackle that one. Shipping a SIM box would already be much more work than just changing a number in a database. Require that a phone number is used in the country of origin before you allow it to roam is another step in that process and so on. Rome wasn't built in a day and I'm sure that getting rid of this problem is going to be a series of steps.
But as long as telcos willingly cooperate and allow remote call centers to basically pick any number in the locality of the recipient even though that number is not currently roaming in India they are making things much worse.
> Note that in some countries these scams are far more prevalent than in others, they'll go for the low hanging fruit first just like any other business
The reason for this is language barriers, it's not some countries doing things better than others.
> Shipping a SIM box would already be much more work than just changing a number in a database
They don't even actually need to ship one, there are thousands of them operational already. This is a massive industry.
Even if you cracked down hard on SIM boxes, the scammers will just purchase routing from botnets. This won't really impact their costs, and will be essentially impossible to take any meaningful action against.
Yes, but that would at least put them at the same level as burner phones with a physical presence required in the target country (or close to it).
Anyway, since you are willing to shoot down each and every suggestion in this thread short of rolling over and accepting the damage how would you tackle it?
Can you give a single example of similar fraud being successfully tackled? Not just the scammers being caught, but the entire scam being rendered unprofitable.
European authorities haven't managed to do anything about the car selling scams Romanians have been running for decades now. Nobody has managed to do anything about the Nigerian prince scams. BEC with truly shitty phishing pages keeps on growing and growing.
The best bet would be for US authorities to force India to crack down on these activities and prevent these scams from operating at an industrial scale.
The actions you propose would work well to address lower return activities, such as marketing robocalls. They can not work to address high-return scams.
If we can make it harder to run a scam call business by changing things on our end, and these changes do not impede non-fraudulent use, why not go for it?
I don’t see why you’re pushing so hard against this line of reasoning, I guess. You’re making it sound like a hopeless endeavor to even try, in a “don’t lock your doors because thieves will just use lock picks” kind of way.
> If we can make it harder to run a scam call business by changing things on our end
How much harder? If your changes increase the telephony costs of a scam call centre from 0.001% of revenue to 0.002%, you have not actually made their operations harder.
> and these changes do not impede non-fraudulent use, why not go for it?
> Can you give a single example of similar fraud being successfully tackled?
Plenty of such cases here locally. Your point about the language barrier is on the money though, I never really gave that much thought but the number of Dutch speakers in India is most likely so low and the market so small that it isn't worth a massive campaign to them. Especially not if there are millions of gullible people in markets that are more accessible to them.
As for forcing Indian authorities: I've seen up close how corrupt things are there and I have very little hope that that would be a viable avenue to resolution of this problem.
I'd be super curious to hear about any local success stories.
>As for forcing Indian authorities: I've seen up close how corrupt things are there and I have very little hope that that would be a viable avenue to resolution of this problem.
Then you're left with education. These scams are very profitable and can easily afford resistance from telcos and banks.
Most of these scammers already have physical presence in the US. I feel the solution is probably to be found in more policing and prosecution than in creating tiny obstacles.
There's no reason consumer SIMs should be able to call more than N distinct numbers in any 24h period. You can implement reasonable rate limits to prevent abuse.
However, even if we assume that SIM boxes are a magic solution to carrier interventions, that still raises the cost from the current status-quo. Implement enough of these barriers and the entire scam operation becomes unprofitable and no longer worthwhile.
The difference between this and cooking/toasting bread is that your bread-making activities have no way to negatively affect someone else - we don't have an epidemic of spammers paying people to bake "underground bread" in their homes.
Of course, an override should be provided - the restriction should be relaxed over time once the account is established for a long time without any complaints.
What you are describing is already done by carriers in countries with high sim box usage. (Basically, it costs ~$0.01/min to make a local call in Nigeria but $0.25/min to make an international call to Nigeria so people there set up SIM boxes and Asterisk to terminate calls locally and profit the difference between these rates. The reason it costs $0.25/min to call the official way is due to many governments taxing incoming international calls because they see it as an easy way to raise revenue at other people's expense). But anyways, because governments don't like this kind of arbitrage, they force carriers to add detection mechanisms. So they check for high ratio of outbound to incoming calls, high amount of distinct phone numbers called, 24/7 usage patterns, etc. Except Africa is still losing a few billion dollars a year to this kind of toll bypass because it is still massively profitable (see https://en.antrax.mobi/request-pricing/ for example) and these changes just require them to rotate sim cards slightly more often. Essentially what I am saying is that unless you can reduce the fraudsters' margin by a substantial amount you are wasting your time.
> Ther is no reason a consumer oven should cook more than 5 meals a day. There is no reason a consumer toasteer should toast mpre than 10 times a day.
Consumer ≠ business/commercial. A home oven (or toaster, fryer etc) isn't made for such use, a commercial one is. You should really spend the monies in commercial gear if you're gonna feed such hordes of people.
Similar thing with SIM cards. Why would a normal person be making 100+ calls a day on a simple, personal line? That's clearly commercial use and as such, it oughta be regulated somehow.
And what do you propose would be such a reasonable rate limit?
>However, even if we assume that SIM boxes are a magic solution to carrier interventions, that still raises the cost from the current status-quo. Implement enough of these barriers and the entire scam operation becomes unprofitable and no longer worthwhile.
Why do you assume that the call routing is a meaningful cost to these operations? For all we know they spend less than 0.01% of their revenue on call routing.
Using SIM boxes is already standard practice, sketchy VOIP providers and SMS spammers have been doing for years because it is cheaper to do this than to pay for legitimate routing.
Just put something along the lines of "sim box grey route" into Google and you'll find loads of relevant industry materials.
Besides, you're drastically moving the goalposts here. We went from "could put a stop to this" to minor obstacles.
I think the subtext is that given valid caller IDs, then block lists can be made. The US FTC might manage them like it does the do-not-call lists, or the perhaps the US Attorney's office, after some criminal complaints.
Ideally, the telco would implement these block lists, but also ideally, they could be traded around like web ad block lists for individuals to load on their phones.
I think we all know scam calls are a serious source of revenue for carriers, so they will need to be led to this conclusion by force.
None of that happy future would come without true caller id, thus the resistence from carriers to fixing spoofing.
Logically, there must be enough benefit for them carrying spoofed robocalls to risk regulatory attention AND driving away all their voice revenue. Many people have stopped answering their phones altogether since voice calls became unusable.
Enough minor inconveniences and the barrier to entry will go up, this will favor the larger players but those you can then go after with other means. It's never going to be a one-stop solution.
Ideally there would be a warning that a call does not originate locally, routing the call through a local representative would generate yet another signal that you might be able to close off, including the possibility to declare the possession or hosting of certain gear illegal. You'd have to maybe do some pattern matching to spot problematic numbers and/or have a place to report them easily.
If the will was really there I'm pretty sure this problem could be tackled.
> If the will was really there I'm pretty sure this problem could be tackled.
Probably, but not with any of your proposed methods. I have talked with some SMS spammers and none of what you proposed would affect them. And for SMS spammers these inconveniences are a much bigger part of the cost of doing operations than for a company which needs to have employees in a call center. They have to spend a lot of money on buying new SIM cards as old ones get blocked.
SMS spammers could be tackled with a couple of regexps if the will was there. The fact that these scams still work is a sign to me that there simply is no will to tackle any of this at the telco level. They know exactly what is going on.
There is already keyword filtering. Try using the word "election" in SMS at a certain time of year. A certain US political party complained about this. E2EE is not compatible with content based filtering.
Lots of telcos are doing exactly this, doesn't really work very well. The spammers just switch to more generic messages you can't realistically filter out.
Yeah, and this is almost the bottom of the food chain, the only people below crimemarket are those too dumb to use internet forums.
Anyone can easily buy European bank accounts opened with fake IDs, or money laundering services where you're provided an IBAN and receive a % of the money sent there to your cryptocurrency wallet.
Want a fake passport good enough to travel with? No problem, will just run you a 1000 euros.
