More on Scammers Abusing TTY Services 192
edward ericson writes "A more comprehensive look at IP Relay scams and their effect on relay operators, the deaf, US business and the relay providers like Sprint, AT&T and MCI. Unlike a previous piece in the AZ Star, this one shows that the problem is at least a year old, and estimates that the companies have earned at least $23 million by facilitating scams. Anyone here care to discuss IP blocking techniques?" See our previous story for more.
Kill the broken service, it's not needed. (Score:4, Interesting)
The deaf people with computers can still get to this service by using their modems as a TTY terminal, and by calling a 1-800 number, there would be effective proof that the call is coming through the USA. Data calls don't get along well with VoIP services...
Re:Learn something new every day. (Score:3, Interesting)
I have personal experience with this stuff... (Score:5, Interesting)
Re:Please... (Score:4, Interesting)
Seriously... a "data embargo" against Nigeria may very well be deserved at this point. They've clearly got a problem enforcing their own anti-scam laws.
They should be busting these scam rings up, or admitting that they can't and seeking help in doing so. The fact that this isn't happening is very deserving... why do we want them as a data trade partner?
pranks via TTY (Score:2, Interesting)
1. making the TTY operator saying funny things("PLA go away")
2. Prank calling your friends across the USA via 800 numbers
3. Don't have a voice changer? use the TTY relay operator's voice!
RedBoxChiliPepper and friensds have been doing fun TTY for years!
Re:Please... (Score:4, Interesting)
And keep in mind, it's not only nigerians that are doing the scamming. Now that this method is being widely published, it'll definitely spread like wildfire until something definite is done about the problem. Don't forget that it wasn't too long ago that credit card fraud through little online shops was rampant (and many "pandits" were crying the online shopping world would crumble), but things changed. People learn especially quickly when they are losing money that they need to be wary of fradulent occurences.
Perhaps what's most needed is an embargo on dimwitted idiots. Then we won't have to worry about people getting so easily scammed. Perhaps that even goes for the laws relating to the governance of the TTY service. It's a shame it's come to this.
I was almost a victim of this scam (Score:4, Interesting)
The person on the other end wanted to order 40,000 of our EverLED LED flashlight bulbs. We only sold 1000 of these in all of last year. At $40 a pop, most people only want to buy one. So right away warning bells went off in my head. Some toolbag wants to buy $1,600,000 worth of product from a retailer he has no relationship with and he is doing it over TTY relay???
I figured I'd try to find out a little more about the individual. I asked him where he was from. "Nigeria." WHOOP WHOOP DANGER WILL ROBINSON!!! Needless to say I cut the conversation short.
It was a very difficult exchange, the Nigerian used broken english that neither myself nor the operator could really understand. It must have been very frustrating for the operator, I felt bad for her. The whole exchange took about an hour, it was extremely tedious. And it was a complete waste of my time. Thankfully that hour is ALL I lost.
The Nigerian tried to call me back TWICE both times using the TTY relay, of course I wasn't about to give him any more of my time. Selling $1.6 million worth of product via TTY relay is unconventional, but I don't discriminate against the disabled. I do NOT however do business with ANYBODY in or from Nigeria.
Dealing with scammers in a business environment (Score:5, Interesting)
I am currently employed by an online retailer. We've been dealing with this problem for at least TWO years. The basic scenario goes something like this: we receive an order placed online with an obscene total, next day shipping, a yahoo email addy, or a combination of other flags that tell us it's fraud. The credit card address verification always comes back "does not match" in these cases. Then we send them a polite email stating that we can't process their order any further until the address does match. Within minutes the call center receives a call from an IP relay operator. Occasionally, they don't identify themselves as IP operators. So we always ask "Is this an IP relay call?" So far, they've never denied it. (In the last two years we've documented ONE TTY call.) At this point we accept the call and then explain to the scammer that we can't accept IP relay calls and that they should send us an email. Shortly thereafter we get an email from a different yahoo account that reads like a 419 scam. It's fun.
Basically, the theory is that if someone is legitimately using the service, they're perfectly capable of sending email. The benefit is that we minimize the time spent dealing with scammers.
If anyone else has methods of dealing with this nonsense, I'd love to hear it.
Credit card companies' fraud handling is broken (Score:5, Interesting)
As an online merchant, we see online orders that are clearly fraudulent. But the credit card still goes through (we 'authorize' first which just deducts from your credit limit). We decide not to take the order; thus we don't do a 'capture' on the card that would deduct the money from the poor guy's credit card account. That way we avoid getting charge-backs that would ruin our merchant rating and that would cost us in the end anyway (if caught). But we do log that credit card # in our database. Sometimes SIX MONTHS LATER the fraudster will use that same credit card # on our site again and it is *still* being accepted by Visa/Mastercard!
This is a broken system. As a merchant, we have no way (that I know of) to warn Visa/MasterCard or the issuing bank or the card holder that the number is being used for fraud! (Besides just going ahead and charging the card, knowing its fraud.) Certainly not an automated way to do so in the same way that we connect to payment gateways. It's just not in Visa's/Mastercard's interest to put a system in place because at the end of the day, the merchant is liable.
I'm interested if anyone knows of a place where merchants can swap info about fraudulent cards or other fraud data.
--LP
Having worked... (Score:3, Interesting)
I wonder. If people shit on the commons, can we go back and chase them off with a gun?
It's dying anyway (Score:2, Interesting)
At least that what my parents and their friends are doing.
Re:Learn something new every day. (Score:5, Interesting)
Alternatively, CAs are allowed to deliver a short instruction about the service. One could easily imagine a modification: "Have you ever used the relay before?
Re:Trolls have no shame... (Score:3, Interesting)
Yep. I don't have the money to go filing pointless lawsuits that I doubt I'd see anything from... but maybe it'd be cool to just force Slashdot to cough up the IP address of the "anonymous" troll.
Art thou's commentes no longer valid?
They sure are still vaild. I don't disagree with myself very often.
Re:Learn something new every day. (Score:2, Interesting)
Re:Kill the broken service, it's not needed. (Score:1, Interesting)
Like many CAs contacted for this story, the operator demanded anonymity, saying "they warned us that if we speak to you we will immediately be fired."
Still think the companies are blameless?
Re:I have personal experience with this stuff... (Score:3, Interesting)
Perhaps you should explain this to Microsoft, GM, GE, and others [ctj.org]...
Re:Dealing with scammers in a business environment (Score:5, Interesting)
I work part-time for a mail/telephone/internet catalog company, & handling the orders that came in by mail (which still accounts for about 10-15% of total sales last Xmas season) was an eye-opener about fraud. However, most of the possible cases stick out like a sore thumb. Typical clues:
*The addresses for where the catalog was delivered, the address on the check, & where the person wants to ship the order don't match. Bonus clue when the address the catalog was delivered is thoroughly scribbled out, as if to hide where the catalog was originally sent.
*Potential customer pays with one of those starter checks you get when you open an account.
*Customer orders stuff that can be easily fenced: usually this means electronics, but jewelry falls into this catagory too. (My employer doensn't sell jewelry.)
*Addition skills a first-grader would be embarassed over. (I had one chucklehead who rounded up on all of the prices -- $19.00 became $20.00, $27.50 became $30.00 -- & added an extra $20 on top of that, apparently because he still didn't have a firm grasp on this form of higher mathematics. I passed it to someone to research, & only later realised what was going on.)
*Potential customer has got to have it overnight. (Sheesh, if you need it that soon, why didn't you give us a call & use a credit card?)
Since it's always possible that an honest, real customer can do some, many, or all of these things, any suspicious order was passed to a senior employee who'd compare the names on the order against our database of customers to see if they'd tried this before, & a list of known fraud artists (retailers share this information), & then call to verify funds. If it passed all of these tests, then the order would be entered into the system to be filled.
(One item that shocked the **** outta me was that a fair percentage of people had their Social Security Number printed on their checks. For the few who don't know, the SSN is the skeleton key to an US citizen's credit history.)
Most of these methods are detailed in the original article, but it's amazing that a small amount of skepticism will block a large number of the scams. Based on that, I'd say that if a veteran TTY operator thinks a call is fraud, they're probably right.
Geoff
Re:Kill the broken service, it's not needed. (Score:3, Interesting)