VoIP to Fuel Plague of 'Dialing for Dollars'/Spam

Ant writes "Broadband Reports says Internet News is exploring how telemarketers world-wide are realizing they can dodge long-distance costs (and U.S. "Do Not Call" restraints) by voice spamming VoIP users. Different from SPIT (spam over internet telephony) because it's not automated, an analyst in the article predicts homes and businesses could see some 150 calls a day from overseas call centers."

Silly Idea

[fembots]

What happens if the cost of each almost-continuous call is incremental?

Say the first 10 VOIP calls are free, and if you make the 11th call within 5 minutes of the 10th call, you pay 1 cent, and if you make your 12th call within 5 minutes of your 11th call, you pay 2 cents, then 4 cents, 8 cents and so on.

Private callers shouldn't have to pay anything due to the engaging nature of personal calls.

Businesses will have to register to get exemption from the charges, thus easily identifiable.

Like spam filters, this won't stop spammers from spamming, but hopefully it's enough to make it less profitable.

We didn't see email spams coming, but we should definitely do something on VOIP when we have the opportunity.

Call Blocking?

[Ironsides]

So how long until someone hunts down those IPs and offers up a list for call blocking of them? Also, how long until someone writes a program that will DDoS of some form or another those same call centers or something similar that will harass the call centers?

The joys of computer controlled phones!

[garcia]

And with VoIP it would be quite easy to enable an easy to update whitelist for inbound calls. People could use something like the various spam blocking sites (i.e. Spamhaus) that would put and end to that crap.

There are so many possibilities for controlling this crap that I don't even want to go into it. Personally? I would use my addressbook (LDAP?) as the whitelist. Anyone else would get a message to find another way to contact me to be added to the whitelist, to enter the passcode to get through, or they be routed to /dev/null.

Anyone showing up as "UNKNOWN", "UNAVAILABLE", or originating numbers coming from outside the country would automatically be re-routed to /dev/null. I would sort of expect these options to be built into the software and easily enabled by end users as that would make the most sense.

Yeah, it could cause you to lose some callers. How many times do people call you that you don't know and that you actually want to hear from? I'll take the 1 caller a year that doesn't know the passcode and can't find another way to contact me.

YMMV.

Re:Better fix this

[shawn(at)fsu]

I think one of us is missing the point. I think from what I understand that this will only affect people who use VoIP. Course I could be wrong. If it only effacting poeple like vonage users I don't think the telcos will be doing much to fix this. Thinking further it will be like spam in taht there probably wont be a quick and easy fix.

IVR Honeypots

[Anonymous Coward]

How long until we see IVR (Interactive Voice Response) honeypots written for Asterisk?

I can see it now, an UNKNOWN/UNKNOWN call comes in and is immediately kicked into a simple IVR app that says "hello", waits for a pause and then says "Very interesting, tell me more" and repeats until the person at the other end realizes that there's noone there.

You could even add automated attacks against the originating system, as well....

Re:Silly Idea - We saw it coming

[Nom du Keyboard]

We didn't see email spams coming,

Actually we did. The infamous Green Card Lawyers carpet-bombing Usenet told everybody paying attention that we stop it now, or it will only get worse.

Problem with politicians is that they don't react to a problem until after it has grown out of control. And they don't listen to the people who do see it coming.

That's why to this day, CB radio skips clear around the world. They didn't listen to the experts about assigning frequencies. Even now, with spam a problem for everyone, there is little in the way of effective law against it.

Re:The ring that keeps on ringing

[porcupine8]

Why hasn't someone implemented one of them in an "Email 2.0" style service with the single feature being "not compatible with existing email, including spam"?

Why on earth would I (or anyone) use this? The entire point of email is communicating with people. If I got an "email 2.0" address, but nobody who needs to email me has one, what would be the point in me having it? And if it got popular enough that the people I want to communicate with all had it, wouldn't the spammers just get it, too?

Now, I could maybe understanding coming up with something like this for intra-company communications or something, where a specific list of people would get the new format of email and they could all talk to each other but nobody from the outside could email in. But they'd still need traditional email for any communications outside the company. And what company could do any business these days without emailing (or receiving email from) anyone outside?

I just can't see any way at all that something like that would work.

Re:The ring that keeps on ringing

[cas2000]

> There exist many methods for anti-spam
> authentication. Why hasn't someone implemented
> one of them in an "Email 2.0" style service with
> the single feature being "not compatible with
> existing email, including spam"? After the first
> service opened up for business, there would be
> more. And more. Until Spam was gone for good.

because that wouldn't work either.

idiot windows users would tell their mail software to remember their authentication password, and spammer viruses would be rewritten to look for those passwords and use them. within a very short time, the new "secure" authenticated mail protocol would be compromised by spammers.

as long as people are using insecure garbage like MS Windows & IE & Outlook on the net, there will be millions of spam zombies.

Re:Culture shock

[panaceaa]

Maybe this works for you, but in my life things don't always go as planned. If my girlfriend is in an emergency situation (and it has happened), she contacts me by phone. Because it is an emergency, it may be from a phone number I do not recognize. She will likely not have access to email or IM before calling me. So a random call comes in from a random number... and guess what? I have to answer it because I care about her and it might be her. Until other less-obtrusive technologies like IM are ubiquitous and can be used in emergencies, this cannot change for me.

VOIP spam is a really scary and almost unavoidable future. To combat it, I only give out my cell phone to people I know. I always give businesses my home or work number. But if it starts to be a problem, I bet a lot of the profiling techniques already used for filtering email will start happening on phone networks. And thankfully, I have never heard of a VOIP open relay, so we'll have a better chance at stopping the problem at its source.

Re:Better fix this

[alienw]

Actually, the phone company would want to encourage it. Phone companies hate VoIP and would love to see it die.

However, I can't see this becoming a problem. VoIP traffic is very easy to block. If you get a telemarketer, block them. It's not like they can change their internet provider every other day, and VoIP traffic, being two-way, is rather difficult to proxy through a hijacked machine (unlike email). And it's rather difficult to move a call center to another country.

Re:They will throw themselves upon the firewalls..

[Hoi Polloi]

"Russia, China, India... Who'd have thought these would be new sources of spam?!"

Make sure you add to your list America's own 2nd/3rd world state, Florida.

Re:Cell phones -- missing the point

[Nom du Keyboard]

Hopefully, the cell phone companies see this coming and will start to work on technology to drop calls from known offenders.

You're missing the point here. The cell phone companies want you to use your phone. You don't have unlimited cell phone service. The more minutes you use, the more you pay. This is to their advantage, because where else are you going to go?

Re:The ring that keeps on ringing

[kebes]

I agree with this post, and I think the replies to it are missing something when they say that backwards compatibility is important. How many email addresses do you have right now? I have about 6, with most of them forwarding to 2 key mailboxes. I do this partly to avoid spam (always give out the email address I don't care about to untrustworthy sources). The point is that I am already doing alot of work to avoid spam.

If I started using this hypothetical "email 2.0", I would, of course, keep an old "email 1.0" account running on my computer. At first only tech-savy people would use email2.0, but that would be enough for the technology to be deployed.. and eventually, when other people find out that it's possible to send and receive authenticated email without getting any spam, they would switch too.

My point is that it is not an "all or nothing" situation. We are all accustomed to evolving along with the technology, and maintaining multiple standards at the same time. Give us email 2.0, and email clients that can accept both the old and the new standard... and then, in 5 years, we can ditch the old standard.

Of course, we are moving in this direction with secure SMTP connections... but more needs to be done.

Re:The joys of computer controlled phones!

[sribe]

Yeah, it could cause you to lose some callers. How many times do people call you that you don't know and that you actually want to hear from?

Well, if you own a business where you sell a product or service, you hope it happens pretty dang often!

Re:zerg

[BWJones]

Actually, yes, you did. Don't believe me? Go back and check your credit card bill.

Actually, no I did not and all my credit card bills are scrutinized carefully. If anybody charges anything to my credit card that is not authorized, they are committing fraud and will be prosecuted as such. I don't know about your credit card companies, but mine have been very good about this. Any purchases that fall outside my normal purchase pattern are flagged and my credit card company calls me to ensure that they are legitimate. For instance, when I bought 4Runner on my card, American Express called to ensure that it was indeed an authorized purchase. Same for other purchases that while small (like the shareware I bought from India last week), even resulted in a call from my company to ensure it was approved.

Even if 99.9% of people they cold-called call back and demand that the charges get removed, enough people won't call back. Do the math and you'll find this is highly profitable.

If companies can be documented doing this as a matter of business practice, it is fraud and prosecutable under existing US law. I can think of more than a dozen laws this violates.

your solution:

[bani]

pbx with PIN number. anyone who doesnt enter the PIN gets silently dumped to voicemail -- your phone never rings. the PIN gets them to immediately ring through, bypassing voicemail.

simple. elegant. failsafe.

you're welcome.

Re:The ring that keeps on ringing

[IWantMoreSpamPlease]

I'm going to recommend something that comes as a shock to most people:

By now (2005) we all have caller ID, answering machines, call back, etc etc etc.

Here's a novel idea: If you don't want to pick up the phone, don't.

On the weekends, when I don't want to be disturbed, I turn the phone ringer off, the answering machine sound down, and ignore the things entirely.

If it's an important call, the answering machine will get it, and the caller id will grab the number.

If it's not important, they won't leave a message.

Very easy.

pining for POTS

[jpellino]

*sigh*
Cordless was supposed to be better.
- Yes, because I'm not tethered to a wall in my house.
- No, because the neighbors can eavesdrop.
Cell was supposed to be better,
- Yes, in that I'm not tethered to my house.
- No, in that it still doesn't work as well or as often as my landline.
VOIP was supposed to be better
- Yes because it's cheaper / no old stakeholders
- No because it's not protected like my landline,
- No because this new stuff can happen,
- Maybe since we're not sure is it an intermediate step or is this "it"

And how many times have we had to ask THAT question... CDs were "it". DVDs were "it". Cable was the last pipe we'd ever need. No make that IP over Powerlines. Scrap that - wireless broadband! This just in - WiFi Mesh. 802.11 A - I mean B... er, no, um... G! Oops - N!

And I thought they were making up that stuff in the Matrix movies about only trusting physical landlines...

Re:The ring that keeps on ringing

[Anonymous Coward]

I've developed an extension to an existing bot for a Russian "enterprise" allowing to perform exactly this.

Like anyone else, I hate my job some days. But man, if I did stuff like that for a living, I'd hate my life. What a loser.

no

[amyhughes]

If you hear the phone ring and walk to it to check the caller ID, the damage is already done: you've been interrupted. Picking up the phone to dispatch some telemarketer is actually the fun part.

The Human Factor...

[telemonster]

No, not the MacGyver episode. Spam email is supposidly very ineffective. Everyone receives thousands of spam mails, but who actually does business with the company? The return rates are supposidly very bad, perhaps 5 people per million messages sent.

Spam mail is sent with a computer, in bulk, really fast.

One saving grace is that the telemarketers will generally use peopl (yes, there are some IVR calls, but the majority are humans). So hopefully the rate of return on the bulk number of calls needed to get a sale will make this ineffective.

I was telling people this before... "VoIP and other cheap unregulated phone service is great... but it will degrade into a state like email flooded with garbage"

Oh, and for fun, next time a charity calls... ask what percentage goes to the organization they are representing. Fun game.

150 SPIT's a Day: No Way

[Anonymous Coward]

Because in a way spam still exists because we all 'tolerate' spam. It's a time shiftable bother. You can deal with it like doing dishes: after, and not during your favorite TV show. Or after, and not during work that requires concentration. You can still maintain your own agenda.

SPIT rings the phone and keeps you busy the moment it comes in. It will call for revenge, in a way. A "now" problem demands a "now" solution, and that demand will be quite effective because it is pushed by an emotion called anger. Making spit a problem not only for the spit receiver, but also for the poor guy/girl receiving your input.

Concerning spit, the person in the chain between problem report and solution that said "who cares" in the case of spam, monopolies, patent directives and other forms of marketing mechanisms must fear for his life.

This will be dealth with quite efficiently.

Re:The ring that keeps on ringing

[Anonymous Coward]

This is exactly the reason MS Word is so popular

Re:Cell phones -- missing the point

[Anonymous Coward]

WTF? No way.

They don't want you clogging up the system using up your minutes. They would much rather you buy the 500 minutes/month plan and then only use 10 minutes of air time.

That is unless you get no free minutes at all.

Using air time costs them money because there business is based on the fact that people buy some expensive plan but don't use it fully.

Re:your solution:

[DerekLyons]

pbx with PIN number. anyone who doesnt enter the PIN gets silently dumped to voicemail -- your phone never rings. the PIN gets them to immediately ring through, bypassing voicemail.

simple. elegant. failsafe.

No. It's fail - dangerous .

What if the call had been from my father-in-laws hospice nurse, and she couldn't find the PIN? Or the nurse at his doctors office, (whose phone# field in their database almost certainly doesn't have a way to handle this)? I.E., at least twice in the last year a phone call about a medical emergency that I needed to know about now could have been dumped to voicemail - and who know when I would have heard it?

Not to mention the various brokers and realtors I work with on a daily basis. (Or am I supposed to hand out a PIN widely and hope they remember it? Where is the security in that?)

Failsafe does not mean cannot fail (as its commonly used in the vernacular). Fail safe means that failure causes no harm. And for this mechanism, I can postulate half a dozen ways it can cause harm without thinking - all real, and all things that have happened.

I could not be happier.

[jafac]

The problem with the situation is;
too many people put up with it. too many people tolerate it. Companies would not engage in spam, if they did not believe it was profitable.

If the spam armageddon described in this article *does* come (and I'm feverishly praying it will) - then a critical mass of people will finally get fed up and do something about it.

Not something ineffective like the national do not call list, or the can-spam act.

Something effective.

Blood will flow.

It will be glorious.

No.

[www.sorehands.com]

It is based on what we think the fairness is. I don't think most people here would fault the MPAA for going that to someone who is copying DVDs and selling them on a street corner for $5/each.

whoa

[KZigurs]

You sure have a strange gf... Such number of emergencies.