I built telecommunications systems / software for some time. The unfortunate truth here is that telecom carriers absolutely already have everything they need to largely put a stop to it but they knowingly ignore it. It's the biggest problem in the US because because of pricing. It's expensive to run outbound campaigns in almost any other country, and very cheap in the US (fractions of a penny per minute compared to 5-10c per minute in some EU locations). Scammers need volume to make money.
The reason carriers -- from the local exchange carriers and up -- ignore it is because just a single scam operation can mean 10s of thousands of dollars in volume a month, and sometimes more. Since they have to self-report for the most part they're not very incentivized to stop it. There are a few easy to implement regulatory / technical mechanisms that could nearly axe all of it, but carriers push back hard on those regulations and they never stick.
I know from experience dealing with this that it's absolutely not ignorance that's at play on the regulatory and commercial side. It's disgusting, and as fueled with greed and red tape as you'd fear.
That’s kind of sad that they won’t just fix it if they can. I over hear my elderly parents give each other tips like “don’t open that email, it’s fake” and things like that.
So, I realize this is a big ask - but can you please write this up as a story and sent it to a major news outlet? My cynicism is already high, but I would not have suspected this of all things, that telcos would allow the elderly to be victimized to the tune of $10B to make a few pennies.
And when scammers go back to using Western Union are you going to ban that as well? When they ask a person to send them cash are you going to ban cash as well? Hell let's just ban all money to prevent this.
I want gift cards banned not because of scammers. Like pay-day loan services, gift cards are based on the fraud of profound information asymmetry. Gift cards make liquid cash worse in almost every dimension. It's tied to one supplier. It can be lost. I forgot the stats, but I'm positive billions spent on gift cards are never redeemed.
Gift cards are just slightly less evil than payday loan services. They take advantage of a (positive) human need to give, and a (negative) human need to not work hard, picking out a gift, and a (negative) need to appear to have purchased a gift when one, in fact, has not. What makes it even more evil is that because it's a gift the loss is not seen as important for the giver (they gave it away after all) or the receiver (they weren't expecting to have this thing). The burden on the receiver, to carry around this extra piece of plastic, having to remember to use it, possibly even altering your behavior to use it, makes it even more nefarious.
I don't think my position is particularly common. Certainly gift card industry fraud is low on the list of societies pressing problems. But it is a problem and one that I wish was better understood .
Yeah, how about this: when I get a gift card, I a) discount the gift about 50% based on EV and b) consider the giver kind of stupid for wasting money like this. It's like the opposite of being impressed with someone for getting a good deal. "You spent $5 and this is worth $100 to me, awesome!" versus, "You spent $25 on this and it's worth $10 to me. Yay." Everyone just fucking loses. (Like you, I am surprised at my vehemence - perhaps pg is right that writing and thinking are one and the same, and I'm just late to the epiphany that I absolutely loath gift cards. So much so I wouldn't even mind being known as "that guy who hates gift cards so much".)
Most of the losses (in $ terms) from these scams do not involve gift cards. They involve the scammers convincing you to install some remote desktop software and emptying your bank account.
It's already illegal to send people to open bank accounts with fake IDs, but the scammers have no problem cashing out the bulk of their profits like that.
Sometimes they transfer to a cryptocurrency exchange, sometimes they go to a branch to withdraw everything. Banks don't really like either of those, so issuing checks and cashing them somewhere else is a common scheme.
Some may bounce the money through a few accounts and eventually into a business account that'll send it overseas, it depends.
The people on the ground are random replaceable idiots.
My grandmother got talked into mailing cash between the pages of a magazine. I don't really know what to say other than the format of the money doesn't matter too much, someone is going to try to scam people out of it, and the scams are going to work.
Absolutely everything: car dependency, affordable housing and healthcare, hard drugs, the environment, corporate tax evasion, energy, money laundering, immigration, good pay for nursing and teaching staff, etc.
"We can't fix X because then sector Y would suffer trillions in losses and jobs so it's best to keep the status quo and kick the can down the road."
This is a classic example of an unintended consequence of deregulation.
Normally we could petition our elected officials and get something done about it. But lobbyists have come to so completely dominate our legislative process that whole industries have effectively coopted the government through regulatory capture.
On top of that, they've hoodwinked half the population into thinking that regulation bad.
At this point, we can all remain hypervigilant and snoop on our grandparents and get sucked into various private industry scams like identity insurance. We can play games with switching carriers within the duopolies in our areas when they let scammers steal from us. We can project loudly on social media when someone across the world steals right from out of our bank accounts, and haggle with our credit card companies to charge it back and rip off some merchant so that we don't have to pay. This is how scams metastasize into protection rackets and authoritarianism.
Or we could like, make this all illegal and charge carriers directly when it happens. But that would cost rich people money. So rich people run propaganda campaigns to convince us that fines just get passed on to consumers. Which doesn't make any sense in a free market, where we could switch to a cheaper carrier that didn't get fined.
Once we see this from that meta level (that political controversy is rooted in misdirection and lies) it just gets so tiring to watch the same debates over and over. Maybe we need some rich people to step up and call out this nonsense (dragons give up their loot so easily). Maybe we need to organize and start some consumer unions that dictate to vendors how much we'll pay for their services until they shape up. Maybe we should get back to our geek roots and start a free peer to peer wireless network.
Huh, writing out this rant, I just had a thought. Where's the keystone in this? Political progress can't be hacked, so none of our instincts around quick fixes work. In other words, the half of the population that has the working solution has to somehow convince the other half to go along with it. That can be a long and painful process spanning decades.
So what does the other half want? What concession to them would result in getting legislation passed to solve this?
Anyone claiming “deregulation” for the names sake is speaking rhetoric without knowledge. Both conservative and liberal economists agree with regulation. The most conservative of economists understand the concept of externalities. Call centers bear a clear externality. The business transaction between the telecom
Company and the caller bears a negative externality on the callee who is not a member of that transaction. Conservative economists would also agree with regulation to at least impose a cost on the transaction to reflect that externality. The problem is with policy and lobbying as you stated - write your member of congress.
To comment on a now deleted post to this comment: I’m not arguing that bad regulation doesn’t exist which can perpetuate and help continue market failures. I’m arguing that good regulation is the fix to known market failures and economists on both sides recognize that.
> The most conservative of economists understand the concept of externalities.
Even conservative economists (and for that matter, also other experts) usually aren't dumb, but I've never seen one of them act on their knowledge appropriately. They all prioritize their ideology and their donors, some of them even refuse to listen to science and facts when people die by the masses.
You are confusing economists with politicians. I can point you to many conservative economists who recommend good policy - whether or not that is implemented is a different story. Economists are advisors, not decision makers, in this context.
Telcos are one of the most regulated industries in existence.
And as I point out in my sibling comment, bad regulation is the reason this problem exists: because telcos are not legally able to block most spam calls. If not for this regulation, telcos would have solved spam callers long ago by blocking suspected sources of spam. (Instead, they do work-arounds like labeling them "scam likely.")
That sounds plausible, I can understand that carriers shouldn't filter traffic, because that goes against net neutrality. So it sounds like carriers can't block traffic at their level, but can attach metadata that the end user can block. I did a quick search on how that would work and found this info from Robokiller (no affiliation):
We’re fighting behind the scenes to get government support for better fighting robocalls. The FCC’s TRACED Act is just one piece of legislation we’re behind that will increase penalties for robocallers–but there’s far more work that needs to be done.
I realized a TL;DR of my rant after writing it:
Organized crime is stealing from members of the community and the police rarely succeed in returning stolen property. The mayor claims to be trying to help, but mostly works at reelection. Half the community wants to pass a law to fine a middleman who sees crime occurring but does little to stop it. The other half claims that the law itself facilitates the crime and wants to cancel more laws. Some people hire a watchdog to prevent the crime, and that seems to work. Others feel that if the crime affects the whole community, then a solution should be part of the commons, because vulnerable and/or impoverished members of the community would be left defenseless otherwise.
I'm in that second camp. I feel that a conservative argument here is: if I have to be bothered by every little thing because the government can't do its job to defend the community and the security of its property, then that's not a republic, it's anarchy.
I gave you an upvote even though I'm going to disagree with you. In general, I'm very open-market and low-regulation - however in this particular case you're touching on the idea of a "common carrier," which is an important idea.
When you have one (or a small number of) providers, in a high-barrier-to-entry industry, that provides a critical service - this gives these providers enormous power over us if they were to refuse to do business with us or charge us higher rates. Think water, electric, shipping/postal, internet access, telco, etc.
What if the postal service decided to stop doing business with you, perhaps because of the offensive content of the letters you want to send? Or nobody will ship your merchandise because they don't approve of it? Or your internet provider cancels you? And what if there are a small number of them that collude on these bans, so now you can't even switch providers?
By designating certain industries as "common carriers" it prohibits them from denying service to anyone for any reason, except for particularly obvious, egregious and illegal reasons.
If you want to send out Nazi propaganda newsletters to people who have requested them - the US Postal Service will (and should, I believe) deliver them for you.
We should not allow telcos to decide who's calls to put through. This is a job for legislators and law enforcement, however imperfect those solutions are.
It may also be that they see this as a slippery slope of being responsible for moderating the content of phone calls, which is not a road I imagine carriers want to go down.
Congress already passed the TRACED Act. The FCC is moving relatively quickly in issuing government orders (as fast as a federal agency can move). It will take years for phone companies to upgrade to signing calls with level A attestation. Right now 20% of calls are signed and that includes level B attestation (we know the number is not spoofed but not who is using it) and level C (we only know the upstream phone company). If signing is implemented it will take more time to finally cut off non-signed calls. Tracing abuse takes time. Then robocallers can not pay fines and open another LLC. Hopefully this will reach an equilibrium like email where 99% of raw email traffic is spam but spam filters make it reasonable for individuals.
yes, that's the one. i remember the first time reading about it and thought Klingon or Elvish would have been a better choice, but alas, i'm not a linguist
> You might have telco experience, but you have no clue whatsoever about the economics of these scams.
Please watch your tone and choice of words. That sentence is more focused on defaming the OP than addressing the merit of what they said.
Furthermore, saying "it makes no difference to the scammers if they're paying 10c per minute or calling for free" shows an equally clear failure to understand the economics of these scams. The vast majority of calls made by a scammer will yield nothing. They have to make numerous calls to find the one sucker who can be convinced to turn over their financial information or mail cash or do whatever needs to be done. I don't know the exact per-minute cost at which most scams become cost prohibitive, but I'm pretty sure you'd be shocked at how little it is. If it takes 2,000 calls to find one victim, and you're paying 10 cents per call, you'll spend $200 per victim. Will you make that much back, and will it be enough to offset all of the other costs involved in trolling? It depends. But it definitely makes it less appetizing than when the calls are free.
You're correct that some of the scams yield hundreds of thousands of dollars. Like I said, I knew someone to whom that happened. However, most scammers look for smaller payouts in quantity. Think of ransomware that make it look like your computer is full of viruses just so they can "sell" the uninstaller for a few hundred bucks. There are hundreds (if not thousands) of these incidents for every one incident involving a large $100K+ payout.
It makes sense, given that people are willing to act a lot more independently (without consulting others) when only a small amount is on the line, they often won't admit to these missteps out of embarrassment, AND, perhaps most importantly, it won't raise the ire of federal law enforcement enough to be concerned about things like extradition and prosecution.
> You're correct that some of the scams yield hundreds of thousands of dollars. Like I said, I knew someone to whom that happened. However, most scammers look for smaller payouts in quantity. Think of ransomware that make it look like your computer is full of viruses just so they can "sell" the uninstaller for a few hundred bucks.
Those are the exact scammers who will get you to install teamviewer/anydesk and use it to empty your bank account, with the $100 charge just working as a distraction. You can find videos showing how these scams work on youtube.
Of course lots of people won't have $100k or even $10k in their bank account, the scammers will just send those people out to buy gift cards or similar instead of wasting their drop accounts.
Even if only one in 1000 calls returns $100k, they're still averaging $100 per call.
I think you missed the point the previous poster was making: These non-US-based scams generate a ton of revenue for telcos, which is why they are not incented to stop them.
I don't know anything about it, just trying to clarify what (I think) previous poster meant.
PaybackTony literally said "It's the biggest problem in the US because because of pricing." and went on to explain how calling in EU is much more expensive. I think it's safe to assume that he just didn't think this through.
By absolute numbers, I do believe OP is correct. In Germany, we do have a problem with phone based scams as well, but since we have modern ways of transferring money (SEPA wire transfers / direct debit) and actually useful identity cards that make opening fake bank accounts for mules very difficult, almost all scams rely on personal contact instead - the most common scheme is fake policemen, where the callcenter will call elderly people and pressure them to go to their bank to draw cash, then a "policeman" shows up at the door and takes the cash.
It costs like 100 euros to buy a fake ID that'll work at any bank in Germany. This is a bizarre trope oft-repeated on HN by techies who think that banks actually verify chipped ID cards, they do not. And even if they did, they have to accept a plenty of EU IDs which do not have chips.
Google and look at how a Greek ID card looks like, it's literally a piece of paper.
> opening fake bank accounts for mules very difficult
Are you being sarcastic? https://crimemarket.is/ ctrl-f for BD, there are literally hundreds of people offering german bank accounts.
On the same forum you will find people selling Kleinanzeigen accounts, and DHL insiders creating fake tracking IDs for Kleinanzeigen scams.
> almost all scams rely on personal contact instead - the most common scheme is fake policemen, where the callcenter will call elderly people and pressure them to go to their bank to draw cash, then a "policeman" shows up at the door and takes the cash.
This isn't true at all. Those scams happen, but they're the minority. You can search for "OB Cashing" on crimemarket, that's the term of art they use for calling up grandmothers and convincing them to empty their bank accounts.
> It costs like 100 euros to buy a fake ID that'll work at any bank in Germany. This is a bizarre trope oft-repeated on HN by techies who think that banks actually verify chipped ID cards, they do not. And even if they did, they have to accept a plenty of EU IDs which do not have chips.
I'm not talking about the eID chip, that isn't verified indeed - but at least in my experience, when opening a bank account in person, they do diligent checks, for non-German cards they even have a database how different nations' ID cards should look like and what the security markings are.
Video-Ident aka holding your ID card into your webcam is indeed vulnerable, and banks like N26 got in really hot water, which forced them to ramp up their anti-fraud measures to a degree even legitimate customers got massively impacted [1].
> On the same forum you will find people selling Kleinanzeigen accounts, and DHL insiders creating fake tracking IDs for Kleinanzeigen scams.
Yes, dark markets exist. But their scale, still, is vastly lower than the US, where you have shit like virtually all Americans' information being sold online that is necessary to open lines of credit and do other kinds of fraud. Stuff like tax refund scams or SSN's being abused by illegal immigrants simply does not exist here (again: at least not at a relevant scale), because we have modern systems in place.
> This isn't true at all. Those scams happen, but they're the minority. You can search for "OB Cashing" on crimemarket, that's the term of art they use for calling up grandmothers and convincing them to empty their bank accounts.
The classic scams are the majority, and yet even these they yield the scammers only something like 13 million euros a year [2], that's laughable compared to the amount Americans lose, even if one assumes that only a tenth of the cases gets reported at all.
And again: entire classes of scams like "I got arrested and need bail money" or "I was involved in a traffic accident and need to pay the hospital cash advance for treatment" don't work here because we don't have cash bail or bills from hospitals and people know that. If you would try this scam on any European, they'd laugh you off because they know that this doesn't exist.
>but at least in my experience, when opening a bank account in person, they do diligent checks
Most banks don't even have UV lights, not that fake IDs don't usually have decent UV markings anyway. Hardly very diligent.
>for non-German cards they even have a database how different nations' ID cards should look like and what the security markings are.
As do essentially all banks in the world, doesn't save you though. Many European IDs (Romanian, Greek for example) do not have any meaningful security features, Romanian IDs can look completely different depending on which day and which city they're printed in and there's no reference guide for this.
>Video-Ident aka holding your ID card into your webcam is indeed vulnerable, and banks like N26 got in really hot water, which forced them to ramp up their anti-fraud measures to a degree even legitimate customers got massively impacted [1].
Pretty much any fake ID that'll pass Video-Ident will generally work at the bank too.
>The classic scams are the majority, and yet even these they yield the scammers only something like 13 million euros a year [2], that's laughable compared to the amount Americans lose, even if one assumes that only a tenth of the cases gets reported at all.
This is totally wrong, there are individual people running car-selling scams on mobile.de netting more than that.
>And again: entire classes of scams like "I got arrested and need bail money" or "I was involved in a traffic accident and need to pay the hospital cash advance for treatment" don't work here because we don't have cash bail or bills from hospitals and people know that. If you would try this scam on any European, they'd laugh you off because they know that this doesn't exist.
Those scams are common in the US and UK, but they only make up a small part of the $ losses. The bulk of the losses comes in the form of people losing all of their savings as their bank account is emptied.
At one point I worked on the very systems they used (dialers, PBX, internal CRMs), with the carriers that enabled it. This wasn't an opinion of mine, I was merely passing along real-world information from someone who worked in the industry (me). Many in this thread completely underestimate the volume these centers call at. We aren't talking hundreds of thousands of minutes per month per center. We're talking millions of minutes. Cost per minute is a massive cost
even at 1/6 increments. The call center we ran, that was direct marketing / support typically had telecom bills well into the 6 figures every month at the height.
Their scams are purposefully asinine. It's not profitable to spend time and effort into tricking the wise into an unwise act. It's far more profitable searching for the unwise to act in kind. So when you throw your hands up asking "Who would fall for that!?" The answer is typically: Someone who'd be willing to buy a gift card or share bank account info. This contradicts your last point that a given locale is more or less likely to be scammed given the native language.
Language barriers are a part of the issue, yes, but these centers are capable of calling and speaking a number of languages. Cost and regulation are the big factors here. Just like any other business model. I got out of the business (telecom / direct marketing saas) right when EU started raising fees and coming down on some of the bad actors. Unfortunately for the US, that meant those bad actors focused even more in the US.
Also, the scams really aren't as profitable as you'd think most of the time. They generally can't afford more than a $50 CPA at best. Again, they have to turn heavy volume to get to their target market. They also rotate "offers". You hear about the big "wins" a lot (Grandma scammed for 50k+) but those are outliers. Typically it's $20 here, $100 there. Again, volume.
>Their scams are purposefully asinine. It's not profitable to spend time and effort into tricking the wise into an unwise act. It's far more profitable searching for the unwise to act in kind. So when you throw your hands up asking "Who would fall for that!?" The answer is typically: Someone who'd be willing to buy a gift card or share bank account info. This contradicts your last point that a given locale is more or less likely to be scammed given the native language.
You're severely underestimating the success rate of these calls.
> Typically it's $20 here, $100 there. Again, volume
This is perplexing, even the gift card scams don't target such low amounts. The only logical conclusion is that we're talking about completely different kinds of scams.
The kinds of scams targeting amounts you speak of tend to be slightly less obvious ones, selling bullshit services and actually running credit cards. These operations often aren't even necessarily criminal, beyond perhaps the spammy part.
> You hear about the big "wins" a lot (Grandma scammed for 50k+) but those are outliers.
Nah, those are the bulk of this $10B figure. Tricking a grandma to install teamviewer and emptying her account isn't much of a challenge.
Can't edit comments that old, but I feel like my first sentence was perfectly appropriate given the parents appeal to authority ("I built telecommunications systems / software for some time").
I wouldn't call that an appeal to authority? but even if it were, your comments need to follow the site guidelines regardless of what other commenters are doing. You broke them badly above.
You don't see how that's an appeal to authority, I don't see how my comment violated the site guidelines. I wasn't name-calling or swiping at anyone, I was merely refuting the parents appeal to authority.
If you tell me you don't see how "You've completely missed the mark" breaks the site guidelines, I guess I can see how that's borderline. But "you have no clue whatsoever"? That's a straightforward attack/swipe of exactly the sort you're asked not to post here!
Are you referring to STIR/SHAKEN that is a requirement and has been/is being rolled out?
I'm not sure how much was commercial benefit vs lazyness/no incentive to solve the issue directly - the telcos aren't making a lot of money on inbound calling. It's just a problem that didn't impact them directly - only their customers.
Have to touch on this as it's a common theme to my response. There absolutely are regulations. However, regulations being in place, and the enforcement of these regulations are different. STIR/SHAKEN is a requirement, however it's an easy requirement for scammers to meet. (Numbers are super cheap to buy in bulk, pennies per month typically). Sooner or later they'll run out.
The second side of the regulation miss is that carriers have to self-report much of the time. These centers pay into the 6 figures monthly to their carriers. The carriers know exactly what kind of traffic is being sent through and many times aide these scammers in shaping the traffic to look more legit. Auto-warranty scams in the past? Huge amounts of that traffic were routed through the likes of Y-Tel and a couple others. Regulators knew this but enforcement took years to happen. It's the same right now.
Lastly is the issue of what happens once enforcement occurs? The answer is not great: The scammers change numbers and keep going. They aren't local and it's not cut and dry when it comes to continuous enforcement against foreign entities. Their carriers still support them and the fines are typically less than a month's revenue from the larger outfits (think Uber).
Better meta-data helps aide robo / scam / spam blockers. IMO, we should just shut down these carriers who knowingly aide these scammers. We know who they are, they aren't hard to find.
Isn't that basically what they did? I think the FCC authorized the disconnection of a handful of service providers, and has been aggressively sending notices to others.
The telco's complacency have trained their customers to not answer the phone thereby destroying one of their primary businesses. Gen Z and Y consider it rude to call people.
I think that was true long before robo calling was a big thing.
Since texting and even back from the AIM/IRC generation - when I was in college 20 years ago, with T9, people were already primarily were texting not calling.
You've missed the legal / regulatory side of things.
Apparently this has just recently changed, but telcos are highly regulated in the US and they are legally required to execute calls placed by their customers. This means that they have to be very very sure the call should be blocked before doing so, otherwise they face legal liability. This regulatory structure means that call spamming in the US is all but legally protected.
Compare this to less-regulated email, where Gmail and other providers are free to block spam based on any reason: source ip, domain, content of the email, etc.
The reason carriers -- from the local exchange carriers and up -- ignore it is because just a single scam operation can mean 10s of thousands of dollars in volume a month, and sometimes more. Since they have to self-report for the most part they're not very incentivized to stop it. There are a few easy to implement regulatory / technical mechanisms that could nearly axe all of it, but carriers push back hard on those regulations and they never stick.
I know from experience dealing with this that it's absolutely not ignorance that's at play on the regulatory and commercial side. It's disgusting, and as fueled with greed and red tape as you'd fear.
reply