One opinion we’ve expressed quite strongly before on Naked Security is, “Don’t mess with crooks.”
There’s a school of thought, for example, that comes up every time we write about those odious fake support calls.
That’s where some bloke – at least, it’s been a bloke in every instance of which I’m aware – calls up out of the blue to threaten you with some kind of trouble if you don’t pay him rather a lot of money to permit him to login remotely and pretend to remove a virus infection you don’t have.
Some people are adamant that if you want to serve the community, you’ll keep the caller on the line, stringing him along with feigned misunderstandings and made-up incompetence before finally and triumphantly saying, “I’m running FreeBSD, does that make any difference?”
We think our advice is safer, and serves the community better: just hang up at once.
The caller knows your phone number; if his boss acquired your number from the cyberunderworld via a data breach, he might even know where you live.
Anyway, you know one thing for sure, namely that he’s a crook, and so is his boss.
A similar dilemma exists in the “sport” of spambaiting, which is where you deliberately reply to scammers who contact you by email and lead them on, eventually winding them up by getting them to do something demeaning or insulting (usually with photographic evidence) to prove their commitment to your mutual investment.
We implore you not to do this, either.
Firstly, you are dealing with crooks, so this isn’t really the place for childish jokes; secondly, if you lower yourself to someone else’s level, you don’t make yourself look better. (As my aunt would have said, “If you lie down with dogs, you get up with fleas.”)
So, we’re feeling a bit conflicted about telling the story that’s coming up now.
But here we go.
A chap in the USA called Roger has set up a website and a phone service called the Jolly Roger Telephone Company.
Very simply put, if an annoying telemarketer [that’s a tautological pleonasm – Ed.] gets you on the line, you forward the call to Roger’s answerbot at +1-214-666-4321.
And that’s the end of that :-) (Except for the cost to you of the call forwarding.)
Roger’s answerbot isn’t demeaning; it doesn’t make false promises to lead the caller on; it’s about as unthreatening as you can imagine; it’s surprisingly simple; it’s very effective; and it is very, very funny.
Try calling the rogerbot yourself and pretending to sell it something.
Your money back if you don’t laugh for 60 seconds; double your money back if you can keep going for a full five minutes!
If you live in a country with a Do Not Call register that actually works – Australia and the UK are examples – we recommend getting yourself on the list, and then making a point of reporting companies that call you anyway. You don’t have to tell them that you’re dobbing them in (unless you want to), but by reporting their number to the regulator, you help to establish the point that unwanted calls are an offence, figuratively and literally. By the way, especially in the UK, watch out for unwanted callers offering to sell you a Do Not Call service. The irony sounds obvious, but many people have been tricked. Report them to Action Fraud UK instead.
Phil
“If you live in a country with a Do Not Call register that actually works – Australia and the UK are examples – we recommend getting yourself on the list, and then making a point of reporting companies that call you anyway.”
The TPS of which you hint doesn’t “actually work” at all. The companies which call despite registration rarely give correct, traceable company names; they use disposable outbound phone numbers or call from another country; and if you do get the right name & number and report them, TPS will email back in a week’s time saying the company deny calling you – tough.
Nice idea, but it only works in big cases.
Paul Ducklin
I have been in the UK only a short time. I was astonished at how much voice spam I got from the day I got my UK SIM card. Within two weeks, I just stopped answering calls unless they were reported as coming from towns I had actually visited at some time in my life. I asked Sophos to register me with the TPS some time late in December 2015. Those calls fell off, and have now stopped. It’s been about two weeks since I got one. It may not stop the arrant crooks, but my own evidence is that it has had a very positive effect.
Post hoc, ergo propter hoc. See, PROOF :-)
Shiny
I used to be a manager for a call centre…which I’ll point out I am not now and never would again as I despised their practices. My integrity saw me out of that job. The fact you may have got a new SIM card doesn’t mean it’s a new number, it may be an old number recycled that a company hold. These companies don’t care who had the number before, who may or may not have asked for calls. The scary bit people may not know, but will understand when they realize these companies sell on their data to 3rd parties is this. It may start with a name and number, but that’s pulled from data sets and list such as who may have PPI, therefore giving away the person may have had a loan or put in for one, sometimes with the lenders name in with the data. This then means cybercriminals could call knowing the person’s name, address and state they are calling from a company or lender the customer would think legitimate. If customers answer even trying to put callers off anything they say gets recorded, such as moving house, someone ill, having a new baby. This all adds to building a picture of the customer, which sold on and on means each buyer that gets the data gets a more and more complete picture. I’ve even seen data about conversations about a dog having puppies with the dog’s name and email address. Email address and dog’s name possibly as a password would be a good start at hacking accounts such as Paypal etc. Security isn’t key to these companies either so if the data gets breached there could be large amounts of information a crook could use. Tell telemarketers nothing.
The companies use geo dialling so it always shows as a local number to the customer who then can’t call back as that number doesn’t exist. I have to agree with you here even though TPS isn’t 100%. Register with TPS and hang up straight away on telemarketing calls, give them no details about you at all. Better still tell them it’s the wrong number. Most software diallers when wrong number is clicked with suppress or remove the number from the system. Playing with telemarketers just confirms who you are and the number is live and may inadvertently give them other information they can extract from things you say without realizing. The advice for telemarketing calls is register with TPS, say wrong number and put the phone down.
Paul Ducklin
It wasn’t a new number…just new to me (I didn’t make that clear). I assume that is why I was on so many lists already.
Of course, I can’t prove that TPS (Telephone Preference Service, the UK’s “do not call” register) made the difference. Maybe the previous user of the number used to answer everything and when that dried up the various telemarketers figured, “No point in calling any more.”
But many of the calls were bots, so I consider that unlikely :-)
I suspect that TPS made a difference, by giving the operators who want to comply with the letter of the law a reason to stop calling. I’m not so naive as to expect TPS to stop everything, such as fake support calls originating overseas, but I have convinced myself that it helps.
Laurence Marks
Duck wrote “Post hoc, ergo proper hoc.”
It’s “propter hoc,” not “proper hoc.” Were you sleeping in 3rd year Latin?
For the Latin-illiterate, “After this, therefore because of this.”
Paul Ducklin
It was a typo. Sorry about that. I’ll fix it, thanks. (Hahaha, just discovered I made the same typo in an earlier comment on a different article :-)
Tom
I live in the US and have a cheap answering machine with the default, somewhat robotic sounding message, which seems to work in deterring telemarketers et al. from leaving a message. So there’s no, “hi this is Bob… and Mary, please leave a message.” I hope this doesn’t make me seem too unusual, but most telemarketers are just trying to make a living, this is their job, I don’t really want to talk to them, but I don’t hate them.
I’ve never had an IRS or computer scam call, but your is quite sound, they may have more information about you than you think. I work for a small local government agency and am aware of the kind of information that is considered public, though it does not usually come up in a Google search, I think that’s considered deep or hidden Web. When I tell this to students in a computer security class I teach, many of them cringe.
Tom
I have considered replacing the default answering message with the numbers station recording where the Lincolnshire Poacher plays and the voice recites some numbers, it’s sufficiently creepy to deter most people.
Clifford Jones
Short wave listener here, too. ;) The numbers all have a Hispanic accent these days. I miss “The Reds…” (and BBC went bye-bye too, what’s up with that?!)
Paul Ducklin
I think you’ll like this, then:
https://nakedsecurity.sophos.com/2014/05/05/weird-and-wonderful-the-webdriver-torso-mystery-videos-explained-and-remystified/
We made our very own YouTube Numbers Station, called Sierra November Sierra :-)
Shiny
Oh I really like that idea. or the chinese woman in sythnesized voice to make it more creepy. 1,2,5,7,6…4,6,9,7,8..0, 0, 0, 0, 0, 0.
Stefan
Telemarketers and vendors don’t leave messages in my experience. What are they going to say?
BEEP: “Hi Tom, I’m a really annoying person from ACME Corp whos job it is to phone you and annoy you and try to get you to buy things you don’t want. Then after that, I will continue to try to convince you that you need my over priced widgets. I will also continually fail to pickup on social cues which indicate that this conversation is over. If you could phone me back some time today, I would like to annoy you by giving you a sales pitch on my over priced widgets that probably don’t work.”
I deal with vendor calls on a daily basis. Using an answering machine to screen calls from area codes you are not expecting a call from is a great screening method. If it is important, they will leave a message.
Anonymous
I was called by a woman who wanted me to give over control of my PC to her to fix my ‘serious problem’. So, not just blokes!!
Dee
I live in the UK & have registered with the TPS but occasionally still get calls. I used to tell them that I don’t have a computer but they ignore that & tell me to get my laptop out, I have asked them whether a laptop is a computer, then they give up with me but, a more effective way of getting rid of them, is to tell them that I have to inform them that I am recording the conversation. They then disappear with the speed of light.
Martin
My late dad used to LOVE getting telemarketing calls.
He would listen to the sales pitch, responding appropriately to questions. Then, as the telemarketer went for the close, my dad would interrupt.
“You ARE going to help me pay my phone bill this month, aren’t you?”
(sputtering sounds of confusion)
“Well the way that I figure it, if you’re going to use MY phone line for YOUR business purposes, then you should pay part of my phone bill.”
(click-buzz)
Yep, the telemarketer would hang up on him, and my dad would get quite a satisfied chuckle out of it.
RocRizzo
I just record the IC SIT tone as the first thing on my answering machine. It tells the telemarketer that the phone is disconnected. I follow it with my normal message. I haven’t has a problem with this method in 20 years! (Just look up SIT Tones on Wikipedia for your own copy)
Clifford Jones
I inadvertently shorted one of the inputs on the op amp in my old answering machine, it distorts the output to where it sounds like HAL singing “Daisy.” I run the stock message and it’s either humorous (if you know me) or downright creepy. (if you’re a telemarketer)
Very few calls make it all the way through to the beep. I’ve compared the phone’s logs to the the number of messages registered on the answering machine and I see less than one in ten callers have listened to the whole thing. A lot of the messages that do get left start off with the caller laughing.
I always tell people to hang on to “old” technology, you never know when it might inadvertently be the answer to a new problem. Added bonus: it isn’t blathering your every move over the “internet of things.” (I read an article yesterday titled “the police will subpoena your toaster”)
I agree with the advice, leave taunting telemarketers (you never know if they’re legit, so treat them all the same) to the professionals, but I have to admit I have a deep appreciation for this sort of humor.
BTW Mr. Ducklin, thanks for the trip abroad. I enjoy translating your writing into English.
AlphaCentauri
I’m in the US, and it’s impossible to report most of the DNC violators, because they spoof their caller ID.
I’m about ready to include the sound of touch tone number tones in my voice mail outgoing message, so the robocalls all connect to a human when I’m not home/not answering. I’m guessing it costs them more money if someone actually pushes “1” and they have to pay an actual English-speaking person to take over the call. If enough people did this it would make robocalling much less profitable.
Phil
Yeah, I tried that – “Press 9 to opt out” or “Press 5 to speak to an agent” type thing.
Of course, it indicates that you’ve a valid number; and you usually get a message along the lines of “There’s no-one available to talk right now, we’ll call you back.”… Then when they do, they claim they can’t remove you from the list, as you actively invited that call.
Bill
“Only a third of “nuisance” calls are blocked by a service that allows individuals to opt-out of marketing calls, research has found.”
http://www.bbc.com/news/business-28463523
Paul Ducklin
To be fair, that article was about 18 months ago, and the UK regulator seems to have got tougher since then, with some serious fines dished out lately. Also, that article includes calls that are technically legal because the recipient opted in. I’m not excusing the practice of calling people who clearly don’t want your calls…just saying, “Watch those tick-boxes like a hawk!”
pat
I just pretend I am a senior citizen who only speaks Spanish.
No ingles?
Works like a charm.
RichardD
On my landline, I’ve got a handset that lets me block calls from unknown, withheld, foreign and explicitly blocked numbers. White-listed numbers get through straight away. All others have to state their name and press a key before the phone will ring, which effectively blocks robo-callers.
I used to get several telemarketing calls a week. Now I don’t get any. I occasionally see a “missed call” notification, but when I Google the number, it always turns out to be associated with a scam.
Samantha Allen
Ditto @ RichardD – I too am signed up with TPS, and even though there was a drop in spam call volume, it certainly wasn’t eradicated. So I splashed out on one of BT’s smart handsets with call blocking functionality – I would say it’s screening on average between half and a dozen calls per week, just checked and last Thursday there were two, none Fri/Sat/Sun/Mon (amazing!) and two today!
Anonymous
My mother tried to call me last weekend but mis-dialed. The chap on the receiving end tried to walk her through triage on a dead power supply. Good times…
Dean Moncaster
I once got a call from some woman who tried to sell me life insurance, she said i could have it for a one month trial. I said…what possible use is that? “if i die during the trial i am going to be dead and not give a crap whether your service is any good or not. If i do not die I won’t get to test your service or insurance thus it is a waste of time” she then tried a bit hard to sell it and i replied “which part of no do you not understand, the n or the o?” she then gave up.
River Dweller
OMG! Jolly Rodger is so funny! If I was telemarketer there would be an eraser burn where the targets phone number was! But will it work on the annoying robo calls?