Scammers and rogue callers – can anything ever stop them? – Naked Security


Scam calls are a nuisance at best, because they’re intrusive, and a social and financial evil at worst, because they prey on those who are vulnerable.

You probably get dozens or hundreds of them a year, often in waves of several a day, where the caller claims to be from Amazon (about a credit card charge charge that doesn’t exist), from Microsoft (about a computer virus that isn’t there), from the police (about a copyright infringement you haven’t committed), from your bank (about suspicious transactions that haven’t actually happened), from the tax office (about penalty charges you don’t owe)…

…or from any of a number of sources that fraudulently put you under pressure to agree to do something you later regret, such as transfer money from your bank account, hand over personal information such as passwords or payment card details, or install malicious software that lets the scammers remotely rummage through your computer.

Scammers of this sort are typically based in high-pressure criminal call centres outside your country, but they make use of internet-based calling services that costs pennies a minute to make calls anywhere in the world, yet show up on your phone with a local number to give them an air of legitimacy and traceability.

Not quite a scam

Sometimes, however, the callers aren’t quite scammers, and they really are based in your country, working for a registered company, calling from a number that really is local.

They might be promoting a legitimate service, such as something environmental to do with green energy, roof insulation or double-glazed windows, but they may very well call you against your will, even calling you repeatedly after you ask them to stop doing so, use high-pressure sales tactics, and make disinguenous or even dishonest claims to legitimise their calls.

We receive a lot of unwanted calls, and although outright scammers (those who have nothing real to sell and nothing even vaguely legitimate to offer) outnumber the “chancers”, we nevertheless still get plenty of calls that genuinely do originate locally, and represent local registered businesses claiming to be operating lawfully in this country.

We’re on our local equivalent of the national Do Not Call list (known in the UK by the very bland and neutral name TPS, short for Telephone Preference Service, as though anyone would ever prefer to opt into this stuff), so none of these callers, whether they’re outright cybercriminals or just local telesales chancers, are supposed to be calling at all.

And that raises two related questions:

  • Is it worth reporting the outright scammers? They’re almost certainly outside the jurisdiction of your own authorities, and even if they get kicked off their current internet phone service, they’ll soon be back via another one. The names of the callers are fake and they don’t work for the companies or organisations they claim anyway. Why report them if nothing is ever likely to come of it?
  • Is it worth reporting the local chancers? Given that they know they can be traced, and aren’t really trying to hide, it often feels as though they must have some sort of regulatory cushion. Certainly they sometimes couch their calls as though they’re part of an official government programme, to give the impression that they’re entitled (or even required) to call you. Why bother to report them if they’ve got an apparently valid cover story?

Report rogues if you can

The answer to both the questions above is, “Yes, it is.”

To be clear, we’re not suggesting that it’s your civic duty to report every scammy or dubious call you get, because even in countries where call reporting has been made very efficient, it does require you to record the caller’s number, write down as many details as you can remember, and then go to a website to input all the offending information.

Doing that every single time you get an unwanted call is an undertaking most people simply don’t have time for.

But if no one ever says anything, then something you can be sure of is that the regulator in your country will be able to do nothing.

On the other hand, if enough people do take the trouble to submit reports, then regulators will sometimes be in a strong position legal position to do something, even if it feels rather modest compared to the scale and efforontery of the operators they’re acting against.

For example, the Information Commissioner’s Office (ICO) opened its account for this year’s Cybersecurity Awareness Month with enforcement actions against four British peddlers of allegedly environment-friendly products and services: Posh Windows UK (fined £150,000 for calling nearly half-a-million “do not call” telephone subscribers), Green Logic UK (fined £40,000), Eco Spray Insulations (fined £100,000), and Euroseal Windows (fined £80,000).

These fines (or, more precisely, monetary penalties) may seem very modest, typically clocking in at well under £1 for every person who was illegally called, but they do at least make a point that companies who don’t play by the rules will be punished.

We also suspect, or at least hope, as more and more fines of this sort are issued and publicised, that the excuse that a company “didn’t knowingly set out to violate privacy regulations by making unlawful calls”, or words to that effect, will carry less and less water…

…and that more and more victims of this sort of call will be willing to provide evidence to the regulator to follow up on complaints.

For example, in one of the cases linked to above, the ICO’s rebuttal of the company’s claim that it had acquired consent via in-person house visits was greatly helped by a complainant who reported:

[The claim that I gave my details to a canvasser who called at the house] is totally fictional as I always send door to door salesmen packing, especially double glazing salesmen. I am not sure where they have had my land line number from. I asked them several times to remove my details from their database. They continued to phone me on several occasions and every time I asked them where they had got my details from…

Likewise, even if there is little that your regulator can do directly to prosecute pure-play scam callers from other countries, regularly reporting offenders does at least draw attention to the internet telephony companies who are happy to provide services to these scammers.

Ultimately, this may occasionally turn up enough evidence about the clients of the service provider to persuade the authorities in the country where the scammers are based to investigate at their end, and to tackle the scammers in their home jurisdiction.

What to do?

Here are links for reporting rogue calls in a selection of countries:

Report in the US:
Get on the US “do not call” list:

Report in Canada (English):!/
Get on the Canadian “do not call” list:

Report in the UK:
Get on the UK “do not call” list:

Report in Australia:
Get on the Australian “do not call” list:

Get on the blocklist and report in France: