Category Archives: Scams

Hacker executing TDoS attack

Experiencing a Telephone Denial of Service (TDoS) Attack

I was of late contacted by one of the largest chat line operators, and they told me they were receiving a huge number of very short calls. Since The Chatline Guide is one of their largest exposure avenues, they wanted to check if I knew anything about this. I had no idea. They then asked me to swap the numbers for new ones to check if there was any difference. And in fact, they were able to confirm that the spam phone calls were coming from the numbers posted on this site. I went online and started to investigate phone spam attacks and found out there has been many cases regarding this. In our case, a TDoS was launched against some of the major chat lines listed on the ChatlineGuide.com’s singles page.

What is a TDoS Attack?

A telephone denial-of-service also known as phone bombing or voice spam assault is one that a small number of organizations know, and many are shocked to hear they are vulnerable. In actual fact, these attacks are practically difficult to avoid. They disable phone systems, in spite of whether they are premises-based, hosted, VoIP-based or time-division multiplexing (TDM)-based.TDoS attacks are frequently part of a blackmail scheme: A person requests payment after that launches an incessant stream of calls that stop regular calls till payment is acknowledged. Ordinarily, the assaults begin and stop indiscriminately until the payment is paid. Common targets comprise government offices, hospitals, and public-welfare answering point agencies.

TDoS attacks are close to Internet DDoS attacks that topple websites with overpowering IP traffic. Every Internet-linked server is prone to a DDoS attack, as well as telephone systems. As a webmaster, I was aware of DDoS attacks I had even been a victim of DDoS attacks in the past however TDoS attacks were new to me.

TDoS bouts target phone numbers instead of IP addresses. The attack can make use of the public transferred telephone system, rather than the Internet that makes TDM tracks just as vulnerable as Voice over IP (VoIP). There are numerous methods to make calls that it is very hard to protect against this kind of assault. Calls can originate from whichever city or Automatic Number Identification, hence theres no trustworthy technique that can correctly recognize and screen fake calls from genuine calls.

The Internet makes phone bombing easy to start and make it low-cost than ever to call. All it requires is an embezzled credit card. Bear in mind, these calls do not, in fact, pass any broadcasting streams. Hence they can scale resourcefully. Joined with common methods for caller-ID hoaxing, these uncomplicated attacks can destroy a company’s communications system.

Carriers are in the same way destitute in attack deterrence and alleviation. Theres no system to block the source since it can be distinct with every call. Making use of a hosted supplier is not safe also. An assault on one firm could even impact other unconnected organizations on the same supplier when it comes to shared trunking.

TDoS Attack Mitigation

A lasting solution will involve major modifications in existing communications structures. For now, there are some ideas on how to moderate a TDoS attack. To reduce the effect of assault, it is good for a business to isolate its physical trunks into diverse groups in order that a particular number cannot link all of its volumes. As well, telecom and network engineers ought to elect specific trunks for outbound calls or make sure they arent shared with issued numbers.

In the course of a TDoS attack, it is recommended that firms make in-depth notes of the assailants’ instructions and demands. Preferably, victims ought to record all dealings with the suspects. Businesses should try to record the start and finish periods and the data from the phone calls. Logs ought to gather information for instance IP addresses and caller IDs and protect it. You should report to the police as well.

Lasting answers are being assessed. They will perhaps consist of stiffened rules directed at curbing phone bombing, along with bigger penalties for those sentenced. There are several debates around layer network developments to add more responsibility, traceability, and control in the system. There is as well a method employed by websites that safeguards sessions to licensed domains. This answer is restricted to businesses that can limit requests to and from identified parties. Hence this regrettably will not help most companies.

Some likely resolutions to TDoS attacks entail IP multimedia subsystem beckoning that is used in a good number of carrier networks. Since the attack, the phone bureaus that control the chatlines have implemented security measures to prevent this type of attack.

The vital near-term stride is to know that all establishments are susceptible and that such assaults are growing. Enterprises ought to take steps to alleviate the likely impact till a lasting solution can eradicate the threat.

High Cell Phone Bill

You got Crammed! What are those Mysterious Phone Bill Charges

Sound a little odd, no? Seriously, get your head out of the gutter. If you have been noticing a few oddities here and there when it comes to your phone bill, then someone could be doing more than just sniffing around. Generally, phone cramming involves someone placing a charge on your phone tab for a call/service you did not make or authorize. The fraud can be carried out on both home phones or mobile types. At times, the charges are so minuscule that they can be overlooked or ignored as a minor accounting error, sometimes they can be substantial.

How did we get here?

Man fainting after seeing cell phone charges In 1982, AT&T agreed that it would cease controlling the Bell System. This opened up the market for a wide number of vendors, which in turn weakened regulatory capacities across the board. Instead of having one vendor for both short and long distance calls, subscribers had to migrate to a new system that differentiated the two and allotted different points of purchase of service. In doing this, the industry opened up a chasm for unscrupulous vendors to insert charges in bills that did not exist. The problem was so widespread that by 2007,cramming was the 4th most prevalent complaint among consumers of goods and services in the USA. Apparently, it became the perfect scam because only one in 20 people can see what is coming before it gets too late. And those who notice it simply dismiss the anomaly because ‘it is just a few cents, after all’. For a long time, this crime was perpetuated by use of premium rate or 1-900 numbers because the billing was horribly complex and third-party companies could bill at rates that bounced from minute to the next. Since the scraping of these numbers, the fraud has moved on to smarter, less conspicuous ways.

But why?

When the Bell Group of companies splintered, plenty of third parties decided to offer telephone services, with AT&T deciding to specialize in international calls. As such, some of those who entered the market were not exactly looking for an honest buck; they wanted a quick ground game in the face of cut-throat competition. In a nutshell, the whole import behind phone cramming is to charge more and make a little extra over what a legitimate phone bill would bring in. Today, 20 million US residents are crammed every year, and the charged are hidden within simple names as hotline charges or even chat line services.

As indicated earlier, it turns out that only 5% of victims of cramming actually know that entries have been falsified in their bills. This happens because crammers have been doing this for decades now and have become really good at it. Basically, a billing company places small charges under the ‘miscellaneous’ section of your telephone bill. Usually, the charge is so small that you are tempted to overlook it or think that maybe you did actually access the services indicated and then forgot about it. Charges will be inflated by anything from cents to the golden cramming figure, $1.99. You can identify this type of thing by looking at the specific entries made in the miscellaneous section. If you see something put down as ‘texts’, ‘horoscopes’, ‘gossip’, ‘ringtones’, ‘love messages’, ‘service charges’, ‘voice mail’ or even ‘calling plan’, then your radar needs to immediately go up.

Real Life cases of Phone Cramming

In 2012, the Federal Trade Commission took issue with T-Mobile US where the service provider was accused allowing vendors to charge millions of dollars for services clients had not asked for. In the end, the service was ordered to pay over $90 million in refunds to disgruntled consumers.

In 2015, Verizon and Sprint were ordered to pay an mount in the region of $158 million for allowing third party billing companies to insert charges that did not exist into the bills of thousands of subscribers. A large portion of this money ($120M) went directly towards refunds to consumers.

Earlier this month, it was revealed that AT&T had agreed to pay its consumers back a total of $7.8 million in yet another cramming case.

Disputing Unauthorized Charges

You will need to take a keen look at your statements at the end of every month in order to isolate cases of cramming where they exist. Should you notice any glitch, reach out to your phone company and have them explain the basis for the charges. If the matter is settled, inform your service provider that you do not want to be tied to a third party anymore and see if they can bill you directly. If the issue is not resolved, simply file a complaint with the Federal Communication Commission (FCC). In addition, always look out for telephone services labeled as ‘free’ because most of the time, people end up subscribing for ‘free’ services, only to get billed for them at the end of the month.

The Government’s Position

Laws that look to nip this practice in the bud have been around for some time now, but the most stringent measures were introduced when the Senate Commerce Committee sat down in 2013. Previously, liability was placed at the feet of the service provider, and the third party players responsible for this sort of mayhem were basically just given a slap on the wrist, although punishment could be effected by the companies they worked under(that is, the service provider at the top of the line).

Here is a look at the measures adopted by the Federal Communication Commission (FCC) after the senate hearings:

Separation of bills

Phone companies are now required by the law to separate the bills they charge directly from the ones inserted into statements by third-party vendors.

Notifications for consumers

The FCC requires that phone companies alert users of third party services and give everyone the chance to block any services they do not need. There is also a requirement for FCC contact data to be placed on every statement and online notification. The commission also continues to exact harsh penalties on those caught in the practice.

Where to seek help for phone cramming

https://www.fcc.gov
https://www.usa.gov/phone-tv-complaints
You state’s Attorney General’s office

Key Takeaways

  • Phone cramming did not die with 1-900 numbers
  • 20 million USA residents fall victim every year
  • Only 5% of victims can actually identify instances of voice cramming
  • FCC, FTC and congress have sought to address this concern