[HN Gopher] FCC orders phone companies to block scam text messages
___________________________________________________________________
FCC orders phone companies to block scam text messages
Author : mfiguiere
Score : 164 points
Date : 2023-03-16 18:56 UTC (4 hours ago)
(HTM) web link (arstechnica.com)
(TXT) w3m dump (arstechnica.com)
| hackernewds wrote:
| Contrarian thought, doesn't this open a can of worms where the
| government is allowed to sensor text messages under the pretext
| of some subjective "fraud"? What if tomorrow they decide that
| messages around fundraising for a particular party is fraud?
|
| I'll rather everything is delivered and then the spam filtering
| is done on the provider/device level. These kinds of things are
| usually implemented with innocuous cover and malicious intent.
| skybrian wrote:
| These are rules about what providers have to do. Also, they are
| about blocking certain unused numbers (that is, unused for text
| messages), and it doesn't seem to be based on the content of
| the text messages.
|
| Somehow the providers need to get lists of these numbers and
| it's only going to be as good as the providers' information
| sources. I suppose a government agency could put someone else's
| number on a list, but that would be rather obvious.
| rdxm wrote:
| [dead]
| WalterBright wrote:
| It's about time.
|
| I wish they'd block the Hilton Hotel roboscam. I get calls from
| them 3 times a day, all from different phone numbers in the
| state.
| qup wrote:
| > the Hilton Hotel roboscam
|
| What is it?
| function_seven wrote:
| Timeshare sales. A recorded voice starts the call with "Thank
| you for choosing (Marriot|Hilton Hotels|Hyatt)! We have an
| exciting offer..."
|
| I've been getting these for over 5 years now. Sometimes they
| pretend to be Costco as well. Same voice and inflection,
| though.
| WalterBright wrote:
| Yeah, it's a recorded voice.
|
| A phone feature I'd love to have is to push a button and an
| AI chatbot takes over, with a goal to keep the scammer on
| the line as long as possible. Their whole business model
| would collapse.
| eloisius wrote:
| Sounds like https://jollyrogertelephone.com/
| unsignedint wrote:
| The system effectively handles those calls, managing to
| keep the scammer on the line for a few seconds at a time,
| ultimately wasting their time. However, this approach is
| becoming less entertaining, as scammers appear to be
| increasingly aware of the robotic responses, diminishing
| its effectiveness.
| annoyingnoob wrote:
| I cut a ton of scam SMS messages by disabling email-to-sms for my
| phone. No more 3am porno spam from gmail accounts.
| abscind wrote:
| [dead]
| exabrial wrote:
| Sigh. FFS. I can't believe I have to say this
|
| * I really don't need nor want the government telling me who I
| can and can't receive a text from.
|
| * This is a First Amendment Violation
|
| * Turning the carriers into content moderators is a dumb idea
|
| * The carrier gets scammed way more than I do
|
| INSTEAD: Force the industry to adopt certificate based message
| attribution. Everything must be signed with a digital certificate
| at exchange points. That'll help identify the source of spam and
| that certificate can simply be ignored on the client itself.
| kristopolous wrote:
| I don't know why this is necessary to say, but scamming people
| and doing crime isn't protected speech.
| wtallis wrote:
| If you read what the article says about what exactly is to be
| blocked, you'll see that it has a lot more in common with your
| certificate-pased proposal than the first amendment violation
| you inferred from the headline.
|
| Carriers are being instructed to not deliver SMS purporting to
| originate from a phone number that carriers know is not capable
| of sending SMS. They're not being told to discriminate based on
| the content of the message or even based on the sender, except
| when the metadata about who sent the message has obviously been
| faked. Cryptographic signing is an obvious next step, but also
| unnecessary before even the most basic filtering of invalid
| spoofed data has been implemented.
| silisili wrote:
| I'm not well versed in telephony, but I've always wondered
| why after a century we still don't have something as simple
| as a three way handshake for calls/messages?
| michael1999 wrote:
| Uh, a text message is (famously) limited to 160 bytes. How are
| your going to sign this.
|
| Instead, this proposal requires that carriers verify that the
| sender block "invalid, unallocated, or unused numbers." which
| is very much like ISP egress filtering.
|
| Or forbidding IP spoofing a 1st amendment issue too?
| yjftsjthsd-h wrote:
| > Uh, a text message is (famously) limited to 160 bytes. How
| are your going to sign this.
|
| Don't sign the message to the phone, sign the connection
| between carriers.
| cptskippy wrote:
| > I really don't need nor want the government telling me who I
| can and can't receive a text from.
|
| They aren't. They're simply saying that the sender of an SMS or
| phone call cannot hide their identity fraudulently.
|
| Your argument is a bit like saying you're opposed to the
| government preventing people from creating fake IDs, fake
| Passports, fake License Plates, or fake Social Security
| Numbers.
| [deleted]
| reaperducer wrote:
| My carrier is pretty good about blocking text and voice spam. I
| hardly ever get any of those anymore.
|
| BUT...
|
| My carrier still has an email-to-SMS gateway (like people used to
| use in the late 90's), and that's how spam gets through.
| altairprime wrote:
| There's a defect in Verizon's MMS systems, that allows spammers
| to spoof MMS messages onto the network with "xyzvzw.com" as the
| domain name in the MMS packet, no phone number at all, and then
| Verizon's matching system only checks for substring "VZW.COM",
| so the invalid messages get delivered (without a source phone
| number, showing up on your phone as a text from an email
| address). Since it's processed as a system message, it's
| guaranteed delivery, and their anti-spam system can only block
| phone numbers so it's helpless too.
|
| I tried reporting this and they were incapable of responding to
| or following up on the problem report, though they did
| helpfully detail the MMS packet defects to me. Maybe one of
| their engineers will read this someday.
| bediger4000 wrote:
| Too little, too late. I hope whatever bribes the 10 Congress
| member and FCC people got to allow this to ruin texting was worth
| it.
| ChrisMarshallNY wrote:
| Good luck with that. I hope it works, but I have come to have a
| grudging respect for the ingenuity of the scammers.
|
| Lately, I have been getting a dozen or so "We've Locked Your
| Account" phishing texts per day. I will tend to get them in
| "bursts," where several come in, within a few minutes.
| 71a54xd wrote:
| Nice... by reading all of your text messages even more than they
| already do
| JamesBarney wrote:
| I don't know why they focus on texts so much more than calls.
|
| I get like 60 scam calls for every scam text. Scam texts are
| mildly inconvenient. Scam calls on the other hand are far worse.
| I get so many scam calls I don't pick up any phone numbers not on
| my contact list, and which causes me to miss several important
| phone calls a year.
| kerkeslager wrote:
| They don't. It's just that the solution to scam voice calls is
| a lot harder to implement--there's no point making rules to
| address voice calls because there is not yet the technical
| capability to follow any rules around that. The STIR/SHAKEN
| protocols which will address voice scam calls when they're
| fully deployed, but that's a fundamental change to the
| protocol, which takes time. Texts, on the other hand, can be
| text scanned independent of the number from which they
| originate, which allows for a lot of filtering.
| whalesalad wrote:
| This used to be the case for me but recently I got added to
| some kind of list and I get almost 1 SMS spam text per day,
| hardly any spam calls anymore. I usually answer them and fuck
| with the person on the other end for as long as possible so
| maybe I got blacklisted lul.
| r00fus wrote:
| I used to, but now I just have the iOS "silence unknown
| callers" unless I'm expecting urgent other random calls. It's
| been bliss.
|
| My work doesn't use my personal phone# - I know this isn't
| possible for everyone but works for me.
| dcow wrote:
| I am thinking about making the leap. If it's really an
| important message they have my email and can text.
|
| Edit: I just did. Voicemail is an option too.
| tomcam wrote:
| FWIW I seem to have reduced them to a few a week by picking up
| the call and just not talking. If it's a legit number not in my
| contacts the caller will ask for me. If it's a scam call they
| just hang up after a moment and I think they're starting to put
| me on their own do not call lists. Any chance that might work
| for you?
| CameronNemo wrote:
| I do the same. Mostly they just hang up. Sometimes they start
| threatening to take possession of the real estate I don't
| own.
| onetimeusename wrote:
| I can't help but think it's funny that scammers may have
| their own do-not-call list.
| jdavis703 wrote:
| Yes, as someone who has done volunteer telemarketing, we mark
| the call status. For example if you're angry/rude, non-
| English speaking, disconnected, etc. Campaign managers can
| then target call sheets accordingly (e.g. for a Spanish-
| speaking line, have the Spanish team do a follow up call).
| skee8383 wrote:
| Me too. i'm getting like 3 scam calls per day now. some are
| from unsuspecting work from home people that have been duped in
| being the fall guys for the scammers, i can tell because when i
| tell them what they are doing is against the law and they could
| be fined thousands of dollars for it, they immediately crap
| their pants and start apologizing.
| dboreham wrote:
| Opposite for me. Few calls these days but constant sms. Also
| calls I just never answer whereas sms I need to go clear the
| app notification status so I can detect real sms.
| paul7986 wrote:
| Indeed barely no calls yet I have that iphone setting turned
| on that all unknown numbers go to voicemail (still am not
| seeing a lot of missed garbage calls though).
|
| Lately all just getting those pointless Amazon scam b.s.
| texts that I hope the majority of the population know the
| drill.. .never open just delete.
|
| The scammers I am afraid will start to really use AI ...
| hack/monitor legions of phones ...spoof your contact list and
| call you then actually spoof the voice of some of your
| contacts. For me then I would only use something like a
| Facebook messenger set up where I only add friends I know
| already and they pass a series of questions we only know
| between each other. It's going to get worse .. thinking
| ahead.
| deathanatos wrote:
| As I think your replies indicate, it's variable. I get pretty
| much only scam calls. But my SO gets lots of scam SMSs, even
| ones targeting _my work_ , such as claiming to be from "my
| boss".
|
| I get plenty of _spam_ SMS, but they 're not technically scams.
| (...unless I suppose if you jokingly consider the GOP a
| scam...) I wouldn't mind seeing those get cracked down on. (I'm
| not registered with them, and they continue to spam me about
| political issues in jurisdictions for which I've not been on
| the voter roles for over a decade.)
|
| Also, spam SMSs trying to get me to sell my parent's home. (I
| don't think these are scams, per se, but from what I've read
| their offers aren't going to be good. Nonetheless, I'm not
| looking to evict my mother ... out of a house I don't own?, of
| course.)
|
| Finally, my hometown has apparently sold their soul ... and
| somehow my cell phone information? ... to a random private
| company. Instead of publishing WEAs like a normal jurisdiction,
| I get SMSes that have little to no context, like "take shelter
| from the storm" while it's completely sunny and the forcast is
| nothing but sun, and the radar is clear. (It took a while to
| figure out that they were warnings about a city a few thousand
| miles away, since, again ... 0 context.)
| alfalfasprout wrote:
| So many replies but few actually addressed steps the FCC indeed
| is taking. Eg; the implementation of STIR/SHAKEN:
| https://en.wikipedia.org/wiki/STIR/SHAKEN to prevent caller ID
| spoofing.
| jjoonathan wrote:
| They switched it on years ago and nothing changed, I still
| get loads of spam calls.
| kerkeslager wrote:
| Massive changes to international protocols aren't just
| "switched on".
| jjoonathan wrote:
| Two years. No change. Maybe the last bits are clicking
| into place and it'll all get better any day now. Maybe.
| Or maybe the whole effort was scuppered with a well-
| placed caveat. I hope not, but that's what I'm starting
| to fear. I'd appreciate if you could tell me what's going
| on and put those fears to rest.
| aendruk wrote:
| The FCC's statements address this:
|
| > Recipients of a robocall have the ability to either pick up
| the phone or not. But on most devices, recipients of a robotext
| see at least some of an unwanted message immediately
|
| > ...unlike robocalls, scam text messages are hard to ignore or
| hang-up on and are nearly always read by the recipient - often
| immediately. In addition, robotexts can promote links to
| phishing websites or websites that can install malware on a
| consumer's phone.
|
| And per the article this particular regulation is already in
| effect for calls:
|
| > The FCC already requires similar blocking of voice calls from
| these types of numbers.
| cronix wrote:
| > The FCC already requires similar blocking of voice calls
| from these types of numbers.
|
| In other words, it won't change anything. I still get just as
| many scam voice calls as I ever have.
| qup wrote:
| Perhaps because it's much easier to filter scam texts when you
| already know the contents before they're delivered to the
| recipient.
|
| From my own anecdata, I've received about 50/50 texts/calls. I
| also do not pick up unknown numbers anymore.
| flangola7 wrote:
| Also, filtering on a waveform is much harder than text data.
| kerkeslager wrote:
| Filtering on a waveform _that doesn 't exist until the user
| picks up the phone_ is literally impossible.
| squeaky-clean wrote:
| They should be able to recognize spoofed numbers though.
| More than 90% of spam calls I get are clearly coming from a
| spoofed number. Sometimes it's even my own number.
|
| I know the current infrastructure can't really deal with
| that, but it's because the telecoms have no real reason to
| implement it.
| doubleg72 wrote:
| What does this even mean?
| squeaky-clean wrote:
| It's hard to use automation to tell if the phone call
| you're receiving is a Medicare spam call, or a genuine
| call about Medicare for example.
|
| "I buy junk cars" is pretty easy to filter out. Nowadays
| they send things like "i/buy/any old/car Yconpro/autos*"
| (this is a real one I got 9 hours ago). But that's still
| easier to design a filter for than a phone call which
| only happens over audio.
| clnq wrote:
| How does one get this many scam calls? Is this something that
| happens in the US but not in Europe? I've not been scam called
| once in the EU and only scam-texted once or twice.
| squeaky-clean wrote:
| My phone number somehow got listed under my mother's info. I
| don't know how, but they know she's in the Medicare age
| bracket and they know she owns a fully paid of home in a
| desirable neighborhood. I get roughly 5-10 calls a day about
| these things. That's ignoring the fake bank and Amazon calls
| I get.
|
| I've also noticed answering the call makes it much more
| likely that you will receive more calls in the future. Even
| though I usually answer the call just to make them waste an
| hour talking to me as I pretend to be an old man who has
| trouble installing TeamViewer or finding my credit cards.
|
| Some of the spam groups have even blocked my number since
| I've trolled them so much. But I still get calls from their
| system, and when I answer it says something like "You have
| been blocked from contacting this number. Goodbye."
| rootusrootus wrote:
| Since your question gets asked almost verbatim every time
| this topic comes up on HN, I can help you with an answer.
| This happens both in the US and Europe. But some people, both
| in the US and Europe, get hardly any scam/spam calls. Other
| people, both in the US and Europe, get tons.
| matheweis wrote:
| Second half of the article is in fact about closing down some
| of the gaps that enable scam calls.
| itcrowd wrote:
| Recently got a US phone number (at&t), and the literal minute the
| SIM was in my phone I started getting spam texts and calls.
| Nobody even had the number yet. I assume it's either a recycled
| number or randomly-generated from the spammers' side.
|
| Anyway, I've had (still have) the same phone number for over 20
| years in the EU and have _never_ received a spam call /text.
| Zero. Nada.
|
| To me, it is baffling how all Americans have put up with this
| annoyance for decades! Finally, it seems some concrete steps are
| being taken.
| vopi wrote:
| For me, it has a been a very recent thing. A couple years ago,
| I would have had a handful a year. Now it wouldn't surprise me
| if I had a couple a day.
| tastyfreeze wrote:
| Typically it is a series of numbers. It takes virtually zero
| time for a spam bot to send to a whole block of numbers whether
| they are active or not.
| unsignedint wrote:
| It would be ideal if phone calls and SMS were based solely on a
| whitelist system, where social norms dictate that legitimate
| communication occurs only after numbers have been exchanged. This
| would prevent unwanted contact from unknown numbers. Although
| many people already disregard such unsolicited calls or messages,
| having a systematic approach would make it much more effective
| and efficient.
| rootusrootus wrote:
| Since I expect to sometimes get perfectly valid calls from
| numbers I've never communicated with in the past, I think a
| better solution would be to make the entire PSTN a fully
| audited domain where we only let people participate after a
| reasonable amount of vetting, and we maintain the ability to
| accurately track down and stop bad actors when they do make it
| past those protections.
|
| If we choose not to do that, at some point one of the big tech
| corporations will manage to get enough of a network going on
| their own proprietary equivalent service so that everyone else
| has to join or be left out. And PSTN will die. And we'll have a
| corporate overlord.
| thesis wrote:
| Great until the hospital or police or your kids friends parents
| are trying to contact you.
| unsignedint wrote:
| But then, how can you even tell if these are legit calls to
| begin with? If that "kids friends parents" know you enough to
| call you, wouldn't you have exchanged your phone number to
| begin with? Perhaps for the police and hospitals (or any
| public safety) can perhaps have additional indicators
| (provided they aren't spoofed) that can be automatically
| whitelisted.
| radicaldreamer wrote:
| How much spam is driven through Twilio and other similar
| companies?
| ents wrote:
| I had my Wordpress site SMS me a copy of each new contact form
| just as a convenience for myself via Twilio. Twilios compliance
| requirements for using SMS has become such a regulatory mess that
| I deleted my Twilio account today. I am a reasonably bright
| person and I am unbelievably confused regarding what I am
| required to do to be in compliance.
|
| I'll just use push notifications from here on out.
| mr337 wrote:
| I am in the same boat and we are transitioning to dump SMS all
| together. What a headache to ditch.
| joshstrange wrote:
| Twilio is a dumpster fire. Trying to use it 100% legitimately,
| respecting "STOP"s, and bending over backwards to comply with
| every request they've made and they still randomly block us. So
| not only do they fail at keeping spammers off their service
| they are actively driving away paying legitimate customers.
|
| I used to love them and they still might be good for a little
| personal projects (though your story says otherwise) but I
| would never pick them to use at scale. At one point they said
| they needed the /exact/ text of every message we were going to
| send ahead of time to approve before we sent it... Yeah that
| doesn't work when you send OTPs (yes, yes, I know, we have to
| have it as a fallback) or a user-specific/transaction-specific
| url. So pretty much they only thing you could send is generic
| marketing trash, cool...
| thallium205 wrote:
| You have to buy a short code to be treated well at Twilio.
| yardstick wrote:
| 6 digit OTPs? Time to send them every possible combination?
| ;)
| thesis wrote:
| You're not wrong. It's horrible. Want to hear something even
| more funny?
|
| Twilio is forcing Tollfree Number registation and their current
| timeline is 6 weeks to approve. Well a week or 2 ago they
| decided that they wanted more data than what was currently
| submitted. So everyone is currently being denied and having to
| resubmit their registrations.
|
| 10DLC / Local numbers is madness in and of itself too. Forcing
| businesses to pay quarterly fees so these poor ol' carriers can
| have more recurring rev.
| travisjungroth wrote:
| https://ntfy.sh/ is free and awesome for this purpose.
| xbar wrote:
| Thanks, Ajit Pai. Just in time.
| anon223345 wrote:
| Please do political ones too
| MBCook wrote:
| I don't think we'll get rid of legitimate political spam (no
| matter how much most people want it). At least STOP works for
| those.
|
| But hopefully these same rules will help block the political
| scam stuff. Fake announcements, wrong polling place/election
| time info, libelous stuff not sent by legitimate (registered)
| organizations, etc.
|
| It's something.
| inetknght wrote:
| > _At least STOP works for those._
|
| Hahaha no it doesn't.
| reaperducer wrote:
| _Hahaha no it doesn 't._
|
| Then change phone companies.
|
| When I send a STOP message, I get a message from AT&T
| stating that the source number is now blocked from sending
| any more text messages to my phone.
| brewdad wrote:
| I'm not sure that's the behavior I would want from STOP.
| I have certainly sent STOP requests to retailers who over
| inform me of every step along the fulfillment process and
| each overnight stop as the item ships to me. I don't want
| all that.
|
| I DO however want to receive notice when my item is out
| of stock or ready for in-store pickup if I chose that
| option.
| qaz_plm wrote:
| STOP seems to get my number added to additional lists,
| maybe by design.
| inetknght wrote:
| ...it's the same deal as replying to a spam email. All
| that automation picks up on the fact that the destination
| is more susceptible to an action than if you did nothing
| at all.
| crazygringo wrote:
| The problem is 99% of political SMS's I get are not for any
| politician I can vote for. They're almost all from random
| districts across the country.
|
| I reply STOP and that always works for each individual
| campaign organization, but the problem is there are thousands
| of these orgs.
|
| In the months before voting I'll sometimes get multiple a
| day. Ugh.
| Panino wrote:
| > The problem is 99% of political SMS's I get are not for
| any politician I can vote for. They're almost all from
| random districts across the country.
|
| I get this but via email, and they typically say it'll take
| 2 weeks or more to stop sending me this unsolicited bulk
| email. This is despite unsubscription being instantaneous.
|
| Just as an aside, since high political office is a fairly
| direct path to immense wealth, I think these unwanted mails
| should be explicitly considered unsolicited, bulk
| commercial email. This is the precise definition of spam
| and we should _treat_ it as spam and not just _think_ of it
| as such.
| JohnFen wrote:
| > legitimate political spam
|
| There's no such thing.
| rdxm wrote:
| [dead]
| wolverine876 wrote:
| Finally, law enforcement starts to enfoce the law and protect
| people. For some reason, the Internet (and adjacent services) is
| treated as a fraud free-for-all.
|
| When there's a ransomware attack or data exfiltration, nobody
| says, 'where's the FBI?'. We just accept that the Internet is
| criminal and lawless. Maybe enforcement against crypto fraud was
| the first step.
___________________________________________________________________
(page generated 2023-03-16 23:00 UTC)