greatvoyager
Established Member
It does get confusing and concerning when this happens. Particularly when they quote a number I used many years ago.
-
Our booking engine at tickets.railforums.co.uk (powered by TrainSplit) helps support the running of the forum with every ticket purchase! Find out more and ask any questions/give us feedback in this thread!
A scam phone calls and emails discussion.
- Thread starter S&CLER
- Start date
Sponsor Post - registered members do not see these adverts; click here to register, or click here to log in
R
RailUK Forums
Gloster
Established Member
I have had an e-mail address for years, but an iPad for only about eight months; previously I used the library’s terminals to access my e-mails. Today I received a notification from, seemingly, Yahoo Network Service 2021 saying I have two new voice messages from a YAHOO (44) 03 5778 **** number and having a button to press to listen. The small print seems to refer to Heriot-Watt University.
This is completely new to me and I can’t think of anything it relates to: nobody should have the number of my iPad (they are connected, in effect, as a telephone, aren’t they?). My inclination is to dump it unheard.
This is completely new to me and I can’t think of anything it relates to: nobody should have the number of my iPad (they are connected, in effect, as a telephone, aren’t they?). My inclination is to dump it unheard.
If it's a model with a GSM/LTE module then yes. But it will have its own number, distinct from your regular mobile. If you have a data-only plan then it probably doesn't accept incoming calls though.
Gloster
Established Member
Thanks for the answer, even if I can’t understand the technicalities. I presumed that I can’t use the iPad as a ‘phone as there is no microphone, even if it is so enabled: I have only a fairly basic contract. No need to reply, as I probably won’t understand. I just wondered if this was a new type of scam: press the Listen button and get connected to a premium-rate ‘phone line.
Basically, the cheaper models of iPad can only connect to WiFi, the more expensive models include the gubbins that allows you to insert a SIM card and use the mobile network.
If you haven't put a SIM card in your iPad mad/or don't pay for mobile access, then that message should be treated as you would a regular email. That is, open/reply if it's something you were expecting and ignore if you were not.
If you can connect to the Internet even without WiFi then it means you have a more expensive model and it will have a mobile number associated though, as I noted above, it will be different to your regular number so it's unlikely that it will accept incoming calls, and even if it does it's likely to be a spam call or wrong number.
Gloster
Established Member
Thanks. I presume that my iPad is on a more expensive contract as I had to insert what I think was SIM card (a bit of flat plastic about a quarter inch by a quarter inch) into it. I understand that if I upgrade to a larger iPad on the same contract I will switch the card to the new pad. I do know that there is no internet etc. wiring in the house and presume the signal comes straight from the nearest mast.
I do know that the iPad and my ‘phone are separate: since I lost/mislaid my original mobile they are not even on contracts from the same supplier. (After ten years I was just beginning to learn how to use the mobile without having to read the instructions each time I used it when I lost it. The replacement has the instructions of how to switch on/off, ring out, answer a call and end a call taped on the back.)
Westcountryman
Member
I don't know about an iPad, as I have a Samsung. This does not connect via phone signal, but I do have a memory card slot. The memory card is a very similar size to a Sim card, so the card inserted into the iPad could be expanded storage.
It's possible, but @Gloster says that they have Internet access without any Wifi and have a contract with a mobile company so it seems likely it was a SIM card.
swt_passenger
Veteran Member
- Joined
- 7 Apr 2010
- Messages
- 31,432
iPads and iPhones do not provide for internal expanded storage, I dont think they ever have.
Gloster
Established Member
I understand that when I upgrade to a larger iPad, the little bit of plastic will have to be taken out of the one I am currently using and put in the new one before I can use it (the new one). I won’t then be able to use the old one unless I switch the bit of plastic back, which I may do when travelling, the small being one - obviously - easier to carry.
Thanks for the advice, but we don’t want to get off the subject or I will get another telling off from the mods. This really started with me wondering whether the e-mail in #842 was a new type (if only to me) of scam. Or just a way of grabbing your e-mail address.
Last edited:
Good point!
Romsey
Member
A phone call earlier today asked "Have you got trouble with your boiler"?
Answer "yes"
"When was it built?"
"1926"
"What sort of boiler" ( Thinking that we've got a right one here...)
"Off an N15 or S15, it needs plate work around the foundation ring and new stays."
Dialling tone..........................
Answer "yes"
"When was it built?"
"1926"
"What sort of boiler" ( Thinking that we've got a right one here...)
"Off an N15 or S15, it needs plate work around the foundation ring and new stays."
Dialling tone..........................
DelW
Established Member
- Joined
- 15 Jan 2015
- Messages
- 3,875
As discussed above, your iPad will have its own phone number coded into the SIM card, used in your case for a data-only connection.
It's just possible that that phone number had previously been allocated to someone else, whose contract has now ended; and that the voice messages you're being notified about were left by another person trying to contact that "someone else". A few years ago, when travelling in South Africa, I bought a local-network SIM card to use for the time I was there, and received a number of text messages obviously intended for the previous user of its number.
It's also possible that a random dialler scammer has hit on your iPad's number, but that would be most unlikely to produce the mention of Heriot Watt University.
Westcountryman
Member
Article on BBC today. I seems to indicate that there is a possible solution to scams by number spoofing, but it may take time.
Don't trust caller ID on phones, says Ofcom
The service should not be used as a means of verifying identity in the battle against fraud, Ofcom says.
www.bbc.co.uk
Yeah. The PSTN switch-off is likely to be the next best opportunity.
swt_passenger
Veteran Member
- Joined
- 7 Apr 2010
- Messages
- 31,432
Can you summarise how changing to VoIP helps with this? For instance will a telephone user be able to turn off all incoming international or other types of calls?
Will we actually get to a state where even a legitimate business cannot easily cold call anyone, ie they’ll need another means of introduction?
Seems to me that the direct sales and marketing companies who started all this off will end up with nowhere to call. Great…
You can turn off incoming international calls today with Choose to Refuse. That won't help you with the majority of scam calls since they aren't international - they originate from an endpoint in the UK.
What PSTN switch-off *does* give us though is an opportunity to redesign how caller ID works. The current system doesn't include a mechanism for validation of the data - you can program a PBX to present almost any number you want.
A Challenge
Established Member
- Joined
- 24 Sep 2016
- Messages
- 2,823
The idea of this is not to stop cold calling (that is difficult) it is to stop number spoofing by ensuring that the person making the call has the number they are presenting as their number rather than allowing them to say they've got the bank's number, for example.
So if it won't stop cold calling what is the point? If you still need to look at your phone to see the number you might as well answer it anyway. Are people so afraid to hear a stranger's voice? That they might blurt out their bank details?
Personally I don't carry a list of the numbers of people I know in my head. Even if my phone displayed the "true" number of [eg] my bank it would mean nothing to me. And even if you don't recognise the number it could be your son or daughter in trouble and borrowing a friend's phone to try to contact you - imagine the desparation at the other end if you won't pick up.
Banning number spoofing is a red herring, and the vague promises to do so are just a sop. It would make no more than a minor dent in the massive scamming industry.
Last edited:
If you mean cold sales calls, then yes it won't do anything to stop that, but it would make a massive difference where scams are concerned.
Scams begin by convincing the mark that you are someone that they can trust. That's why scam emails fake the sender info, and why phone scammers fake the caller ID. Not to mention that an inability to fake the presentation number will make tracking the scammers much easier as well.
I agree about the email faking because the recipient has time to read it. However I don't believe that many/most people, particularly the elderly who are the main targets, will have the time or the presence of mind to check out a calling number while it is ringing or after the conversation begins. They might recognise a number if it is one of a very small circle (but my mother cannot even remember mine); otherwise they will either not pick up any call on principle, or they will hang up on hearing a stranger's voice on principle (or when they hear the usual scam openings), or they will be drawn into the conversation. Once in the conversation, scammers are skilled at keeping the victim tied in, to prevent them from summoning anyone else in the house, or checking the calling number against a phone book, for example.
My phone and address book is about 50 pages long with several entries per page, and includes banks, building societies, relatives, and people I have known over the years and only now contact with Xmas cards. Any of those could legitimately phone me any time, for example to tell me an uncle I have not seen for years has died. I am hardly going to leaf through that book to compare with the caller display every time I get a phone call, and in any case the deceased uncle's widow might be on a different number by now, and she is hardly likely to start by telling me that my PC has a virus or the £350 iPhone I ordered from Scamazon is on its way. Even after years, I would recognise her from voice and context.
Recognising a scam is obvious once you realise they are a thing. From comments in other forums it is amazing how many people are still unaware of them. Something like a government leaflet campaign would help.
WRT tracking, from your previous comments you seem to have some inside knowledge of the phone system. Assuming these scams come from abroad via the internet and enter the UK phone system at some point (presumably at the phone connection of a mule in the UK) , even if the originating UK phone number is spoofed, surely BT (or other phone company) could still determine who is making the UK connection? Or are all the local connections made with a mobile phone and the SIM thrown away afterwards?
Xenophon PCDGS
Veteran Member
If the criminal international fraternity can employ people well versed in the highest levels of telecommunications, surely BT can also work with British governmental agencies who also surely have employees of certain secret agencies of a similar high standard to combat matters once the UK mule phones are accessed. There may well be such people in Britain whom it is deemed politic not to have knowledge circulated about in the public domain.
It's actually incredibly simple. If presentation numbers are reliable then for any vulnerable person you just add contacts named "Your bank", "Your doctor", etc. to the phone so that when they get a call from someone claiming to be from the bank but it doesn't say "Your bank" then they either don't answer or give them a choice word then hang up. There are already phones on the market that will announce the name of the contact (or "Unknown name" if it's not from a contact) while the phone is ringing so they don't even need to look at a display (my parents have one).
No, there are no 'mules' involved, just one of the many VoIP gateway providers. More than likely on 100% legal commercial terms. Tracing inbound VoIP calls isn't impossible, but it can be quite time-consuming and usually requires a court order, and may require the coordination of authorities in multiple jurisdictions.
I'm not involved in any way in setting standards, but one would assume that securing the caller ID system would involve cryptographic certificates which would make it exceedingly difficult to hide the true identity of the calling party. It would be expected that any system that couldn't validate the presentation number would fail to pass it on, and the number shown would be "Unknown" or similar.
Xenophon PCDGS
Veteran Member
I wonder if I can draw a comparison to technology employed by the fraud investigation teams employed by the insurance industry. Some fraudulent claims are supposedly backed up by the usage of digitally generated photographs of the items that were supposed to have been taken a long time previous to the submission of the claim, but technology exists to give the actual date when these photographs were actually taken.
There is a little similarity in that the most commonly used image file format (JPEG) can have embedded EXIF data that records not only the date/time that the picture was taken but can also include information about the camera that was used to take the picture, the settings used and also GPS data that records the location. However, it is relatively trivial to remove/fake that data. You can try this yourself: on your computer, right-click on a .JPG photo file and select Properties then go to the Details tab. Note that you can edit many of the fields and there's an option to Remove properties and personal information link at the bottom of the window.
A well-designed caller ID verification system would not allow editing the equivalent metadata as it would be signed by a digital certificate. Only the owner of the key associated with the certificate would be able to modify the information, if anyone else tried then the signature would no longer match. Acquiring a public certificate would only be possible after providing a trusted registrar with proof of identity of the person/company requesting the certificate/key combo.
But surely we can do that now? We don't need to wait for spoofing to be banned. Is it likely that a phone scammer would know my bank or my doctor? OK, they could have a guess with a popular bank, say the Halifax (I've had them named in a scam), but would I know what number Halifax would ring me from anyway? - it would probably be different depending on the department, and it would not be the same number they publish for you to ring them.
My understanding of phone number spoofing is that they use a random UK number to cover the fact that it is really from abroad. The number is unlikely to be one you recognise anyway - it is just another unknown UK or mobile number to you. True, I have heard cases where they have first hacked into your PC or smartphone and found an address book which includes eg your doctor's name and phone number, but once they are in there you have got bigger problems than just scam phone calls. They might also, I've heard, use other random numbers within your own dialling code area, which might make you more inclined to pick up, but that would still not trigger "Doctor" on the display.
You say that scams from abroad enter by a VoIP gateway provider. If spoofing were banned, what would the un-spoofed caller display show in that case? The real orignating foreign number or the number of the VoIP provider, or something else? I'm all for banning spoofing, and can see it will be of some help, but I would not expect it to have a great impact on the problem.
The problem being that it's unreliable, since faking the presentation number is trivial.
Most large businesses use a single presentation number regardless of where the call is coming from. For example, pretty much all outbount calls from BT will present the same number (can't remember it at the moment) which, if you call it, plays a recorded message saying that BT was trying to contact you.
It is *very* uncommon for extensions connected to a PBX to present their DDI numbers.
It can be used for calls originating inside the UK as well - pretty much anytime you want the call recipient to think you are someone else.
Either the real number that the call originates from, or if they are pure VoIP calls, most likely "Unknown number" which could then be treated with the appropriate suspicion.
Xenophon PCDGS
Veteran Member
I am amazed that some of these scam agencies abroad who pretend to be BT still seem oblivious to the fact that BT always use an 0800 number and not a normal exchange landline number or a mobile phone number. Telling them that when I have been approached in the past has always guaranteed that the scammer will hang up immediately.
Despite being in my eighth decade I am quite capable of using the address book function in both my landline and my mobile which will display the name of the caller.
Don't forget that the generation that you are patronising is the one that invented the technology that we are using and discussing.
I'm 77 and a couple of hours ago I had a call saying that there had been some illegal activity using my NI number and if I didn't press 1 the police would be around to arrest me. Well I've packed my pyjamas and toothbrush and am sitting here waiting for them. I know they are busy these days but I wish they'd hurry up.