Phone Scams

Video on a How to Use a Burner Cell Phone for TDoS

Here is a video from last years DefCon on how to use a burner cell phone to generate a bunch of calls for a Telephony Denial of Service (TDoS) attack. This allows an attacker to create a virtually untraceable and highly anonymous attack. Even with a single phone, you can generate enough calls for a long enough period, to affect a small target, such as a hospital ER/ICU, small business, a small PSAP, etc.

Link To TDoS Video

Robocalls to Cell Phones

See the video in the link below. This is another case of robocalls, specifically automated debt collection calls, gaining significant national attention:

We all know that these calls are a big issue for consumers on their land lines. The robocallers, whether they are selling a product, harassing their victim, trying a scam, or attempting to get information (vishing), have traditionally targeted landlines because they have lists of numbers and because the targets can be especially vulnerable (elderly consumers).

However, we are all getting some of these calls on our cell phones. This is in violation of the Telephone Consumer Protection Act (TCPA). This document, while old, is a must read. Now it is also illegal to make robocalls to normal land lines, but I predict that robocalls to cell/smart phones will get more attention and make it likely that the victims will complain. As covered in the video, attorneys have started to notice and I predict will work to make their share off of this issue, which is only getting worse and more common. Now attorneys will only be able to go after "legitimate" robocallers. They will have equal challenges as law enforcement going after illicit robocallers or those outside the country, but there are a lot of attorneys, and between them, law enforcement, the FTC/FCC, we may see a growing civil and law enforcement response to the robocalling issue.

This will also be a boon for companies building smart phone applications to block these calls.

While this is going on, the robocallers are also increasing their call volume into businesses and enterprises. Land lines are slowly going away and the target base is getting saturated. It may be too risky to hammer away at consumers precious cell/smart phones (heaven forbid a call comes in in the middle of composing an Instagram or Snapchat message), so the logical next target will be businesses and enterprises.

Report on Fraud - Voice Has Become The Preferred Medium for Attack

Here is an interesting report on a variety of fraud issues. One thing that struck me is that voice has become the preferred channel for fraud. Voice SPAM, scams, vishing, social engineering into contact centers, etc. Voice used to be the most trusted communications medium, but now it has become the LEAST trusted. Public voice has a ton of issues - is it any wonder that users are moving to closed systems for voice and messaging???

FTC Fines Robocall/SCAM Company over $9,000,000

The FTC just fined and won a judgement against a group of companies who have been generating robocalls and voice SPAM, as part of a scam to defraud consumers. While a lot of the reason was due to the SCAM, it is also an additional indicator that the FTC is serious about dealing with the robocall issue. I would expect to see more fines and judgements, although there is no way it will stop the robocall issue. It might slow down "legitimate" and reachable companies, but not the hackers.