Ireland Cracks Down on Online Scammers

bizpile writes "Ireland has decided to take some extreme measures to crack down on one type of online scam. They have decided to suspend direct dialing to 13 countries (mostly South Pacific Islands) in order to halt the use of auto-dialers. The measure, announced by Ireland's Commission for Communications Regulation, came in response to hundreds of consumer complaints about the scams. ComReg acknowledges that its move is extreme but says that previous efforts to raise awareness of the problem failed to significantly diminish complaints. ComReg will keep the block in place for six months, after which it will be reviewed. All direct-dial calls will initially be blocked, although the regulator is also compiling a "white list" of legitimate numbers that consumers have requested to call."

What's the scam ?

I mean I can see that if it's just to make people pay when there's no need, it'd be a real pain where it hurts, but if it's to try and collect on that money (by setting up a high-cost line then using a virus/trojan to change the settings to dial it), there must be someone making money out of it. Surely it ought to be possible to track down by the payments ?

I suppose the line owner could claim innocence, but they'd have to be damn convincing about it if lots of people suddenly start dialling this high-cost line.

Simon

Re:What's the scam ?

Tariffs are paid between phone networks, then call revenues are paid on in the receiving country to the person/entity who owns the line. That person is 'somewhere else', obviously. Chuck a few paper companies in awkward places in the chain and you're stuffed.

The telcos can't ask their opposite numbers for details, and can't refuse to pay for certain numbers either. So blocking them at root is (a) their only option and (b) a jolly good idea because all the poor buggers like my brother (who got caught for 125gbp just the other day - bloody MS insecure ^&*&^%$) would find their net connection refused and realise that they're being done.

Justin.

Re:What's the scam ?

a jolly good idea because all the poor buggers like my brother (who got caught for 125gbp just the other day - bloody MS insecure ^&*&^%$) would find their net connection refused and realise that they're being done

That's the other good thing about ADSL - I don't have to worry about shit like this. No (traditional) modem, no way it can dial out. Good job too, as in the past I've had to clean a handful of the little buggers off my girlfriend's PC.

Sucks to be caught out by this sort of thing though - hope your brother gets/got the money back.

Re:What's the scam ?

hope your brother gets/got the money back.

Not looking likely... but tell your MS-using UK friends: BT will password protect premium numbers so they can't be used by a dialler.

J.

Re:What's the scam ?

You're not susceptible to auto-diallers maybe, but with an always on connection, you're a lot more susceptible to viruses generally. Using a router with DSL or cable is a good idea, if only for the hardware firewall.

Eircom was making more out of it than the scammers

Eircom (Ireland's effective telecom monopoly) had picked the dialler countries out specifically and put them in a special 'Band 13' that was more expensive than anywhere else on the planet - 360.58c per minute, *three times* the next most expensive region. However these same countries could be dialled from for example Germany for as little as 37c/minute.

So likely Eircom were paying the foreign telco a relatively small amount for completing the call, and the foreign telco would pass on a percentage of that to the dialler operator, while Eircom itself was getting the lions share of the actual call costs. If you complained, they would basically say 'you shouldn't have been visiting porn sites then'.

It was in no way in Eircom's interest to see these scams ended, and that's why it was the government regulator that stepped in to force them to block the number.

See here [comwreck.com] for some more background information. (This guy's site is a parody of the ComReg site but the information he presents is true.)

Re:What's the scam ?

They already do delay it. There was a brilliant scam done to BT 10 years ago when premium lines first came out. The scammers got two offices, and put 20 phone lines into one, and 20 premium lines into the other. The bills for the premium lines got paid out (to the scammers) every 30 days, but the phone bills on the out going lines were payable every 90. So the scammers phoned up the premium lines from their outgoing lines & too two months money off BT.

At that point I think BT made the billing cycles the same!

Re:What's the scam ?

Physicians, Judges and Laywers across the world hear this :

Even if I am lying in a coma, I don't want my cronjobs stopped!

Yours of sound mind and body,

Dr, T. Skwid Esq. [dotgeek.org]

How to deal with Spam/Scam

Lesson One. Be a European regulatory authority!

BT, here in the UK, have been doing some similar actions recently although on a less extreme scale.(One of which is maximum cost control, they refuse to route any call where the cost is higher than the maximum cost for an inland premium-rate call in the UK).

Its good to see regulators and firms acting to protect the more clueless users from themselves, as long as it doesn't prevent people requesting a line be opened.

power of boycott

What about all those legitimate businesses that are dependent solely on Ireland for their existance? Seriously though, If more countries were like this, it would probably force the governments to crack down on scammers (or at least try to).

More awareness would help too.

Wouldn't simply ensuring you have adequate virus/spyware protection help? This falls under awareness since people download things that do things totally differently than what they wanted. In extreme cases, you could remove the dialup modem and leave an Ethernet card for Internet access. In any case, blocking direct-dialing does seem too extreme.

White lists

the regulator is also compiling a "white list" of legitimate numbers that consumers have requested to call

So what's going to stop owners of those numbers in foreign countries to send an email requesting that their number is whitelisted?

Is this the proper way?

I doubt that this will have any impact on those dialers. What was the research done to determine that most of these dialers are infact dialing to South Pacific islands? What about the cases of dialing else where and the cases in which the users have not raised an official complaint to the ISPs? What are the statistics?

The best way, as a starter, would be to educate Joe average how harmful these dialers can be, and instead of going on blocking direct dialing to specific zones, wouldn't it also help much better if the user knew how to recognize, avoid, detect and eliminate such scams?

Re:Is this the proper way?

Impact on the dialers? Hardly. Cutting into the flow of money to the scammers? Maybe a little bit. Preventing a lot of unfortunate, computer-illiterate irishmen from raking up giant telephone bills? Sure thing.

And as far as I can understand the article, thats what it's all about - not to stop the scammers per se, but to prevent people from falling itno their trap. And as such, this is a Good Thing (tm) as far as I'm concerned.

You could try to educate Joe Avrage (or Ola Dunk, as we call him), but even if you should manage that - and it ain't gonna be easy - it's all in wain when their spouse, stipid kid or geratic grandmother just 'borrows' the PC for a bit and clicks on something they shouldn't have clicked on... back to square one. Blocking whole nations like this may seem extrem, but it works. If you have a legitimate reason to call there, simply call the telco and ask them to put that number on the whitelist.

A simular sceme - allthought user-initiated - are in place in Norway. You can ask that your phone shouldn't be allowed to call abroad, except to numbers you spesifificly designates. Or you can tell TeleNor (the biggest telco in Norway) that your phone isn 't supposed to call abroad, unless you dieal a spesific code first. I had to have a collegue set that one up, since his wife was (still is, despite countless attempts at teaching her) in the habit of clicking 'yes' to everything on screen...

Easier Method

I've got a method that'd take care of the offline scammers in Ireland, too.

Declare war on the leprechauns.

You know those little fuckers are the ones up to this. God damn dirty leprechaun tricks...

Crime costs even when it doesn't pay

I think it's sad that to stop scammers Ireland has to deliberately stunt its telecommunications infrastructure. This will help stop the scams themselves and their profitability, but scamming will continue to hurt Ireland.

So what's going to stop owners of those numbers in foreign countries to send an email requesting that their number is whitelisted?

Remember that there's a step between request and approval. Ireland is clearly serious about this.

Lets loose premium rate dialup.

Why not just ban all premium rate dial up sites. They are just breeding grounds for porn sites and scams. I've yet to see a legitimate use for them. We could do without them.

If you want to charge for a service get the customer to enter their credit card details / set up an account. If you think they would be unwilling, then that speaks volumes about your business.

Per usual

Per usual you can bet that Eircom (Irelands monopolistic telco) had no plans on doing this untill Comreg (Irelands Telco regulator) killed them alittle.

Dam this country sucks so much some times :(

Pin codes on international/premium rate

Maybe Windows should make it a little more difficult to go altering dial-up settings. How many users would mind a warning message saying "a program is trying to change your dial-up".

Does any spyware/anti-virus software check this (and I don't mean check for a piece of particular spyware, but check the behaviour).

Good Idea

It's a fairly good idea, all in all... It's kinda similar in certain respects to the way most firewalls are (or should be) configured; block all, allow selectively.

Clearly no company wants to cut into their profits, so I'm sure they very carefully analysed calls to the blocked areas over the last while, to see how many calls were made out to them. If they were used all the time by customers, they wouldn't consider it feasible to ban the entire selection.

It could be considered to be extreme, but it's certainly not any sort of censorship. They have said that they will compile a "white-list" of numbers in those territories, so if you have a legitimate reason to be calling those places, they are more than happy for you to do so. Again, just like configuring a firewall for the first time, it is a bit of a pain to allow all the things you need to, but you end up with a much more secure system.

Extreme but a step in the right direction

Atleast its finally showing a government willing to do something about it. You can't just educate people overnight to become IT experts and never get fooled again by some auto dialer. There will always be people who don't understand the system they are using. Education isn't a complete solution, the telephone regulators have to step in and do something. I would actually like to see a ban on the extreme premium rate calls completely (the ones that charge about 1000% the price of the call), but still allow the double the cost ones for TV programmes to make money in their competitions/polls like who wants to be a millionaire etc.

make such scam billing illegal

So why not pass a law against any "automatic" payments on a telephone bill going outside the country? The end user shouldn't be responsible for this type of fraud at all, and if the telcos had to resolve any such charges themselves rather than making their cut when the end user was hijacked and scammed, you can bet they would be more motivated to clean up the system as well.

Of course, you might still need to block some popular scam countries, if only to protect the citizens from running up not insignificant long distance time charges (and you certainly can't stop the telcos from charging from long distance time, but you can stop them from charging the extra fees that motivate this problem in the first place). If enough countries got around to saying flat out that we know this is a scam and we are going to legally protect our citizens from the "fees" they are being scammed out of, then eventually the problem would go away and there would be no need to block numbers. But as long as the government sides with the crooks and their telco accomplices and allows the telcos to go after the victim in this scam, the problem will not only continue but will grow; this article is the proof of that.

What little, if any, valid charges one incurrs while calling another party by long distance could certainly be covered by other and better means than allowing it to be directly billed to a telephone number (credit card, for example). Enforcing this would be far better than exposing all of your citizens to a scam based on a flawed telco business model and blocking whole countries from your long distance system.

Personally, I wouldn't mind seeing this type of billing go away completely, even for calls within a country. But at least there is a good argument that any scammers operating this way inside a country can be caught and taken to court; which is often not the case when they are on the other side of the globe. A few simple changes to the law, such as forcing the telcos to hold any payments for several innitial months to be sure victims have time to complain about scam sites and block those payments, should be adequate to stop hit and run scammers from seting up shop in the country they plan to run their scam in. And, of course, a law should block incoming international long distance telco "special fees", not just outgoing ones.

Duh!

No I didnt RTFA, but it says they are banning direct dial calls, so if you want to ring someone in one of those countries, ring the International Operator first and ask to be connected. Duh!

Re:Duh!

D'oh!

That should read:

"..., please dial [random 3 digit code] now."

It all comes down to education.

It all comes down to education. If the people in general were more suspicious and critical of people, especially online, and new about basic security measures, this kind of thing would happen more rarely.

However, people will not "wake up" to a fact until it (A) impacts a large enough segment for the media to report on it or (B) impacts business enough to have them protect their infrastructure better and/or buy air/press time (see A above)

Government regulation is not the answer. It creates more red tape and toothless laws and raises taxes. Businesses (to include telcos, whether a state or private) should be innovative, not lobby the government to protect a broken system.

Not all education

People keep saying that people need to educated, which is true, but even the educated can fall over by this one.
It is very easy for you setting to be modified without knowing. Apparently most of these autodiallers disconnect a current session and reconnect without you realising, unless you have you modem sound turned on (and you might have you modem set up to auto re-dial if you get disconnected, which can be frequent with a crap service like Eircom).
I have seen this actually happen to a friends computer recently, before I heard about this, which I spent ages try to get rid of all the spyware etc off. His dial-up settings had been changed, which fortunately he noticed!
However his problem was that he kept getting virus/spyware alerts (as Norton warns you about TOO much), and a (stupid) friend of his told him to turn off the virus protection. He system was fried with crap as a result.
I agree with a previous statement that windows should alert that setting have been changed. OS X something similar by warning youthe very first time any application is launched.

Anyway, it is very easy for this to happen to you without you realising. Hopefully if you know about these things you will cop on very quickly, but not before you get a nasty phone bill.

Germany & Switzerland

In Germany dialers must be registered with the respective authorities otherwise it's illegal and the scammers are not entitled to collect anything.

If premium charges are racked up the user must physically type OK into a box before the dialer gets operative. That doesn't help too much if in addition to the dialer a troyan is sneaked into the computer that OK's it in a for the user transparent fashion.

In this case the number was shut down and the scamee mustn't pay.

In Switzerland dialers to premium numbers are outright verboten, since this year. Period.

In Denmark

The phone companies also blocked a number of countries. You can call a toll free number and
have the block lifted for free. It esentially stopped all the sacamming in one go. Those that need to do buisness with those countries presumably opened their lines shortly after (I presume that this is a very limited number of people), so the commercial impact was minimal, and the benefits maximal.

Can't they just block *modem* calls?

Telephone companies try hard to save bandwidth on overseas calls and compress them more than inland calls, but they have to detect calls to fax machines and modems, as the compression messes them up completely. So: can't they just block modem calls to these countries? It would still stop people sending faxes, but would not affect the vast majority of legitimate calls, which I suspect are plain voice calls. Or is this, for some reason, not technically feasible?

Doesn't this require the use of MSIE?

I believe that people who use any browser other than MSIE are either much less likely or incapable of having these dialers seripticiously loaded on their computers. The article said "previous efforts to raise awareness of the problem failed to significantly diminish complaints." Wouldn't it be more effective for Ireland to simply advertise the dangers of using MSIE?

Official Apology

The following was an email sent to all eircom customers(or at least everyone with a @eircom.net address


From: service.announcements@eircom.net

Dear Customer,

As part of our ongoing commitment to customer service we would like to
provide you with the following important information on Modem
Hi-Jacking.

Modem Hi-Jacking occurs when a web site you visit purposely disconnects
you from your Internet Service Provider and reconnects you to the
Internet through an international or premium rate number, which may
result in increased call charges.

Everyone using the Internet should be aware of this risk. It is a
global issue and is not confined to Ireland. eircom net provides a safe
surfing guide, which may help you reduce the risk of Modem Hi-Jacking.

Please be aware that there are also software and hardware solutions
available, which may reduce the risk of Modem Hi-Jacking. Our safe
surfing guide provides some examples of these solutions. These are
purely examples and do not represent an exhaustive list. eircom net is
not in a position to recommend a particular solution. Customers will
need to determine which one best suits their particular needs.

For further advice please visit our safe surfing guide at
http://www.eircom.net/safesurfing

Kind Regards,

Fintan Lawler

Managing Director, eircom net



This mail sounds a lot like eircom covering their own asses to me. They've regularly overcharged the numbers that dialers are calling, at over 3 a minute. I was almost caught by one of these dialer programs myself a few years back.
I logged off, left the PC to get something to eat, and then a very wierd sound started coming out of the modem. A big dialing +475 5746353735373 or something appeared on the status connection. Got freaked out at the time. Virus scanner couldn't find the dialer, so I had to desperatly altavista for an answer(didn't know about google yet). I fixed the issue but low and behold, the next bill had a big IR£3 charge for the number that the dialer connected to for about 20 seconds.

This scam has been know for a long time, radio stations are always on about it every few months. Maybe the guy on the inside got caught, because there HAD to be one unless eircom just enjoyed grossly overcharging customers. Oh well. Monopoly is as monopoly does. Still they're giving a free broadband trial now... Hmmm I wonder if I should NO CARRIER

Ha ...

It's the telco version of the USENET Death Penalty [stopspam.org] applied to a whole country :-)

And they called us vigilantes ...!

eProvisia

How am I going to contact my personal human spam filter [slashdot.org] now?

Oh, wait - I don't live in Ireland.

god forbid

people actually listen to warnings issued by IT professionals. i personally tell prople about this all the time, but they don't listen either. I've said it in a post before and here it is again.. pay attention to what you put into your computer and this will stop. a little thought on behalf of the consumer can go a long way. ireland just decided that they had to stop the bitching somehow, so they removed the problem... way to go

Dumb

the regulator is also compiling a "white list" of legitimate numbers that consumers have requested to call.

"Hello, is that Paddy? I'll give you 20 euros to try and call this number so that it gets added to the whitelist."

Diallers made in Ireland?

My sister in South Africa was caught with a whopping bill due to this scam. I wrote a long letter to Telkom, who eventually reimbursed part of her bill (but admitted no guilt on their part)

Interestingly, during my research I came across these links that indicated the diallers are actually developed in Dublin itself.

Seems like things are going full-circle here - Ireland is cutting lines to countries dialled by software developed in Ireland...
Shouldn't they start investigating the root cause?

http://www.wired.com/news/print/0,1294,36055,00.ht ml [wired.com]:
"...the company that makes and sells the dialers, in this case Dublin-based Nocreditcard.com, gets a good chunk of the profits..."

http://www.wired.com/news/print/0,1294,35627,00.ht ml [wired.com]:
"...The company behind Adultbuffet's dialer appears to be the No Credit Card Network, owned by Celtline Holdings based in Dublin, Ireland..."

Hello..

Hello, is that ComReg? I would like my aunties number to added to ther white list. The number is +475 5746353735373..

It's really an order not to bill for dialer calls

What ComReg is really doing [comreg.ie] is telling eircom that they can't charge for dialer calls. But they can't order eircom to provide free service. So they told eircom to either block or not bill. Here's the actual directive:

• The Commission for Communications Regulation directs that Providers of Publicly Available Telephone Services shall no later 04 October 2004:
• a) Suspend direct dial access to destinations listed in the attached Appendix B. The Appendix will be reviewed on a regular basis by ComReg and the network operators and amended appropriately in response to any significant changes to problem destinations; and
• b) permit direct dial access to specific telephone numbers located within the destinations referred to in the attached Appendix B only at the request of a subscriber and following the network operator having verified that the requested telephone number is a legitimate service only or
• c) As an alternative to only permitting direct dial access in accordance with paragraph b), above, providers of publicly available telephone services can choose to no longer charge any consumers for unauthorised call charges arising from Autodiallers.

It's only for six months, until they figure out something better.

Automated authenticathion:

Forward the call to an IVR system which says:

To complete your call dial XXX

Where XXX is a random three-digit number.

Humans will be able to respond to this. Modem autodialers will not (at least not without a huge amount of added intelligence).

BTW: I'm patenting the process :-)

Re:Will this ever work

Does anyone think this approach will ever work. The spammers will just jump ship - or Ireland in this case - to a new base of spam.

Did you even RTFA? The spammers are using islands in the South Pacific to extract money from phone calls originating in Ireland. Direct-dialling from Ireland to these locations has now been suspended.

Re:Will this ever work

Try reading the article. This isn't a spam issue, it's a premium rate dialler issue. If they move operations in a big way, then Ireland can react in the same way. To be honest, I can't imagine the loss of Ireland will make them want to move...

Re:Will this ever work

If America did the same* then they properly would.. :)

*NEVER gona happen

On the other hand, if America (and maybe the E.U. too) passed a simple law stating that customers would not be responsiable for international long distance premium charges and that the government would no longer side with the telcos in giving them the weight of law to enforce these fees coming from a flawed business model against it's own citizens, then the problem would go away fast.

It might even go away faster if the government recognized that this was a well know fraud based on a flawed concept that the telcos set up and that the telcos take a cut from each time the scam gets a victim, and charged them with rackettering for letting the problem continue.

Re:Will this ever work

Insightful ? . Note to Mod: RTFA it's not even about spamming, nor is the scam based in Ireland.

Mod parent down: this is not a spam issue

It's a phone dialler problem.

I also live in Ireland, Eircom not to be praised

Those bunch of muppets Eircom deliberately grouped the specific countries in question as "Pacific Islands" (even including one or two west African countries) in a certain tariff band. They then racked up the prices for this band. As it was merely international rate, not a premium rate (we have 15xx regulated premium nos.) people could not have it blocked.

My guess is the business that lost 12,000 and others complained to ComReg (the regulatory authority).

Re:Will this ever work

If they quit annoying us Irish people, then I'll be perfectly happy for them to jump ship elsewhere :-P

Re:This is Ireland, and I live here ...

And no one who uses a computer in this country is intelligent enough to actually know what a Dialer is.

Indeed, whereas everyone who uses a computer in other countries has a PhD in computer science.

Re:This is Ireland, and I live here ...

I would contend that the majority of the population of this country (or any other) is intelligent enough to know what a dialer is. The problem is that they are not knowledgeable enough to know what it is, nor should they be required to be.

Re:This is news?

Sucks to be you if you have relatives there.

They're only blocking direct dial calls. If you've got relatives in those countries, then you'll probably be using a calling card, as these countries are damn expensive to call through the standard phone companies. Otherwise you can always go via the operator, like in the old days.

Re:This is Ireland, and I live here ...

no one who uses a computer in this country is intelligent enough to actually know what a Dialer is.

There is an element of truth in this: obviously enough people who got caught by pr0n dialers to complain to Telecom. But this reaction is merely a case of protecting people from themselves -- it won't hurt the pr0n merchants, who will always find another way.

There are some people who would prefer the Internet to auto-cull itself. Those users who were careless or unknowledgeable enough to get scammed will panic and stop using it.

And then of course there are those people who actually see pr0n dialers as a valuable service resource :-)

The best cure for seasickness is to go and sit under a tree. [Spike Milligan]

Re:A small question of freedom...

Freedom, jesus, Americans bandy that word around at the drop of a hat. Calls to those nations are now placed through an operator. Where's the loss of freedom? Minor loss of convenience is all.