Ireland Cracks Down on Online Scammers

bizpile writes "Ireland has decided to take some extreme measures to crack down on one type of online scam. They have decided to suspend direct dialing to 13 countries (mostly South Pacific Islands) in order to halt the use of auto-dialers. The measure, announced by Ireland's Commission for Communications Regulation, came in response to hundreds of consumer complaints about the scams. ComReg acknowledges that its move is extreme but says that previous efforts to raise awareness of the problem failed to significantly diminish complaints. ComReg will keep the block in place for six months, after which it will be reviewed. All direct-dial calls will initially be blocked, although the regulator is also compiling a "white list" of legitimate numbers that consumers have requested to call."

More awareness would help too.

[mind21_98]

Wouldn't simply ensuring you have adequate virus/spyware protection help? This falls under awareness since people download things that do things totally differently than what they wanted. In extreme cases, you could remove the dialup modem and leave an Ethernet card for Internet access. In any case, blocking direct-dialing does seem too extreme.

Re:What's the scam ?

[DrSkwid]

You can't *prove* you didn't make the call legitimately.

Re:Will this ever work

[CountBrass]

Insightful ? . Note to Mod: RTFA it's not even about spamming, nor is the scam based in Ireland.

Good Idea

[XeRXeS-TCN]

It's a fairly good idea, all in all... It's kinda similar in certain respects to the way most firewalls are (or should be) configured; block all, allow selectively.

Clearly no company wants to cut into their profits, so I'm sure they very carefully analysed calls to the blocked areas over the last while, to see how many calls were made out to them. If they were used all the time by customers, they wouldn't consider it feasible to ban the entire selection.

It could be considered to be extreme, but it's certainly not any sort of censorship. They have said that they will compile a "white-list" of numbers in those territories, so if you have a legitimate reason to be calling those places, they are more than happy for you to do so. Again, just like configuring a firewall for the first time, it is a bit of a pain to allow all the things you need to, but you end up with a much more secure system.

Re:Crime costs even when it doesn't pay

[https]

99.9% of calls to these numbers are fraud. Ireland isn't stunting its telephone infrastructure in any meaningful way.

Think of this as cutting off an entire netblock for spamming. Either the guys on the other side do something about it, or their phones just stop ringing.

make such scam billing illegal

[frovingslosh]

So why not pass a law against any "automatic" payments on a telephone bill going outside the country? The end user shouldn't be responsible for this type of fraud at all, and if the telcos had to resolve any such charges themselves rather than making their cut when the end user was hijacked and scammed, you can bet they would be more motivated to clean up the system as well.

Of course, you might still need to block some popular scam countries, if only to protect the citizens from running up not insignificant long distance time charges (and you certainly can't stop the telcos from charging from long distance time, but you can stop them from charging the extra fees that motivate this problem in the first place). If enough countries got around to saying flat out that we know this is a scam and we are going to legally protect our citizens from the "fees" they are being scammed out of, then eventually the problem would go away and there would be no need to block numbers. But as long as the government sides with the crooks and their telco accomplices and allows the telcos to go after the victim in this scam, the problem will not only continue but will grow; this article is the proof of that.

What little, if any, valid charges one incurrs while calling another party by long distance could certainly be covered by other and better means than allowing it to be directly billed to a telephone number (credit card, for example). Enforcing this would be far better than exposing all of your citizens to a scam based on a flawed telco business model and blocking whole countries from your long distance system.

Personally, I wouldn't mind seeing this type of billing go away completely, even for calls within a country. But at least there is a good argument that any scammers operating this way inside a country can be caught and taken to court; which is often not the case when they are on the other side of the globe. A few simple changes to the law, such as forcing the telcos to hold any payments for several innitial months to be sure victims have time to complain about scam sites and block those payments, should be adequate to stop hit and run scammers from seting up shop in the country they plan to run their scam in. And, of course, a law should block incoming international long distance telco "special fees", not just outgoing ones.

Re:Extreme but a step in the right direction

[Anonymous Coward]

I agree. The fact is that the Internet is populated by an awful lot of people who are completely uneducated regarding the pitfalls. I know at least one person who was a victim of one of these dialers, and Eircom were only too happy to charge her the 60 euros for the price of a single call to Papa New Guinea. Frankly, innocent people were getting scammed out of a lot of money, and it had to stop. Predictably, Eircom, or Eircon as they're commonly known here, seemed happy to let it carry on, and make money out of it themselves.

Alas, the south pacific isn't a particularly well-regulated place. Its not as easy as saying "just send the law enforcement around to whatever business is doing this". I think the ComReg plan is the only practical solution available under the circumstances.

It all comes down to education.

[sofakingon]

It all comes down to education. If the people in general were more suspicious and critical of people, especially online, and new about basic security measures, this kind of thing would happen more rarely.

However, people will not "wake up" to a fact until it (A) impacts a large enough segment for the media to report on it or (B) impacts business enough to have them protect their infrastructure better and/or buy air/press time (see A above)

Government regulation is not the answer. It creates more red tape and toothless laws and raises taxes. Businesses (to include telcos, whether a state or private) should be innovative, not lobby the government to protect a broken system.

Re:Is this the proper way?

[random_culchie]

I doubt that this will have any impact on those dialers. What was the research done to determine that most of these dialers are infact dialing to South Pacific islands?

Of course it will. If the dialers can't dial these numbers the custoemr can't get ripped off.

Numerous complaints about these charges to Eircom [eircom.ie] (Our countries defacto telecomunications monopoly) have been ignored. Many customers have been left out of pocket. Thats why the usually toothless ComReg [comreg.ie] has taken action.

The best way, as a starter, would be to educate Joe average how harmful these dialers can be, and instead of going on blocking direct dialing to specific zones, wouldn't it also help much better if the user knew how to recognize, avoid, detect and eliminate such scams?

The people tha have been ripped off are generally not the tech savvy kind. They are not going to listen to this "education" anymore than they listen to traffic laws. Generally people will only care about it after they have been done over. These trojan dialers go to great lengths to conceal their presence.

See also Ireland offline [irelandoffline.com] for more info.

Re:Pin codes on international/premium rate

[LiquidCoooled]

Maybe the spyware would start displaying the following:

"If windows asks about changing dialup settings, remember to click Yes or you won't see [Insert_Celeb_Name] tits."

Its just like the websites for activeX controls, or more recently for Driver downloads.

Never underestimate the gullibility of your userbase.

All of these problems are caused by operating under Admin anyway, because if I remember rightly, you can't change things like this as a normal user.

Fix that issue and the problems will subside.

Password stealing, anyone?

[rosbif73]

OK, so the current set of scammers are probably just interested in getting money out of the premium phone line. But I assume there's a dialup server on the other end that actually provides internet access, so that people don't notice the scam too quickly.

This means they could also sniff packets to their heart's content, stealing passwords as they go...

Eircom was making more out of it than the scammers

[blorg]

Eircom (Ireland's effective telecom monopoly) had picked the dialler countries out specifically and put them in a special 'Band 13' that was more expensive than anywhere else on the planet - 360.58c per minute, *three times* the next most expensive region. However these same countries could be dialled from for example Germany for as little as 37c/minute.

So likely Eircom were paying the foreign telco a relatively small amount for completing the call, and the foreign telco would pass on a percentage of that to the dialler operator, while Eircom itself was getting the lions share of the actual call costs. If you complained, they would basically say 'you shouldn't have been visiting porn sites then'.

It was in no way in Eircom's interest to see these scams ended, and that's why it was the government regulator that stepped in to force them to block the number.

See here [comwreck.com] for some more background information. (This guy's site is a parody of the ComReg site but the information he presents is true.)

Re:Will this ever work

[frovingslosh]

If America did the same* then they properly would.. :)

*NEVER gona happen

On the other hand, if America (and maybe the E.U. too) passed a simple law stating that customers would not be responsiable for international long distance premium charges and that the government would no longer side with the telcos in giving them the weight of law to enforce these fees coming from a flawed business model against it's own citizens, then the problem would go away fast.

It might even go away faster if the government recognized that this was a well know fraud based on a flawed concept that the telcos set up and that the telcos take a cut from each time the scam gets a victim, and charged them with rackettering for letting the problem continue.

Re:A small question of freedom...

[easter1916]

Freedom, jesus, Americans bandy that word around at the drop of a hat. Calls to those nations are now placed through an operator. Where's the loss of freedom? Minor loss of convenience is all.

Doesn't this require the use of MSIE?

[Secrity]

I believe that people who use any browser other than MSIE are either much less likely or incapable of having these dialers seripticiously loaded on their computers. The article said "previous efforts to raise awareness of the problem failed to significantly diminish complaints." Wouldn't it be more effective for Ireland to simply advertise the dangers of using MSIE?

Dumb

[kieran]

the regulator is also compiling a "white list" of legitimate numbers that consumers have requested to call.

"Hello, is that Paddy? I'll give you 20 euros to try and call this number so that it gets added to the whitelist."

Automated authenticathion:

[Stephen Samuel]

Forward the call to an IVR system which says:

To complete your call dial XXX

Where XXX is a random three-digit number.

Humans will be able to respond to this. Modem autodialers will not (at least not without a huge amount of added intelligence).

BTW: I'm patenting the process :-)