Strange call from me to me

classic Classic list List threaded Threaded
29 messages Options
12
Reply | Threaded
Open this post in threaded view
|

Strange call from me to me

Tori Hernandez
Hello. How can I receive a call on my iPhone from my same iPhone number??

The caller said something that I can't recall now and that he wanted my last 4 digits of my SSA #. The call appeared to be a recorded call.

I quickly ended call but recd another call with no response this time.

I decided to shut down my iPhone and waited a few minutes before I restarted my iPhone.

Has this incident happened to anyone?


Tori


____________TidBITS Talk Participation Guidelines____________
Post only when you have something substantive to contribute.
Be polite and constructive, and comment on posts, not people.
Quote sparingly, if at all. We all read the previous message.
Start threads with a new message to [hidden email].
Read archives at: http://tidbits.com/pipermail/tidbits-talk/
Unsubscribe at: http://tidbits.com/mailman/options/tidbits-talk
____Mailing List Manners: http://tidbits.com/series/1141 ____
Reply | Threaded
Open this post in threaded view
|

Re: Strange call from me to me

Brian L. Matthews
On 9/29/17 11:09 PM, Tori Hernandez wrote:
> Hello. How can I receive a call on my iPhone from my same iPhone number??
Caller ID is trivially spoofable, so someone called you and said to
report the originating number as being yours. I'm kind of baffled as to
*why* someone would do that, but the *how* is pretty straightforward.

Brian


____________TidBITS Talk Participation Guidelines____________
Post only when you have something substantive to contribute.
Be polite and constructive, and comment on posts, not people.
Quote sparingly, if at all. We all read the previous message.
Start threads with a new message to [hidden email].
Read archives at: http://tidbits.com/pipermail/tidbits-talk/
Unsubscribe at: http://tidbits.com/mailman/options/tidbits-talk
____Mailing List Manners: http://tidbits.com/series/1141 ____
Reply | Threaded
Open this post in threaded view
|

Re: Strange call from me to me

@lbutlr
In reply to this post by Tori Hernandez
On Sep 30, 2017, at 12:09 AM, Tori Hernandez <[hidden email]> wrote:
> Hello. How can I receive a call on my iPhone from my same iPhone number??

Because CallerID is trivially spoofable.

> I decided to shut down my iPhone and waited a few minutes before I restarted my iPhone.

That will have no affect on spammers calling you except for the brief period your phone is powered off.

> Has this incident happened to anyone

I haven't had it be the exact number, but matching the first six digits of a ten digit number is very common.

My default ringtone is "silent" and I do not answer any calls from numbers that are not in my contacts list (with very few exceptions).


--
Apple broke AppleScripting signatures in Mail.app, so no random signatures.




____________TidBITS Talk Participation Guidelines____________
Post only when you have something substantive to contribute.
Be polite and constructive, and comment on posts, not people.
Quote sparingly, if at all. We all read the previous message.
Start threads with a new message to [hidden email].
Read archives at: http://tidbits.com/pipermail/tidbits-talk/
Unsubscribe at: http://tidbits.com/mailman/options/tidbits-talk
____Mailing List Manners: http://tidbits.com/series/1141 ____
Reply | Threaded
Open this post in threaded view
|

Re: Strange call from me to me

Marilyn Matty
In reply to this post by Tori Hernandez

> On Sep 30, 2017, at 2:09 AM, Tori Hernandez <[hidden email]> wrote:
>
> Hello. How can I receive a call on my iPhone from my same iPhone number??

Con artists who know what they are doing can fake caller ID info; combined with robocalling, phishing has become a major global industry.

>
> The caller said something that I can't recall now and that he wanted my last 4 digits of my SSA #. The call appeared to be a recorded call.

From what I've read, there has been a recent uptick in spam calls in the US related to weather related tragedies. Because a lot of people know not to pick up calls from numbers or ID info they do not recognize, faking a recipient's phone number unfortunately seems like a good strategy to up response rates.

Something Mac related to keep in mind - the new Apple Pay money transfer feature can be a windfall for evil scammers.


Marilyn



____________TidBITS Talk Participation Guidelines____________
Post only when you have something substantive to contribute.
Be polite and constructive, and comment on posts, not people.
Quote sparingly, if at all. We all read the previous message.
Start threads with a new message to [hidden email].
Read archives at: http://tidbits.com/pipermail/tidbits-talk/
Unsubscribe at: http://tidbits.com/mailman/options/tidbits-talk
____Mailing List Manners: http://tidbits.com/series/1141 ____
Reply | Threaded
Open this post in threaded view
|

Re: Strange call from me to me

Tori Hernandez
Thanks to all. I picked up the call because it was very strange and illogical to get a call from ME! I don’t understand how this spoofing can happen and then to ask for my SSA # is so unsettling.


''A person often meets his destiny on the road he took to avoid it.''
Jon Fontaine




Tori Hernandez
415 272 1944

PO Box 926 • Larkspur, ca • 94977
*. . . . . . .*. . . . . . *. . . . . . *. . . . . . * . . . . . .*. . . . . .*. . . . .

mac specialist • Troubleshooting, Training & Design

LIKE ME
http://www.facebook.com/petsformarin




On Sep 30, 2017, at 5:18 AM, Marilyn Matty <[hidden email]> wrote:


On Sep 30, 2017, at 2:09 AM, Tori Hernandez <[hidden email]> wrote:

Hello. How can I receive a call on my iPhone from my same iPhone number??

Con artists who know what they are doing can fake caller ID info; combined with robocalling, phishing has become a major global industry. 


The caller said something that I can't recall now and that he wanted my last 4 digits of my SSA #. The call appeared to be a recorded call.

From what I've read, there has been a recent uptick in spam calls in the US related to weather related tragedies. Because a lot of people know not to pick up calls from numbers or ID info they do not recognize, faking a recipient's phone number unfortunately seems like a good strategy to up response rates.

Something Mac related to keep in mind - the new Apple Pay money transfer feature can be a windfall for evil scammers.


Marilyn



____________TidBITS Talk Participation Guidelines____________
Post only when you have something substantive to contribute.
Be polite and constructive, and comment on posts, not people.
Quote sparingly, if at all. We all read the previous message.
Start threads with a new message to [hidden email].
Read archives at: http://tidbits.com/pipermail/tidbits-talk/
Unsubscribe at: http://tidbits.com/mailman/options/tidbits-talk
____Mailing List Manners: http://tidbits.com/series/1141 ____




____________TidBITS Talk Participation Guidelines____________
Post only when you have something substantive to contribute.
Be polite and constructive, and comment on posts, not people.
Quote sparingly, if at all. We all read the previous message.
Start threads with a new message to [hidden email].
Read archives at: http://tidbits.com/pipermail/tidbits-talk/
Unsubscribe at: http://tidbits.com/mailman/options/tidbits-talk
____Mailing List Manners: http://tidbits.com/series/1141 ____
Reply | Threaded
Open this post in threaded view
|

Re: Strange call from me to me

Mark D. McKean
In reply to this post by Brian L. Matthews
On 09/30/2017 02:53 am, Brian L. Matthews wrote:
I'm kind of baffled as to *why* someone would do that, but the *how* is pretty straightforward.

I figured out a viable "why" some time ago. Most smartphone junk-call blockers default to using your contacts list as a whitelist, allowing through any call from a number in your contacts. One number that is pretty much guaranteed to be in your contacts is your own number--it's put there by default (the "Me" card). Unless you created a narrower whitelist, one that doesn't include your own number, the call goes through. Add in the fact that most people's curiosity would compel them to answer such a call at least once, and you're in like Flynn.

(The scammers don't hard-code your number into the spoof list, btw; they have the robodialer programmed to mirror the number being dialed back into the Caller ID signal. So other people aren't going to be getting calls purporting to be from you--they'll get calls purporting to be from their own numbers.)

The stupid thing is that it's trivial, on the code side, to make this tactic useless: have the OS or the blocker by default block calls claiming to be from the number assigned to that phone. Because of the way the telephone system works, it's pretty much impossible for a call to genuinely originate from the same line it's calling to, so there's really no good reason to allow such an obviously spoofed call to go through. Apple and Google could build such a block directly into iOS and Android if sufficiently motivated.

This also points up just how almost completely useless Caller ID has turned out to be. All the efforts aimed at reducing junk calls (Do Not Call lists, robocall blockers, etc.) are mostly a waste when it's so trivial to spoof Caller ID. There isn't going to be any long-term improvement in the situation until the FCC and the phone companies replace the current Caller ID system with one that is secure and hard to spoof. And I don't see that happening in the foreseeable future.

Mark D. McKean
[hidden email]



____________TidBITS Talk Participation Guidelines____________
Post only when you have something substantive to contribute.
Be polite and constructive, and comment on posts, not people.
Quote sparingly, if at all. We all read the previous message.
Start threads with a new message to [hidden email].
Read archives at: http://tidbits.com/pipermail/tidbits-talk/
Unsubscribe at: http://tidbits.com/mailman/options/tidbits-talk
____Mailing List Manners: http://tidbits.com/series/1141 ____
Reply | Threaded
Open this post in threaded view
|

Re: Strange call from me to me

Tori Hernandez
But. What's the goal??

Tori
415 272-1944

On Sep 30, 2017, at 11:09 AM, Mark D. McKean <[hidden email]> wrote:

On 09/30/2017 02:53 am, Brian L. Matthews wrote:
I'm kind of baffled as to *why* someone would do that, but the *how* is pretty straightforward.

I figured out a viable "why" some time ago. Most smartphone junk-call blockers default to using your contacts list as a whitelist, allowing through any call from a number in your contacts. One number that is pretty much guaranteed to be in your contacts is your own number--it's put there by default (the "Me" card). Unless you created a narrower whitelist, one that doesn't include your own number, the call goes through. Add in the fact that most people's curiosity would compel them to answer such a call at least once, and you're in like Flynn.

(The scammers don't hard-code your number into the spoof list, btw; they have the robodialer programmed to mirror the number being dialed back into the Caller ID signal. So other people aren't going to be getting calls purporting to be from you--they'll get calls purporting to be from their own numbers.)

The stupid thing is that it's trivial, on the code side, to make this tactic useless: have the OS or the blocker by default block calls claiming to be from the number assigned to that phone. Because of the way the telephone system works, it's pretty much impossible for a call to genuinely originate from the same line it's calling to, so there's really no good reason to allow such an obviously spoofed call to go through. Apple and Google could build such a block directly into iOS and Android if sufficiently motivated.

This also points up just how almost completely useless Caller ID has turned out to be. All the efforts aimed at reducing junk calls (Do Not Call lists, robocall blockers, etc.) are mostly a waste when it's so trivial to spoof Caller ID. There isn't going to be any long-term improvement in the situation until the FCC and the phone companies replace the current Caller ID system with one that is secure and hard to spoof. And I don't see that happening in the foreseeable future.

Mark D. McKean
[hidden email]


____________TidBITS Talk Participation Guidelines____________
Post only when you have something substantive to contribute.
Be polite and constructive, and comment on posts, not people.
Quote sparingly, if at all. We all read the previous message.
Start threads with a new message to [hidden email].
Read archives at: http://tidbits.com/pipermail/tidbits-talk/
Unsubscribe at: http://tidbits.com/mailman/options/tidbits-talk
____Mailing List Manners: http://tidbits.com/series/1141 ____



____________TidBITS Talk Participation Guidelines____________
Post only when you have something substantive to contribute.
Be polite and constructive, and comment on posts, not people.
Quote sparingly, if at all. We all read the previous message.
Start threads with a new message to [hidden email].
Read archives at: http://tidbits.com/pipermail/tidbits-talk/
Unsubscribe at: http://tidbits.com/mailman/options/tidbits-talk
____Mailing List Manners: http://tidbits.com/series/1141 ____
Reply | Threaded
Open this post in threaded view
|

Re: Strange call from me to me

Mark D. McKean
On 09/30/2017 10:10 pm, Tori Hernandez wrote:
> But. What's the goal??

To get you to answer the phone.

If you don't answer the call, they can't make money off of you, legit or
fraudulent. It's rare anymore that a scam or robocall will bother to
leave a message; people don't respond to them very much these days.
About the only calls that routinely leave messages are the ones based on
scare tactics. (IRS scams, tech support scams, and collection agencies,
both legit and not, seem to be the bulk of them.)

But if they can get you to answer the phone directly, there's a chance
that their pitch will be heard. If they can get you to actually pay
enough attention to the pitch to think about it, there's a chance you'll
fall for it. And if you fall for it, well, there's the next sucker.

Sure, most people are smart enough to not get fleeced. But they don't
have to fool a lot of people. Their business models are based on taking
in a fairly small number of people for big chunks of money. A robocaller
will make thousands of calls per outgoing line every day. If only one in
a thousand (0.1%) is taken in by the pitch, they're making good bank. If
one in ten thousand (0.01%) falls for it, they're probably at least
breaking even.

Mark D. McKean
[hidden email]





____________TidBITS Talk Participation Guidelines____________
Post only when you have something substantive to contribute.
Be polite and constructive, and comment on posts, not people.
Quote sparingly, if at all. We all read the previous message.
Start threads with a new message to [hidden email].
Read archives at: http://tidbits.com/pipermail/tidbits-talk/
Unsubscribe at: http://tidbits.com/mailman/options/tidbits-talk
____Mailing List Manners: http://tidbits.com/series/1141 ____
Reply | Threaded
Open this post in threaded view
|

Re: Strange call from me to me

Ron Risley
In reply to this post by Brian L. Matthews

> On Sep 29, 2017, at 23:53, Brian L. Matthews <[hidden email]> wrote:
>
> I'm kind of baffled as to *why* someone would do that, but the *how* is pretty straightforward.

Some people will answer because the number looks familiar or they are curious. As more people adopt the strategy of not answering any calls from unknown numbers, spoofed caller ID telemarketing will become more common.

Some poorly configured voicemail systems will route you to the VM user interface if you're calling from your own number. Then if they use a common default password (last 4 digits of the number used to be used almost universally), your VM account is now hacked. So it might have been a telemarketer, or someone trying to hack voicemail (which can be used to facilitate toll fraud), or both.

Because of the way most GSM phone systems handle voicemail, blocking calls with same-number origin simply won't work. It's also a colossal can o' worms to try to authenticate caller ID. If you're thinking "why can't they..." or "there ought to be a law...", you've never designed a phone exchange.

--Ron


____________TidBITS Talk Participation Guidelines____________
Post only when you have something substantive to contribute.
Be polite and constructive, and comment on posts, not people.
Quote sparingly, if at all. We all read the previous message.
Start threads with a new message to [hidden email].
Read archives at: http://tidbits.com/pipermail/tidbits-talk/
Unsubscribe at: http://tidbits.com/mailman/options/tidbits-talk
____Mailing List Manners: http://tidbits.com/series/1141 ____
Reply | Threaded
Open this post in threaded view
|

Re: Strange call from me to me

Jim Carr
Ron Risley wrote, On 9/30/17, 8:39 PM:
> -snip--
>
> Some poorly configured voicemail systems will route you to the VM user interface if you're calling from your own number. Then if they use a common default password (last 4 digits of the number used to be used almost universally), your VM account is now hacked. So it might have been a telemarketer, or someone trying to hack voicemail (which can be used to facilitate toll fraud), or both.
>
> Because of the way most GSM phone systems handle voicemail, blocking calls with same-number origin simply won't work. It's also a colossal can o' worms to try to authenticate caller ID. If you're thinking "why can't they..." or "there ought to be a law...", you've never designed a phone exchange.
>
> --Ron

Ron:

I haven't designed an exchange but AT&T, Verizon, etc. have. Your
cellular provider should, IMHO, implement blocking same number calls
since it is very unlikely that they are real.

If these junk calls become more common, companies that block them may
gain a competitive advantage. And save them support costs in helping
folks whose account have been hacked via these means. If you get such
calls, complain to your phone provider.

It may take legislative action to encourage them.

--Jim

--
Jim Carr
[hidden email]
---------------------------------------------------------------------



____________TidBITS Talk Participation Guidelines____________
Post only when you have something substantive to contribute.
Be polite and constructive, and comment on posts, not people.
Quote sparingly, if at all. We all read the previous message.
Start threads with a new message to [hidden email].
Read archives at: http://tidbits.com/pipermail/tidbits-talk/
Unsubscribe at: http://tidbits.com/mailman/options/tidbits-talk
____Mailing List Manners: http://tidbits.com/series/1141 ____
Reply | Threaded
Open this post in threaded view
|

Re: Strange call from me to me

Rodney

On Oct 1, 2017, at 09:30, Jim Carr <[hidden email]> wrote:

If these junk calls become more common, companies that block them may gain a competitive advantage. And save them support costs in helping folks whose account have been hacked via these means. If you get such calls, complain to your phone provider.

Yep, the carriers make money by routing the spam and hacker calls, and they make money by charging their customers to block them. That sounds like a good deal for the carriers.

The caller ID is maybe less reliable than the “From:” address in an email message. The “s” in “smtp” stands for “simple”. The mail protocol was designed to allow a few researchers to communicate, and it doesn’t seem to’ve occurred to the designers that anyone would want to fake their identity.

Things have improved somewhat, but back last century you were whoever you said you were. One of the engineers who worked for my former employer send an email to a female colleague inviting her to lunch. However, he used the “From:” address of the CEO. Unfortunately for all concerned, he got his colleague’s address wrong, so the message bounced. It bounced back to the CEO, who was very upset. The head of computer security lost his job.

Mail clients these days are a bit more particular, so it is a bit trickier for the average user to pull such a stunt, but “sendmail” is still available on High Sierra, so spoofing is still possible for anyone who speaks smtp headers. I’ve been getting a bunch of “Testing” messages that are supposedly from “store-news at amazon.com”, but aren't. The messages contain just an “opt out” link. They made it through Google’s spam filters. Apparently, the spammer is an AWS customer, so the messages do appear to be coming out of Amazon.



____________TidBITS Talk Participation Guidelines____________
Post only when you have something substantive to contribute.
Be polite and constructive, and comment on posts, not people.
Quote sparingly, if at all. We all read the previous message.
Start threads with a new message to [hidden email].
Read archives at: http://tidbits.com/pipermail/tidbits-talk/
Unsubscribe at: http://tidbits.com/mailman/options/tidbits-talk
____Mailing List Manners: http://tidbits.com/series/1141 ____
Reply | Threaded
Open this post in threaded view
|

Re: Strange call from me to me

@lbutlr


> On 01 Oct 2017, at 11:27, Rodney <[hidden email]> wrote:
>
>
>> On Oct 1, 2017, at 09:30, Jim Carr <[hidden email]> wrote:
>>
>> If these junk calls become more common, companies that block them may gain a competitive advantage. And save them support costs in helping folks whose account have been hacked via these means. If you get such calls, complain to your phone provider.
>
> Yep, the carriers make money by routing the spam and hacker calls, and they make money by charging their customers to block them. That sounds like a good deal for the carriers.
>
> The caller ID is maybe less reliable than the “From:” address in an email message. The “s” in “smtp” stands for “simple”. The mail protocol was designed to allow a few researchers to communicate, and it doesn’t seem to’ve occurred to the designers that anyone would want to fake their identity.

Sure it did. This was a source of great fun and amusement. I remember getting an email from [hidden email] in 1987 when SMTP was still considered suspiciously new.

> Mail clients these days are a bit more particular,

Have they?

I have several custom (humorous) email addresses in my mail clients that do not map to real addresses or domains. It is only the servers that ever complain.

I also, of course, have a dontreply@mydomain address that does not exist and that bounces replies. I use this for automated messages to users.

--
Apple broke AppleScripting signatures in Mail.app, so no random signatures.




____________TidBITS Talk Participation Guidelines____________
Post only when you have something substantive to contribute.
Be polite and constructive, and comment on posts, not people.
Quote sparingly, if at all. We all read the previous message.
Start threads with a new message to [hidden email].
Read archives at: http://tidbits.com/pipermail/tidbits-talk/
Unsubscribe at: http://tidbits.com/mailman/options/tidbits-talk
____Mailing List Manners: http://tidbits.com/series/1141 ____
Reply | Threaded
Open this post in threaded view
|

Re: Strange call from me to me

Tori Hernandez
In reply to this post by Mark D. McKean
Not really to make you pick up the phone but to find their next “mark” to make some $$
However, by using my number to call me — I am thinking that that is a very bad tactic. People like me would be very, very puzzled as to the process rather than their goal of scamming me.

Perhaps my thinking is too logical…
Thanks for the info.

Tori


> On Sep 30, 2017, at 7:52 PM, Mark D. McKean <[hidden email]> wrote:
>
> On 09/30/2017 10:10 pm, Tori Hernandez wrote:
>> But. What's the goal??
>
> To get you to answer the phone.
>
> If you don't answer the call, they can't make money off of you, legit or
> fraudulent. It's rare anymore that a scam or robocall will bother to
> leave a message; people don't respond to them very much these days.
> About the only calls that routinely leave messages are the ones based on
> scare tactics. (IRS scams, tech support scams, and collection agencies,
> both legit and not, seem to be the bulk of them.)
>
> But if they can get you to answer the phone directly, there's a chance
> that their pitch will be heard. If they can get you to actually pay
> enough attention to the pitch to think about it, there's a chance you'll
> fall for it. And if you fall for it, well, there's the next sucker.
>
> Sure, most people are smart enough to not get fleeced. But they don't
> have to fool a lot of people. Their business models are based on taking
> in a fairly small number of people for big chunks of money. A robocaller
> will make thousands of calls per outgoing line every day. If only one in
> a thousand (0.1%) is taken in by the pitch, they're making good bank. If
> one in ten thousand (0.01%) falls for it, they're probably at least
> breaking even.
>
> Mark D. McKean
> [hidden email]
>
>
>
>
>
> ____________TidBITS Talk Participation Guidelines____________
> Post only when you have something substantive to contribute.
> Be polite and constructive, and comment on posts, not people.
> Quote sparingly, if at all. We all read the previous message.
> Start threads with a new message to [hidden email].
> Read archives at: http://tidbits.com/pipermail/tidbits-talk/
> Unsubscribe at: http://tidbits.com/mailman/options/tidbits-talk
> ____Mailing List Manners: http://tidbits.com/series/1141 ____




____________TidBITS Talk Participation Guidelines____________
Post only when you have something substantive to contribute.
Be polite and constructive, and comment on posts, not people.
Quote sparingly, if at all. We all read the previous message.
Start threads with a new message to [hidden email].
Read archives at: http://tidbits.com/pipermail/tidbits-talk/
Unsubscribe at: http://tidbits.com/mailman/options/tidbits-talk
____Mailing List Manners: http://tidbits.com/series/1141 ____
Reply | Threaded
Open this post in threaded view
|

Re: Strange call from me to me

Rodney

On Oct 2, 2017, at 00:46, Tori Hernandez <[hidden email]> wrote:

Not really to make you pick up the phone but to find their next “mark” to make some $$
However, by using my number to call me — I am thinking that that is a very bad tactic. People like me would be very, very puzzled as to the process rather than their goal of scamming me.

But they don’t know that they’re calling people like you, and they don’t care. I don’t know what percentage of the population is made up of people like you, but I’d guess it is small enough not to concern them.



____________TidBITS Talk Participation Guidelines____________
Post only when you have something substantive to contribute.
Be polite and constructive, and comment on posts, not people.
Quote sparingly, if at all. We all read the previous message.
Start threads with a new message to [hidden email].
Read archives at: http://tidbits.com/pipermail/tidbits-talk/
Unsubscribe at: http://tidbits.com/mailman/options/tidbits-talk
____Mailing List Manners: http://tidbits.com/series/1141 ____
Reply | Threaded
Open this post in threaded view
|

Re: Strange call from me to me

Tori Hernandez
In reply to this post by Jim Carr
Hi Jim: Good idea. Thank you. I will call them.

''A person often meets his destiny on the road he took to avoid it.''
Jon Fontaine




Tori Hernandez


On Oct 1, 2017, at 12:30 AM, Jim Carr <[hidden email]> wrote:

Ron Risley wrote, On 9/30/17, 8:39 PM:
-snip--

Some poorly configured voicemail systems will route you to the VM user interface if you're calling from your own number. Then if they use a common default password (last 4 digits of the number used to be used almost universally), your VM account is now hacked. So it might have been a telemarketer, or someone trying to hack voicemail (which can be used to facilitate toll fraud), or both.

Because of the way most GSM phone systems handle voicemail, blocking calls with same-number origin simply won't work. It's also a colossal can o' worms to try to authenticate caller ID. If you're thinking "why can't they..." or "there ought to be a law...", you've never designed a phone exchange.

--Ron

Ron:

I haven't designed an exchange but AT&T, Verizon, etc. have. Your cellular provider should, IMHO, implement blocking same number calls since it is very unlikely that they are real.

If these junk calls become more common, companies that block them may gain a competitive advantage. And save them support costs in helping folks whose account have been hacked via these means. If you get such calls, complain to your phone provider.

It may take legislative action to encourage them.

--Jim

-- 
Jim Carr
[hidden email]
---------------------------------------------------------------------



____________TidBITS Talk Participation Guidelines____________
Post only when you have something substantive to contribute.
Be polite and constructive, and comment on posts, not people.
Quote sparingly, if at all. We all read the previous message.
Start threads with a new message to [hidden email].
Read archives at: http://tidbits.com/pipermail/tidbits-talk/
Unsubscribe at: http://tidbits.com/mailman/options/tidbits-talk
____Mailing List Manners: http://tidbits.com/series/1141 ____




____________TidBITS Talk Participation Guidelines____________
Post only when you have something substantive to contribute.
Be polite and constructive, and comment on posts, not people.
Quote sparingly, if at all. We all read the previous message.
Start threads with a new message to [hidden email].
Read archives at: http://tidbits.com/pipermail/tidbits-talk/
Unsubscribe at: http://tidbits.com/mailman/options/tidbits-talk
____Mailing List Manners: http://tidbits.com/series/1141 ____
Reply | Threaded
Open this post in threaded view
|

Re: Strange call from me to me

Rodney
In reply to this post by @lbutlr

On Oct 1, 2017, at 23:54, @lbutlr <[hidden email]> wrote:

The caller ID is maybe less reliable than the “From:” address in an email message. The “s” in “smtp” stands for “simple”. The mail protocol was designed to allow a few researchers to communicate, and it doesn’t seem to’ve occurred to the designers that anyone would want to fake their identity.

Sure it did. This was a source of great fun and amusement. I remember getting an email from [hidden email] in 1987 when SMTP was still considered suspiciously new.

The smtp RFC was based on work dating back to the 1970s, and released in 1982 That was back in the days when people shuffled stuff around via UUCP and “the net” was Usenet, and you didn’t see much of it outside of academia. I don’t have much experience with smtp from those days, because I was working mostly on VAX/VMS and DECnet.

I would at least like to think that if it had occurred to the designers of SMTP just how widely it would be used, and much harm could be done by faking identities, then they would have built in some better authentication.

You got into the game rather late. Unless you were a developer of the standard, or have some other insight as to the developers’ thinking on the subject, then I think that we can we can file “raygun” under “anecdotal evidence”.



____________TidBITS Talk Participation Guidelines____________
Post only when you have something substantive to contribute.
Be polite and constructive, and comment on posts, not people.
Quote sparingly, if at all. We all read the previous message.
Start threads with a new message to [hidden email].
Read archives at: http://tidbits.com/pipermail/tidbits-talk/
Unsubscribe at: http://tidbits.com/mailman/options/tidbits-talk
____Mailing List Manners: http://tidbits.com/series/1141 ____
Reply | Threaded
Open this post in threaded view
|

Re: Strange call from me to me

Brian L. Matthews
In reply to this post by Mark D. McKean
On 9/30/17 11:09 AM, Mark D. McKean wrote:
On 09/30/2017 02:53 am, Brian L. Matthews wrote:
I'm kind of baffled as to *why* someone would do that, but the *how* is pretty straightforward.

I figured out a viable "why" some time ago. Most smartphone junk-call blockers default to using your contacts list as a whitelist, allowing through any call from a number in your contacts. One number that is pretty much guaranteed to be in your contacts is your own number--it's put there by default (the "Me" card). Unless you created a narrower whitelist, one that doesn't include your own number, the call goes through.


Ok, that makes sense. I haven't used a software junk-call blocker, although the wetware one I use by ignoring calls from numbers I don't recognize :-) would have ignored a call from my own number.

Brian



____________TidBITS Talk Participation Guidelines____________
Post only when you have something substantive to contribute.
Be polite and constructive, and comment on posts, not people.
Quote sparingly, if at all. We all read the previous message.
Start threads with a new message to [hidden email].
Read archives at: http://tidbits.com/pipermail/tidbits-talk/
Unsubscribe at: http://tidbits.com/mailman/options/tidbits-talk
____Mailing List Manners: http://tidbits.com/series/1141 ____
Reply | Threaded
Open this post in threaded view
|

Re: Strange call from me to me

David Ross
In reply to this post by Rodney
Most of the issues with networked computers these days have to deal with
the first movers not thinking about how people with "bad" intentions
might use things.

Internet RFCs. Microsoft networking. Web servers. Etc.

On 10/2/17 12:09 PM, Rodney wrote:
> and much harm could be done by faking identities, then they would have
> built in some better authentication.



____________TidBITS Talk Participation Guidelines____________
Post only when you have something substantive to contribute.
Be polite and constructive, and comment on posts, not people.
Quote sparingly, if at all. We all read the previous message.
Start threads with a new message to [hidden email].
Read archives at: http://tidbits.com/pipermail/tidbits-talk/
Unsubscribe at: http://tidbits.com/mailman/options/tidbits-talk
____Mailing List Manners: http://tidbits.com/series/1141 ____
Reply | Threaded
Open this post in threaded view
|

Re: Strange call from me to me

David Ross
In reply to this post by @lbutlr
This is the common trick. Many people (in the general population) will
answer such a call because they figure it is someone they know but don't
have in their phone.

In general I don't answer any number that's not in my address book. If
they really know me they can leave a voice mail. Of course that fails
for maintenance folks and such who call 30 minutes before they arrive.
So I have to be flexible in my rules based on what I'm expecting. Or
just now I'm working with my daughter helping her buy her first house
and need to answer a slew of unknown numbers from my area code.

On 9/30/17 6:40 AM, @lbutlr wrote:
> I haven't had it be the exact number, but matching the first six digits of a ten digit number is very common.



____________TidBITS Talk Participation Guidelines____________
Post only when you have something substantive to contribute.
Be polite and constructive, and comment on posts, not people.
Quote sparingly, if at all. We all read the previous message.
Start threads with a new message to [hidden email].
Read archives at: http://tidbits.com/pipermail/tidbits-talk/
Unsubscribe at: http://tidbits.com/mailman/options/tidbits-talk
____Mailing List Manners: http://tidbits.com/series/1141 ____
Reply | Threaded
Open this post in threaded view
|

Re: Strange call from me to me

David Ross
In reply to this post by Tori Hernandez
To get a few people to answer the call.

And to go with it ask you a question that you will most likely answer "yes". Doing this gives them a "yes" to insert into a bogus call getting you to sign up for some charges of some kind.

I never say the word "yes" unless I know the caller.

On 9/30/17 10:10 PM, Tori Hernandez wrote:
But. What's the goal??

Tori
415 272-1944

On Sep 30, 2017, at 11:09 AM, Mark D. McKean <[hidden email]> wrote:

On 09/30/2017 02:53 am, Brian L. Matthews wrote:
I'm kind of baffled as to *why* someone would do that, but the *how* is pretty straightforward.

I figured out a viable "why" some time ago. Most smartphone junk-call blockers default to using your contacts list as a whitelist, allowing through any call from a number in your contacts. One number that is pretty much guaranteed to be in your contacts is your own number--it's put there by default (the "Me" card). Unless you created a narrower whitelist, one that doesn't include your own number, the call goes through. Add in the fact that most people's curiosity would compel them to answer such a call at least once, and you're in like Flynn.

(The scammers don't hard-code your number into the spoof list, btw; they have the robodialer programmed to mirror the number being dialed back into the Caller ID signal. So other people aren't going to be getting calls purporting to be from you--they'll get calls purporting to be from their own numbers.)

The stupid thing is that it's trivial, on the code side, to make this tactic useless: have the OS or the blocker by default block calls claiming to be from the number assigned to that phone. Because of the way the telephone system works, it's pretty much impossible for a call to genuinely originate from the same line it's calling to, so there's really no good reason to allow such an obviously spoofed call to go through. Apple and Google could build such a block directly into iOS and Android if sufficiently motivated.

This also points up just how almost completely useless Caller ID has turned out to be. All the efforts aimed at reducing junk calls (Do Not Call lists, robocall blockers, etc.) are mostly a waste when it's so trivial to spoof Caller ID. There isn't going to be any long-term improvement in the situation until the FCC and the phone companies replace the current Caller ID system with one that is secure and hard to spoof. And I don't see that happening in the foreseeable future.

Mark D. McKean
[hidden email]


____________TidBITS Talk Participation Guidelines____________
Post only when you have something substantive to contribute.
Be polite and constructive, and comment on posts, not people.
Quote sparingly, if at all. We all read the previous message.
Start threads with a new message to [hidden email].
Read archives at: http://tidbits.com/pipermail/tidbits-talk/
Unsubscribe at: http://tidbits.com/mailman/options/tidbits-talk
____Mailing List Manners: http://tidbits.com/series/1141 ____



____________TidBITS Talk Participation Guidelines____________
Post only when you have something substantive to contribute.
Be polite and constructive, and comment on posts, not people.
Quote sparingly, if at all. We all read the previous message.
Start threads with a new message to [hidden email].
Read archives at: http://tidbits.com/pipermail/tidbits-talk/
Unsubscribe at: http://tidbits.com/mailman/options/tidbits-talk
____Mailing List Manners: http://tidbits.com/series/1141 ____




____________TidBITS Talk Participation Guidelines____________
Post only when you have something substantive to contribute.
Be polite and constructive, and comment on posts, not people.
Quote sparingly, if at all. We all read the previous message.
Start threads with a new message to [hidden email].
Read archives at: http://tidbits.com/pipermail/tidbits-talk/
Unsubscribe at: http://tidbits.com/mailman/options/tidbits-talk
____Mailing List Manners: http://tidbits.com/series/1141 ____
12