Tag Archives: spam

Magically, Carriers Can Stop Spam Robo Calls

For years U.S. telephone carriers have said that they can’t stop spam callers.  Truth is that they make a lot of money from either sending or receiving these calls, so they had zero incentive to figure out a way to stop it.

The problem would decrease a lot if you could believe the information that caller ID was providing you because you could (a) tell if you knew the person who was calling you and (b) you could not answer calls if you didn’t recognize the number.

How many times have you received a call that shows with the area code and exchange (the first 6 digits of a phone number) that looks like it came from your neighborhood.

Caller ID was created decades ago and has zero security in it.    Add to that the fact that adding security costs money to the carriers with no added revenue and you can see why they haven’t done anything about it.

But Congress passed the TRACED Act late last year and this gives the FCC more power to go after phone spammers, it extends the statute of limitations for DoJ to go after spammers and it requires carriers to add security to Caller ID at no cost to subscribers.  It also allows the FCC to fine carriers for first offenses, something the FCC cannot do in most cases.

Magically, when the carriers figured out that they might get fined or even prosecuted, it only took them a couple of months to design at least a partial solution.  This is one of those cases where we don’t want perfect to get in the way of good.

Since most calls are now digital, the current plan, called SHAKEN/STIR, requires Caller ID info to be digitally signed at the source and digitally checked at the destination.

I noticed a couple of months ago that Verizon is now flagging calls as potential spam and is giving me the option to mark any call that I receive as potential spam.  Interesting what happens when the money equation changes.

The FCC *JUST* released rules that require carriers to implement SHAKEN/STIR on the digital portion of their network (such as cell phones) by June 30th of next year.  There is a one year delay for small carriers that may not be able to financially get it done by that date.

Then carriers have to deal with the old analog phone calls.

So while this is far from perfect, the big spammers are all digital because they need to make thousands of calls a hour in order to be profitable crooks.  This new regulation should significantly help this problem.

As long as the FCC keeps the pressure up on the carriers, things should improve over the next couple of years.

Source: ZDNet

Security News for the Week Ending July 19, 2019

FTC Approves $5 Billion Fine for Facebook

The FTC commissioners reportedly approved an approximately $5 billion fine of Facebook for violating the 2011 consent decree in conjunction with the Cambridge Analytica mess.

To put that in perspective, Facebook’s revenue just for 4th quarter of last year was $16.9 billion and their profit for that quarter was $6.9 billion, so the fine represents a little less than one quarter’s profit.   Still this is two orders of magnitude greater than the FTC fine of Google a few years ago.  The Justice Department has to approve the settlement and is typically a rubber stamp, but given this President’s relationship with social media, you never know.  Source: NY Times.

 

Why do they Want to Hack ME?

The Trickbot malware has compromised 250 million email addresses according to Techcrunch.  Besides using your email account to send spam, it does lots of other nifty stuff as it evolves.  Nice piece of work – NOT!

Why?  So that they can use your email to send spam.  After you, you are kind of a trusted person, so that if someone gets an email from you as opposed to a spammer, they are more likely to click on the link inside or open the attachment and voila, they are owned.

And, of course, you are blamed, which is even better for the spammer.  Source: Techcrunch.

 

Firefox Following Chrome – Marking HTTP web sites with “NOT SECURE” Label

Firefox is following in the footsteps of Google’s Chrome.  Starting this fall Firefox will also mark all HTTP pages (as opposed to HTTPS) as NOT SECURE as Google already does.  Hopefully this will encourage web site operators to install security certificates.  It used to be expensive, but now there are free options.  Source: ZDNet.

 

AMCA Breach Adds Another 2 Million + Victims

Even though American Medical Collection Agency was forced into bankruptcy as a result of the already 20 million+ victims, the hits keep coming for AMCA.  Another one of their customers, Clinical Pathology Labs, said that more than 2 million of their customers were affected by the breach.  They claim that they didn’t get enough information from AMCA to figure out what happened.

It is going to be interesting to see where the lawsuits go, who’s name(s) show up on the HIPAA wall of shame and who Health and Human Services goes after.  Given that AMCA filed for bankruptcy, it is very likely that Quest, CPL and AMCA’s other customers will wind up being sued.  Actually, Quest, Labcorp and the others are who should be sued because they selected AMCA as a vendor and obviously did not perform adequate due diligence.  Source: Techcrunch.

 

Another Day, Another Cryptocurrency Hack/Breach

This time it is the cryptocurrency exchange Bitpoint and they say that half of their 110,000 customers lost (virtual) money as a result of a hack last week.  The hack cost Bitpoint $28 million and they say that they plan the refund their customer’s money. One more time the hackers compromised the software, not the encryption,  Source: The Next Web.