And here is the promised summary of responses! Thanks team. Please send any additional commentary to narelle.clark "at" accan.org.au-nospamplease
Problem statement: Consumer reps are hearing a rise in the incidence of VoIP calls faking their caller ID for the purposes of spamming and scamming. Consumers check the caller ID on their handset CND and accept the Australian sourced number, only to find it is a complete scam. This is often tied to the 'missed call scam' but now they are presenting using genuine Aussie phone numbers and the actual owners aren't happy. Summary of responses: This could be from a few likely possibilities 1. a local VoIP system has poor security and has been compromised and is being used as a local dialler. 2 incorrect configuration of a VoIP server with incorrect numbers on outbound calls within Australia or 3 outright fraud from overseas VoIP servers presenting as Australian numbers. Ideally, this could be handled similarly to IP address matching within BGP ASes, but not likely to be as simple. By inference any provider doing so would be in contravention of the ACMA Numbering Plan 2015 Part 2 s102 and therefore fines are payable: "s 102 Carriage service provider must not issue a number that it has not been allocated A carriage service provider must not issue a number to a customer unless the carriage service provider holds the number." De-identified responses (some typos corrected): --------8< --------8< --------8< --------8< --------8< --------8< --------8< --------8<--------- I'd say that in my experience, most of the time it's not spoofed CID or ANI, rather a compromised set of SIP gateway credentials. Once in, they either don't bother setting CLIP (because it's a scam call) or they set it to something that the caller is likely to pick up - local area code prefix or similar. The side effect of this is the usual network security approach, rather than telephony security - setting up fail2ban, choosing strong passwords, whitelisting source IP's that you know are cool, blacklisting certain countries IP ranges (India...) yada yada. Personally, for our call-center kids, we use zendesk for telephony, single-sign-on via gsuite authentication, which in turn is protected by password policies and enforced 2factor auth. Works well. --------8< --------8< --------8< --------8< --------8< --------8< --------8< --------8<--------- Most network operators will filter the source CallerID to ensure that only CallerIDs attached to the calling account are able to make a call. The ACMA is rather strict in regards to this and network operators can face fines if they knowingly allow a 'spoofed' callerID without verifying the number owner. Most larger network operators/carriers have implemented filtering across their network so if a report of nuisance calls is received they have procedures in place to deal with it quickly. I would suspect that the calls you are seeing may come from a compromised device or account with the most unlikely being an untrustworthy operator. Technically speaking the best you can do is report every case to your provider and police then block the number if it's not a legitimate number. --------8< --------8< --------8< --------8< --------8< --------8< --------8< --------8<--------- I would say they are likely coming in from overseas based telco's. All of the Australian based operators that I'm aware of take their responsibility seriously when setting the outbound calling number that calling customer has the right to use that number. We will not set an outbound CLID for our customers unless the inbound is churned to us or the customer has provided proof they own the rights to the number. Like their mobile number for example. --------8< --------8< --------8< --------8< --------8< --------8< --------8< --------8<--------- Yes I have seen this. Even personally had it Had the solar grant scam call with its Caller ID as a Gladstone number. --------8< --------8< --------8< --------8< --------8< --------8< --------8< --------8< Unfortunately this is very hard to protect against. Pretty much relying on the source carrier to so their due diligence and actually stop you from setting a number owned by someone else as your caller ID. Unfortunately there are a lot of VoIP providers that don't do this. There are even some VoIP systems that are open to the internet that allow unauthenticated or default user/pass to connect.. --------8< --------8< --------8< --------8< --------8< --------8< --------8< --------8< I often (as in sometimes several times a day) receive scam calls from the 'I'm from Telstra, I regret to inform you we will be cutting off your internet' or 'you have a virus I'm calling to help you' variety, some of them lately showing a obviously dodgy caller ID of 61234567890. Verifying caller ID from direct customers is within their range is OK, but could a large international gateway verify: (a) all caller IDs coming up from customer VoIP networks aggregating throusaands of number ranges from downstream and downstream-of-downstream customer VoIP gateways? - possibly doable, in the same way ISPs require downstream ISPs to register IP address block ranges to get them into a filter before they'll allow the ranges into BGP routing rables (b) incoming calls from upstream wholesale suppliers, including international networks, which may or may not have any CLI information at all? In telephone networks looped calls are OK, so it is perfectly ok to recieve a call routing from an international gateway with a Caller ID starting with '+61' or any other country prefix, and to forward it through. Best regards and thanks again for the input Narelle Clark On Mon, Apr 23, 2018 at 1:22 PM, Narelle <narel...@gmail.com> wrote: > > Hi folks > we may be hearing a rise in the incidence of VoIP calls faking their > caller ID for the purposes of spamming and scamming. > > Consumers check the caller ID on their hand CND and accept the Australian > sourced number, only to find it is a complete scam. This is often tied to > the 'missed call scam' but now they are using genuine Aussie phone numbers > and the genuine owners aren't happy. > > From my rusty experience at setting up VoIP systems, you should be able to > impose filters on incoming calls at the network level here the number > doesn't match the source - can people please give me a clearer update on > this from the trenches? > > What are the good housekeeping steps for network operators? > > Off list please and I'll summarise the responses, > > thanks in advance > > > > -- > > > Narelle Clark > narel...@gmail.com > -- Narelle narel...@gmail.com
_______________________________________________ AusNOG mailing list AusNOG@lists.ausnog.net http://lists.ausnog.net/mailman/listinfo/ausnog