The “Microsoft fraudsters” are currently working overtime: ideas for defensive measures?

@Werner

So I think the idea of ​​the whitelist is good, I would like it too.

---

@[deleted] wrote:

The fraudsters are still working overtime, but they are constantly diversifying, below is today’s SMS daily profit for laughs (I have removed the real email link for security reasons)

Your phone won USD 950,000 in the 2018 Mobile Draw. To claim your prize, send us your name and mobile number via email: sms.at.worldroam.us

---

Congratulations on your win. What kind of smartphone do you have? I might win a million quickly in the next few days

Anyone who sends their name, cell phone number, etc. here actually only has themselves to blame. But unfortunately this scam works. The naivety of certain people is a blessing.

Verbally, I’ve already tried everything with these criminals: from friendly rejections to angry snarls to making fun of them back - none of it helped. At some point I said that they would regret it if the mischief didn’t stop immediately. Of course they didn’t believe me. However, when I actually started blowing the whistle after several such advance warnings…

Since then there has been peace.

I think “whitelisting” is probably out of the question for the “average user”.

However, I would actually assume that preventing number spoofing - at least as far as domestic numbers are concerned - should somehow be technically possible.

---

@PowerMac wrote:

… after several such advance warnings, actually with the whistle…

It’s been quiet since then.

---

Understandable. The person now most likely has permanent hearing damage. Hopefully it hit the right person… But if he is in Switzerland and knows how to defend himself, there is a risk that a charge of bodily harm will be filed…

Just a heads up

@kaetho: sure, that’s why I warned you several times. And with (no exaggeration) ten calls a day, every other time from the same agent, I finally had enough. Sad but true that this has proven to be the only effective countermeasure.

When I’m abroad and notice that some loafers are constantly trying to steal my wallet and at some point my patience breaks, then I no longer bother to ask myself whether I’m punching the right person.

So far, no criminal complaint has been received from Calcutta or Delhi.

Whitlist call filter and and…

Sorry, but it can’t be that millions of users themselves should try to defend themselves against this instead of centrally.

We already had this topic

"

Spoofing numbers with foreign IDs is ok, but spoofing with Swiss numbers is clearly the responsibility of the provider who manages this number.

@Anonymous I don’t think that “real” money (a well-known Betrag of the budget) is being invested anymore.

In any case, messing around with call filters, whitlists, etc. will not be the solution.

Sad but true, the suffering of the troubled customers must first become so great that it becomes a political issue and politicians impose penalties on the providers if numbers from their number pool are used for spoofing.

Let’s not forget that the providers are also responsible for the data traffic that is transmitted over their network. As far as I can remember, a general director of Swiss Telecom was warned by the Federal Court in the 1990s.

Grin, super cool…

Yes, you should hold it off for as long as possible so that it gets to them at some point.

I act stupid on calls like this, play the “old man” who has no idea about computers and emphasize how important the computer is to me, I would do banking transactions with it, have all the data on it…

And while I’m talking to the “Microsoft employee” I’m working on something…

When the conversation starts my computer (which is always running) is never running and has to be started first. And oh the login, that’s so complicated, "moment i type my password… its dubistdumm oh the computer doesn’t accept my password… i have to try again… dubistdumm ah, maby I have activated capslok, wait , I try again…

Yes, I have fun with the “Microsoft Supporters”…

PS: in reality, my password is of course not stupid… it still has special characters and numbers in between… <laugh>… and also other words, ones that aren’t in the dictionary… 😉

@pgloor Have you actually activated the call filter?

Yes, it is (was) activated.

“Topic solved” does not correspond to my experiences, since October the problem has increased massively again: often several calls a day (but *still* the night’s rest is respected), the criminal Microsoft fake call center is spamming so much at the same time that The employee did not answer successful calls (i.e. I answered) because they were busy with another victim - once the phone rang again at the moment I picked up the supposed Zurich number.

Swisscom support only supports the *settings* of the call filter, but at least explained to me that * wildcards can also be used in the manual block list. - and yes, the call filter was active (only allowed “Anonymous”) to pass through.

But: That’s no use, the criminals vary the calls very well (never the same number, many also with 044 for Zurich) - of course I can’t block them. List-based wildcard banning is definitely not realistic.

I once worked in an office with its own PBX, i.e. “calls over the Internet”. There the CLIP number could be entered in free text in the admin tool. I probably misunderstood the 3rd option “unavailable” (“if their origin cannot be traced (…) calls from abroad or over the Internet” to mean machine learning-optimized computer-generated random CLIP numbers from the Internet Call-camouflaged criminal organizations would have to be recognized. This is obviously not the case.

It seems to me that there is a need for action in this regard in Swisscom technology. After all, as is well known, these are not simple “fraud attempts”, but rather an attempt to take complete control of a customer’s PC via remote support. These are qualified hacker attacks carried out on a large scale.

I don’t think it can be Swisscom’s job to protect customers from any fraud that comes their way on any electronic channels (telephone, email, web). It is simply a hopeless undertaking.

Of course it is right to block known fraudsters. But you write it yourself: They keep changing the numbers.

Ultimately, you simply cannot protect 100% of humanity from their own naivety. Deception, lies and fraud are a billion-dollar business. For me, many other “offers” fall into a similar category. If you were to be consistent, you would have to block all clairvoyants, astrologers, etc. (but you would rather sell them value-added numbers and make money from their fraud). Where do you ultimately draw the line? Does the alternative medicine doctor recognized by the health insurance company also have to be blocked if there is no objectively verifiable mechanism of action in their way of working? And what about all the more or less openly fraudulent providers of PC tuning tools and antivirus software? As soon as you start blocking “aggressively”, a whole new set of questions arise… 😉

Thanks for the instructive answer from an “expert”. About a year ago, Swisscom had a massive spam problem (dozens of emails went through the Swisscom spam filter every day), and this was a) publicly communicated at some point and b) it took some time until the spam filter was upgraded accordingly : “Specialists are working hard to solve the problem, as Merk continued. How long this will take is currently unclear. Swisscom regrets the circumstances and apologizes for the inconvenience.”

[https://www.nzz.ch/wirtschaft/bluewin-accounts- Werden-mit-massenweise-werbemails-eindeck-ld.1323788](https://www.nzz.ch/wirtschaft/bluewin-accounts- Werden- covered with masses of advertising emails-ld.1323788)

My belated thanks to Swisscom for this.

Imagine if the Swisscom email department had reacted to massive attacks in the same condescending, didactic manner as you are doing here on behalf of the landline department to the proverbial naive “landline telephone operator” - this could damage your reputation as an IT Write off service providers 100%.

You also missed the fact that I specifically asked about technical solutions - it was my mistake for not first explaining in detail that there are such technical solutions against high-tech attacks in the email sector (see above).

Swisscom telephone support itself recommended that I bring this up again in the forum to make it clear that the problem is by no means “solved” and, ideally, to get Swisscom to give a technically justified statement as to whether it is somewhere between the USA and China There are already successful attempts at solving the international telephone spam hacker attack problem under the condition of CHF 0.00(?) costs for IP->landline network - or whether this is really the last and only resort worldwide is to make the private number subject to private charges in addition to the provider (like 0900) - and whether and when Swisscom intends to communicate this “solution”.

@T0n1

1. My answer wasn’t actually intended to be “condescending” - and I don’t see how it could/should be interpreted that way. I was simply pointing out that it is not a realistic undertaking to completely ban all “cheaters”. They can easily get new numbers at any time. (If you wanted to stop this, it would be a political matter, not something that an individual telco provider can implement.)

2. If you assume that I am “representing the landline department”, then you may have misunderstood the principle of this forum. This is explicitly a “community forum”, i.e. the majority of participants (like me) are not employed by Swisscom in any way.

3. In my opinion, the SPAM problem is technically completely different and can hardly be compared.

Unwanted emails are easier to recognize than unwanted calls.

When an unwanted email arrives, the content is already available, i.e. it can be filtered according to content criteria.

However, if your phone rings, some Swisscom system still knows what the next conversation will be about. This means that filtering can primarily be done using “black lists” with the known numbers of fraudsters. And these numbers change. So we’re back to the first point.

(In addition, there are other “detectable” characteristics in unsolicited emails that are also not present in calls.)

4. If you would like an official statement from Swisscom, you are welcome to wait for a Swisscom employee. However, it remains to be seen whether he can say something that you like substantially better. GuidoT has already explained his opinion above.

I also think that the technical defense measures against such Windows helpdesk telephone spam can still be optimized. But ultimately I have to agree with @cslu that every phone owner must have a certain level of maturity. There will always be a residual risk, and there are no limits to the ingenuity of criminals, even (or especially) on the Internet.