Re: [fw-wiz] Email Scams, Telemarketing, and Identity Theft

Sam Golden wrote:
> I have had my home phone number in the National Do Not Call Registry,, since it's inception and I have received few if any telemarketing phone calls.
Within the last week, however, I have received more than a dozen calls. After brushing the first few off, I became curious and started to ask the callers why they were calling me. The results were startling.
Each of the first three callers I asked stated that they had received an email from me requesting that they call me. Knowing that I hadn't done so, I asked for the email address. They stated they received an email from Goldensaaaa@xxxxxxxxx <mailto:Goldensaaaa@xxxxxxxxx>. This apparently legitimizes their calling me.

Want to guess who sent it to them?

There's cut-outs in most spam/telemarketing laws that say you
can request calls or that it's OK if there's a "prior business
relationship." It usually takes the telemarketers a few
months to figure out a way around each new law. After all,
their important message is, um, important.

After thinking it over for a few years (seriously) I've
concluded that spam and telemarketing are OK and I will
accept any amount of them as long as I still have free
speech. I don't, of course - in the US there are considerable
laws curtailing same (see 18 US 2257a for example) and the
FBI spends a lot of time and taxpayers' money going
after certain kinds of speech rather than others that
fall under the same laws. So, with spam and telemarketing
we're dealing with a social failure; the police won't
protect us and we are not given the tools to protect
ourselves. (And the phone companies will cheerfully
sell us caller-ID but then sell telemarketers the ability
to block it) Ultimately, this kind of imbalance will
continue as long as it's profitable.

Now, while telemarketing is annoying, it started me thinking about the implications. Anyone can search various public archives such as <> and find a phone number for a name. Anyone can create a gmail account as long as they can read the "captcha". Is some "evil" telemarketing company hiring lots of people to generate lots of mail accounts and then offer these to faux-legitimize telemarketing phone calls?

Yes. That's probably what's happening. Although the
telemarketers may simply optimize by not bothering
to do it, until someone complains - THEN - send the
"please call me" fake email.

Should I be paranoid?

Was that a serious question? I checked the date of your
post and it wasn't April 1. Did you seriously ask the
firewall-wizards if you should be paranoid?

The answer is, "of course not!" It's not paranoia
if you've ALREADY got a brain-leech installed in you
and the orbital mind control lasers are making you
dance like a puppet.

Marcus J. Ranum CSO, Tenable Network Security, Inc.
firewall-wizards mailing list