However, we had a rather odd email today from the police, a Cyber Distribution & Prevention Team, no less. You would hope they have some clue, but their email shows drastic lack of clue...
We do occasionally get requests, usually under RIPA, usually related to telephony, and almost never actually correct. Typical errors are:-
- Not one of our numbers!
- Number too short
- Number too long
But also issues they would not know, but still a nuisance:-
- Number simply not in use, and hence must just be spoofed CLI
- Number leased to another telco
This request was different. It was a request to suspend a "line" which is in fact a VoIP service. But it shows some serious lack of clue here.
Firstly they are entirely going on the CLI. They have not attempted to trace the source of the calls via the telephone network in any way (else they would not have got to us as it is part of a block leased to another telco). But even though only based on CLI they are assuming the CLI is genuine. No hint that they know it could be otherwise, and indeed, asking us to suspend a line based only on CLI provides a means to "attack" a victim by using their CLI for something iffy and getting the police to get the victims line suspended! Our reply refers them to the wikipedia article on spoofing CLI.
Also, it is marked "Classification: PROTECT - INTERNAL USE ONLY" yet they have sent it externally to us. Ooops.
Then they explain "Attempts to contact the line have not been undertaken to prevent jeopardising any ongoing or potential investigation that may follow." Hang on?!? What would we say to a customer (if it was our customer) when we suspend them that would not jeopardise ongoing or potential investigation - seriously - suspended line is going to be a tad noticeable.
Then there is the actual request "We request that you consider suspending this line as soon as possible to prevent further harm to members of the public occurring and for a minimum period of 12 months." which I am not sure I understand. This is just a number. If we suspend it at all, the end user can have a new number to make calls within seconds, so not going to stop him, just alert him that they are on to him. Also it means the fraudster is now using a new number which nobody is blocking or watching out for, so actually that increases harm - by always using the same number one can alert people "don't accept calls from X" if that was a sane thing to do when considering CLI spoofing anyway. It also makes handling the reports they are getting easier to collate as they know it is the same person. But also, why suspend for 12 months? How does that help?
But then we have the fraud itself - a simple matter of someone calling an claiming to be something official (I am not giving details here), but a key point is the victim is then asked for "bank details" to pay something they have been convinced is due. As far as I know that only allows a direct debit, and a direct debit can always be reversed. So either the victims are getting really bad advice and not getting the DD reversed and their money back, or the fraudster is particularly stupid. The email is quite specific, and says the other trick is to ask the victim to get "I tune"[sic] vouchers and read the number, but that again makes no sense as this is someone claiming to be from an official body which nobody would be stupid enough to think could be paid in iTunes vouchers. What they are saying here really makes no sense. I suspect the fraudster is smarter than they are saying and the police are recording the details totally wrongly.
I hope they catch the fraudster, but in this case there is nothing we can do to assist further - as the calls are not through us or from one of our customers.
These are the people we want to give access to details of every web site visited by every person in the UK. Seriously?