One of our clients is a small private school. For the past month, the school has been getting calls meant for other schools in the general area (within 20 miles or so) We have been able to get limited information from the caller like what number did they dial. They are definitely not dialing our client's DIDs. It seems that they are dialing a number that they found on an internet search, and the call is then forwarded to one of the DIDs at the school. We are seeing matching CDR records for our PBX and our carrier's CDR billing reports, so it does not look like a SIP hack. It seems that the number is forwarded for just a few minutes to our school, then goes dead, or rings busy, no longer forwarded to our client. The pattern here is that the caller obtained the number from an internet search of a school in the area. These are real people calling, as we have been able to call them back and verify. The callers who reached our client are as bewildered as we are. I am sure this is some sort of scam -- but I can't figure out what it is. Are the scammers recording the lines and seeing if they hear financial information? Seems like a longshot, but that is the only thing I can think of. I know there is little that can be done to prevent a call being forwarded to you upstream of the carrier, but would love to hear anyone's thoughts about this.
I?ve been seeing a similar issue in the past week or so with a pest control business we provide services for? they?re getting calls that were meant to be for other pest control businesses. It?s starting to look like it?s related to TNs seen in web searches? and in call cases, the TNs are not those of the primary business? but a Google number (owned by BW). It seems like maybe Google is having an issue? From: VoiceOps <voiceops-bounces at voiceops.org> On Behalf Of LICT VoiceOps via VoiceOps Sent: Thursday, November 11, 2021 11:02 AM To: VoiceOps <voiceops at voiceops.org> Subject: [VoiceOps] Can't Figure This Scam Out One of our clients is a small private school. For the past month, the school has been getting calls meant for other schools in the general area (within 20 miles or so) We have been able to get limited information from the caller like what number did they dial. They are definitely not dialing our client's DIDs. It seems that they are dialing a number that they found on an internet search, and the call is then forwarded to one of the DIDs at the school. We are seeing matching CDR records for our PBX and our carrier's CDR billing reports, so it does not look like a SIP hack. It seems that the number is forwarded for just a few minutes to our school, then goes dead, or rings busy, no longer forwarded to our client. The pattern here is that the caller obtained the number from an internet search of a school in the area. These are real people calling, as we have been able to call them back and verify. The callers who reached our client are as bewildered as we are. I am sure this is some sort of scam -- but I can't figure out what it is. Are the scammers recording the lines and seeing if they hear financial information? Seems like a longshot, but that is the only thing I can think of. I know there is little that can be done to prevent a call being forwarded to you upstream of the carrier, but would love to hear anyone's thoughts about this.
Pest control and locksmith services are very ripe for fraud, and in fact are often sold/advertised in a pretty sleazy way. Schools are confusing, unless they're trying to capture something to do with for-pay private schools. On Thu, Nov 11, 2021 at 9:35 AM Mark Wiles <mwiles at akabis.com> wrote:
I?ve been seeing a similar issue in the past week or so with a pest control business we provide services for? they?re getting calls that were meant to be for other pest control businesses.
It?s starting to look like it?s related to TNs seen in web searches? and in call cases, the TNs are not those of the primary business? but a Google number (owned by BW).
It seems like maybe Google is having an issue?
*From:* VoiceOps <voiceops-bounces at voiceops.org> *On Behalf Of *LICT VoiceOps via VoiceOps *Sent:* Thursday, November 11, 2021 11:02 AM *To:* VoiceOps <voiceops at voiceops.org> *Subject:* [VoiceOps] Can't Figure This Scam Out
One of our clients is a small private school.
For the past month, the school has been getting calls meant for other schools in the general area (within 20 miles or so)
We have been able to get limited information from the caller like what number did they dial. They are definitely not dialing our client's DIDs.
It seems that they are dialing a number that they found on an internet search, and the call is then forwarded to one of the DIDs at the school.
We are seeing matching CDR records for our PBX and our carrier's CDR billing reports, so it does not look like a SIP hack.
It seems that the number is forwarded for just a few minutes to our school, then goes dead, or rings busy, no longer forwarded to our client.
The pattern here is that the caller obtained the number from an internet search of a school in the area. These are real people calling, as we have been able to call them back and verify. The callers who reached our client are as bewildered as we are.
I am sure this is some sort of scam -- but I can't figure out what it is. Are the scammers recording the lines and seeing if they hear financial information? Seems like a longshot, but that is the only thing I can think of.
I know there is little that can be done to prevent a call being forwarded to you upstream of the carrier, but would love to hear anyone's thoughts about this.
_______________________________________________ VoiceOps mailing list VoiceOps at voiceops.org https://puck.nether.net/mailman/listinfo/voiceops
One of my co-workers is more so on the school side of our business? and she ran into something similar in the past? I still lean towards Google or BW. From: VoiceOps <voiceops-bounces at voiceops.org> On Behalf Of Carlos Alvarez Sent: Thursday, November 11, 2021 11:39 AM To: VoiceOps <voiceops at voiceops.org> Subject: Re: [VoiceOps] Can't Figure This Scam Out Pest control and locksmith services are very ripe for fraud, and in fact are often sold/advertised in a pretty sleazy way. Schools are confusing, unless they're trying to capture something to do with for-pay private schools. On Thu, Nov 11, 2021 at 9:35 AM Mark Wiles <mwiles at akabis.com<mailto:mwiles at akabis.com>> wrote: I?ve been seeing a similar issue in the past week or so with a pest control business we provide services for? they?re getting calls that were meant to be for other pest control businesses. It?s starting to look like it?s related to TNs seen in web searches? and in call cases, the TNs are not those of the primary business? but a Google number (owned by BW). It seems like maybe Google is having an issue? From: VoiceOps <voiceops-bounces at voiceops.org<mailto:voiceops-bounces at voiceops.org>> On Behalf Of LICT VoiceOps via VoiceOps Sent: Thursday, November 11, 2021 11:02 AM To: VoiceOps <voiceops at voiceops.org<mailto:voiceops at voiceops.org>> Subject: [VoiceOps] Can't Figure This Scam Out One of our clients is a small private school. For the past month, the school has been getting calls meant for other schools in the general area (within 20 miles or so) We have been able to get limited information from the caller like what number did they dial. They are definitely not dialing our client's DIDs. It seems that they are dialing a number that they found on an internet search, and the call is then forwarded to one of the DIDs at the school. We are seeing matching CDR records for our PBX and our carrier's CDR billing reports, so it does not look like a SIP hack. It seems that the number is forwarded for just a few minutes to our school, then goes dead, or rings busy, no longer forwarded to our client. The pattern here is that the caller obtained the number from an internet search of a school in the area. These are real people calling, as we have been able to call them back and verify. The callers who reached our client are as bewildered as we are. I am sure this is some sort of scam -- but I can't figure out what it is. Are the scammers recording the lines and seeing if they hear financial information? Seems like a longshot, but that is the only thing I can think of. I know there is little that can be done to prevent a call being forwarded to you upstream of the carrier, but would love to hear anyone's thoughts about this. _______________________________________________ VoiceOps mailing list VoiceOps at voiceops.org<mailto:VoiceOps at voiceops.org> https://puck.nether.net/mailman/listinfo/voiceops<https://linkprotect.cudasvc.com/url?a=https%3a%2f%2fpuck.nether.net%2fmailman%2flistinfo%2fvoiceops&c=E,1,juZe4gK4TdlhGyqljNX3Zl9QjmiFQKVxXGINfsliNKhohPKmPChLTzZ19XXwWc6akUY94AJhwAEmchY1kPmjHpRO1uRgDvtPM40gc40BhKAM3HwBHQ,,&typo=1>
It's likely being done as a way to track searches.? I was involved in a company (that shall remain unnamed) that did something very similar.? They provision a DID that's forwarded to the "real" number, and display that in the search results so they can track that a search resulted in a call.? It's data gathering. On 11/11/2021 8:50 AM, Mark Wiles wrote:
One of my co-workers is more so on the school side of our business? and she ran into something similar in the past? I still lean towards Google or BW.
*From:* VoiceOps <voiceops-bounces at voiceops.org> *On Behalf Of *Carlos Alvarez *Sent:* Thursday, November 11, 2021 11:39 AM *To:* VoiceOps <voiceops at voiceops.org> *Subject:* Re: [VoiceOps] Can't Figure This Scam Out
Pest control and locksmith services are very ripe for fraud, and in fact are often sold/advertised in a pretty sleazy way.? Schools are confusing, unless they're trying to capture something to do with for-pay private schools.
On Thu, Nov 11, 2021 at 9:35 AM Mark Wiles <mwiles at akabis.com> wrote:
I?ve been seeing a similar issue in the past week or so with a pest control business we provide services for? they?re getting calls that were meant to be for other pest control businesses.
It?s starting to look like it?s related to TNs seen in web searches? and in call cases, the TNs are not those of the primary business? but a Google number (owned by BW).
It seems like maybe Google is having an issue?
*From:* VoiceOps <voiceops-bounces at voiceops.org> *On Behalf Of *LICT VoiceOps via VoiceOps *Sent:* Thursday, November 11, 2021 11:02 AM *To:* VoiceOps <voiceops at voiceops.org> *Subject:* [VoiceOps] Can't Figure This Scam Out
One of our clients is a small private school.
For the past month, the school has been getting calls meant for other schools in the general area (within 20 miles or so)
We have been able to get limited information from the caller like what?number did they dial. They are definitely not dialing our client's DIDs.
It seems that they are dialing a number that they found on an internet search, and the call is then forwarded to one of the DIDs at the school.
We are seeing matching CDR records for our PBX and our carrier's CDR billing reports, so it does not look like a SIP hack.
It seems that the number is forwarded for just a few minutes to our school, then goes dead, or rings busy, no longer forwarded to our client.
The pattern here is that the caller obtained the number from an internet search of a school in the area. These are real people calling, as we have been able to call them back and verify. The callers who reached our client are as bewildered as we are.
I am sure this is some sort of scam -- but I can't figure out what it is. Are the scammers recording the lines and seeing if they hear financial information? Seems like a longshot, but that is the only thing I can think of.
I know there is little that can be done to prevent a call being forwarded to you upstream of the carrier, but would love to hear anyone's thoughts about this.
_______________________________________________ VoiceOps mailing list VoiceOps at voiceops.org https://puck.nether.net/mailman/listinfo/voiceops <https://linkprotect.cudasvc.com/url?a=https%3a%2f%2fpuck.nether.net%2fmailma...>
_______________________________________________ VoiceOps mailing list VoiceOps at voiceops.org https://puck.nether.net/mailman/listinfo/voiceops
Perhaps it has to do with a Google Assistant feature, such as "hold for me," or "make an appointment for me." I would think they would simply make a call directly from the device used, but they could be using a temporary virtual TN for some reason. On Thu, Nov 11, 2021, 12:02 PM Mark Wiles <mwiles at akabis.com> wrote:
One of my co-workers is more so on the school side of our business? and she ran into something similar in the past? I still lean towards Google or BW.
*From:* VoiceOps <voiceops-bounces at voiceops.org> *On Behalf Of *Carlos Alvarez *Sent:* Thursday, November 11, 2021 11:39 AM *To:* VoiceOps <voiceops at voiceops.org> *Subject:* Re: [VoiceOps] Can't Figure This Scam Out
Pest control and locksmith services are very ripe for fraud, and in fact are often sold/advertised in a pretty sleazy way. Schools are confusing, unless they're trying to capture something to do with for-pay private schools.
On Thu, Nov 11, 2021 at 9:35 AM Mark Wiles <mwiles at akabis.com> wrote:
I?ve been seeing a similar issue in the past week or so with a pest control business we provide services for? they?re getting calls that were meant to be for other pest control businesses.
It?s starting to look like it?s related to TNs seen in web searches? and in call cases, the TNs are not those of the primary business? but a Google number (owned by BW).
It seems like maybe Google is having an issue?
*From:* VoiceOps <voiceops-bounces at voiceops.org> *On Behalf Of *LICT VoiceOps via VoiceOps *Sent:* Thursday, November 11, 2021 11:02 AM *To:* VoiceOps <voiceops at voiceops.org> *Subject:* [VoiceOps] Can't Figure This Scam Out
One of our clients is a small private school.
For the past month, the school has been getting calls meant for other schools in the general area (within 20 miles or so)
We have been able to get limited information from the caller like what number did they dial. They are definitely not dialing our client's DIDs.
It seems that they are dialing a number that they found on an internet search, and the call is then forwarded to one of the DIDs at the school.
We are seeing matching CDR records for our PBX and our carrier's CDR billing reports, so it does not look like a SIP hack.
It seems that the number is forwarded for just a few minutes to our school, then goes dead, or rings busy, no longer forwarded to our client.
The pattern here is that the caller obtained the number from an internet search of a school in the area. These are real people calling, as we have been able to call them back and verify. The callers who reached our client are as bewildered as we are.
I am sure this is some sort of scam -- but I can't figure out what it is. Are the scammers recording the lines and seeing if they hear financial information? Seems like a longshot, but that is the only thing I can think of.
I know there is little that can be done to prevent a call being forwarded to you upstream of the carrier, but would love to hear anyone's thoughts about this.
_______________________________________________ VoiceOps mailing list VoiceOps at voiceops.org https://puck.nether.net/mailman/listinfo/voiceops <https://linkprotect.cudasvc.com/url?a=https%3a%2f%2fpuck.nether.net%2fmailma...>
_______________________________________________ VoiceOps mailing list VoiceOps at voiceops.org https://puck.nether.net/mailman/listinfo/voiceops
Doubtful. I'm pretty sure the Google "wait on hold for me" feature is local to the device. Plus the feature is activated after the call is already placed. It would be a nightmare if every call you placed from your cell phone allocated a random virtual TIN to make the call. Plus this client doesn't really put callers on hold. It answers, asks the user to press 1 or 2 depending on what they want, and then immediately rings through to someone. Even if none of that were true, calling the number the patient claims they called ends up routing to us for a while...I couldn't imagine Google would allocate a virtual TIN and then leave it active for hours or days before reusing it to forward to another completely different client. -A On Thu, Nov 11, 2021 at 9:37 AM Mike <craigslist4md at gmail.com> wrote:
Perhaps it has to do with a Google Assistant feature, such as "hold for me," or "make an appointment for me."
I would think they would simply make a call directly from the device used, but they could be using a temporary virtual TN for some reason.
On Thu, Nov 11, 2021, 12:02 PM Mark Wiles <mwiles at akabis.com> wrote:
One of my co-workers is more so on the school side of our business? and she ran into something similar in the past? I still lean towards Google or BW.
*From:* VoiceOps <voiceops-bounces at voiceops.org> *On Behalf Of *Carlos Alvarez *Sent:* Thursday, November 11, 2021 11:39 AM *To:* VoiceOps <voiceops at voiceops.org> *Subject:* Re: [VoiceOps] Can't Figure This Scam Out
Pest control and locksmith services are very ripe for fraud, and in fact are often sold/advertised in a pretty sleazy way. Schools are confusing, unless they're trying to capture something to do with for-pay private schools.
On Thu, Nov 11, 2021 at 9:35 AM Mark Wiles <mwiles at akabis.com> wrote:
I?ve been seeing a similar issue in the past week or so with a pest control business we provide services for? they?re getting calls that were meant to be for other pest control businesses.
It?s starting to look like it?s related to TNs seen in web searches? and in call cases, the TNs are not those of the primary business? but a Google number (owned by BW).
It seems like maybe Google is having an issue?
*From:* VoiceOps <voiceops-bounces at voiceops.org> *On Behalf Of *LICT VoiceOps via VoiceOps *Sent:* Thursday, November 11, 2021 11:02 AM *To:* VoiceOps <voiceops at voiceops.org> *Subject:* [VoiceOps] Can't Figure This Scam Out
One of our clients is a small private school.
For the past month, the school has been getting calls meant for other schools in the general area (within 20 miles or so)
We have been able to get limited information from the caller like what number did they dial. They are definitely not dialing our client's DIDs.
It seems that they are dialing a number that they found on an internet search, and the call is then forwarded to one of the DIDs at the school.
We are seeing matching CDR records for our PBX and our carrier's CDR billing reports, so it does not look like a SIP hack.
It seems that the number is forwarded for just a few minutes to our school, then goes dead, or rings busy, no longer forwarded to our client.
The pattern here is that the caller obtained the number from an internet search of a school in the area. These are real people calling, as we have been able to call them back and verify. The callers who reached our client are as bewildered as we are.
I am sure this is some sort of scam -- but I can't figure out what it is. Are the scammers recording the lines and seeing if they hear financial information? Seems like a longshot, but that is the only thing I can think of.
I know there is little that can be done to prevent a call being forwarded to you upstream of the carrier, but would love to hear anyone's thoughts about this.
_______________________________________________ VoiceOps mailing list VoiceOps at voiceops.org https://puck.nether.net/mailman/listinfo/voiceops <https://linkprotect.cudasvc.com/url?a=https%3a%2f%2fpuck.nether.net%2fmailma...>
_______________________________________________ VoiceOps mailing list VoiceOps at voiceops.org https://puck.nether.net/mailman/listinfo/voiceops
_______________________________________________ VoiceOps mailing list VoiceOps at voiceops.org https://puck.nether.net/mailman/listinfo/voiceops
Wild guesses... ID theft? They give up their private info and that of the child, and it's recorded. Have you tried calling those numbers yourself, then see what happens? And if you do get dropped, call it again. Thought...that they either intercept the call and redirect it, or that on the "call back because we got disconnected" they redirect the call. On Thu, Nov 11, 2021 at 9:13 AM LICT VoiceOps via VoiceOps < voiceops at voiceops.org> wrote:
One of our clients is a small private school.
For the past month, the school has been getting calls meant for other schools in the general area (within 20 miles or so)
We have been able to get limited information from the caller like what number did they dial. They are definitely not dialing our client's DIDs.
It seems that they are dialing a number that they found on an internet search, and the call is then forwarded to one of the DIDs at the school.
We are seeing matching CDR records for our PBX and our carrier's CDR billing reports, so it does not look like a SIP hack.
It seems that the number is forwarded for just a few minutes to our school, then goes dead, or rings busy, no longer forwarded to our client.
The pattern here is that the caller obtained the number from an internet search of a school in the area. These are real people calling, as we have been able to call them back and verify. The callers who reached our client are as bewildered as we are.
I am sure this is some sort of scam -- but I can't figure out what it is. Are the scammers recording the lines and seeing if they hear financial information? Seems like a longshot, but that is the only thing I can think of.
I know there is little that can be done to prevent a call being forwarded to you upstream of the carrier, but would love to hear anyone's thoughts about this.
_______________________________________________ VoiceOps mailing list VoiceOps at voiceops.org https://puck.nether.net/mailman/listinfo/voiceops
I've been seeing something similar targeted at a healthcare client over the last few months. Same exact situation where patients are calling some random number that isn't in our systems, but it gets forwarded to our systems for a few minutes/hours. Because this particular client has 30+ locations, we started noticing it when calls were being misrouted to other locations. (i.e. patient calling Houston office gets routed incorrectly to the San Francisco office) We initially suspected a 3rd-party marketing service that was issuing semi-temporary numbers to use in Facebook ad campaigns, but a decent amount of numbers didn't line up. I also arrived at the possibility of this being used to monitor the calls for credit cards, social security numbers, or other private information. I'm still gathering data from end-users to try and track it down. -A On Thu, Nov 11, 2021 at 8:13 AM LICT VoiceOps via VoiceOps < voiceops at voiceops.org> wrote:
One of our clients is a small private school.
For the past month, the school has been getting calls meant for other schools in the general area (within 20 miles or so)
We have been able to get limited information from the caller like what number did they dial. They are definitely not dialing our client's DIDs.
It seems that they are dialing a number that they found on an internet search, and the call is then forwarded to one of the DIDs at the school.
We are seeing matching CDR records for our PBX and our carrier's CDR billing reports, so it does not look like a SIP hack.
It seems that the number is forwarded for just a few minutes to our school, then goes dead, or rings busy, no longer forwarded to our client.
The pattern here is that the caller obtained the number from an internet search of a school in the area. These are real people calling, as we have been able to call them back and verify. The callers who reached our client are as bewildered as we are.
I am sure this is some sort of scam -- but I can't figure out what it is. Are the scammers recording the lines and seeing if they hear financial information? Seems like a longshot, but that is the only thing I can think of.
I know there is little that can be done to prevent a call being forwarded to you upstream of the carrier, but would love to hear anyone's thoughts about this.
_______________________________________________ VoiceOps mailing list VoiceOps at voiceops.org https://puck.nether.net/mailman/listinfo/voiceops
On 11/11/21 08:01, LICT VoiceOps via VoiceOps wrote:
One of our clients is a small private school.
For the past month, the school has been getting calls meant for other schools in the general area (within 20 miles or so)
We have been able to get limited information from the caller like what?number did they dial. They are definitely not dialing our client's DIDs.
It seems that they are dialing a number that they found on an internet search, and the call is then forwarded to one of the DIDs at the school.
I've run into something similar, but the forwarded number was static, not dynamic. In other words, the number from the search always forwarded to our client. It turned out to be cruft left over from a test marketing scheme from someone selling a "Yellow Pages" service. They create a new number, publish it only in search results and sometimes an actual phone book (ask your grandparents), then count the calls that go through. The advertising company then pitches the client on buying advertising based on "You'd be missing all of these calls...." In our case the marketing program had ended long ago, the number was re-purposed for advertising an unrelated business, but the forwarding never got switched. Our client kept getting mystery phone calls for an unrelated business where the caller dialed a very different number from our client's main number. It took a while to figure it out. In this case, the original forwarding/trial period had been done long ago with our client's knowledge and permission, but the campaign had ended a couple of years before and was forgotten. Your situation may be similar, but without permission. Scammy advertising company publishes a number that returns for searches on "Schools". It goes to an Asterisk or similar box that randomly or round-robin forwards calls to various area schools. Scammy company logs completed calls and durations, then pitches the schools with the most calls that last longer than "Sorry, wrong number" on their service. "Your competitors are getting all of this business...." The scheme doesn't have to be limited to schools. Plumbers, electricians, etc. could also be targets. Call the actual dialed/forwarded number a few times, you'll probably find that your school is in the rotation. When you get a call that goes through to you, leave call up for a few minutes. Repeat several times and see who calls pitching advertising. -- Jay Hennigan - jay at west.net Network Engineering - CCIE #7880 503 897-8550 - WB6RDV
participants (7)
-
aaron@heyaaron.com -
brooks@firestormnetworks.net -
caalvarez@gmail.com -
craigslist4md@gmail.com -
jay@west.net -
mwiles@akabis.com -
voiceops@lict.com